werdiagcontroller.dll
Description: WER Diagnostic Controller
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.3996
Architecture: 64-bit
Operating System: Windows NT
SHA256: f33592546395f2f56b1677b0c3168d5b
File Size: 46.0 KB
Uploaded At: Dec. 1, 2025, 7:42 a.m.
Views: 4
Exported Functions
- QueryOriginalBucket (Ordinal: 1, Address: 0x2110)
- StartAppRecorder (Ordinal: 2, Address: 0x2270)
- StartFDR (Ordinal: 3, Address: 0x3060)
Imported DLLs & Functions
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180007130)
- SetUnhandledExceptionFilter (Address: 0x180007128)
- UnhandledExceptionFilter (Address: 0x180007138)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x180007150)
- DeleteFileW (Address: 0x180007158)
- GetTempFileNameW (Address: 0x180007148)
api-ms-win-core-file-l1-2-0.dll
- GetTempPathW (Address: 0x180007168)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180007178)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x180007188)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleFileNameA (Address: 0x1800071a0)
- GetModuleFileNameW (Address: 0x180007198)
api-ms-win-core-memory-l1-1-0.dll
- ReadProcessMemory (Address: 0x1800071b0)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessW (Address: 0x1800071e0)
- GetCurrentProcess (Address: 0x1800071d0)
- GetCurrentProcessId (Address: 0x1800071e8)
- GetCurrentThreadId (Address: 0x1800071c0)
- GetProcessId (Address: 0x1800071c8)
- TerminateProcess (Address: 0x1800071d8)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1800071f8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180007208)
- RtlLookupFunctionEntry (Address: 0x180007210)
- RtlVirtualUnwind (Address: 0x180007218)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180007228)
- CreateEventW (Address: 0x180007250)
- OpenEventW (Address: 0x180007240)
- ReleaseSRWLockExclusive (Address: 0x180007248)
- SetEvent (Address: 0x180007230)
- WaitForSingleObject (Address: 0x180007238)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180007260)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemDirectoryW (Address: 0x180007280)
- GetSystemTimeAsFileTime (Address: 0x180007270)
- GetTickCount (Address: 0x180007278)
api-ms-win-core-windowserrorreporting-l1-1-0.dll
- WerRegisterFile (Address: 0x180007290)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x1800072b0)
- GetTraceEnableLevel (Address: 0x1800072b8)
- GetTraceLoggerHandle (Address: 0x1800072c0)
- RegisterTraceGuidsW (Address: 0x1800072a0)
- TraceEvent (Address: 0x1800072a8)
api-ms-win-eventing-controller-l1-1-0.dll
- StartTraceW (Address: 0x1800072d0)
api-ms-win-eventing-legacy-l1-1-0.dll
- EnableTrace (Address: 0x1800072e0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x1800072f8)
- EventRegister (Address: 0x1800072f0)
- EventSetInformation (Address: 0x180007300)
- EventUnregister (Address: 0x180007308)
- EventWriteTransfer (Address: 0x180007310)
msvcrt.dll
- __C_specific_handler (Address: 0x180007388)
- _amsg_exit (Address: 0x180007380)
- _initterm (Address: 0x180007328)
- _vsnwprintf (Address: 0x180007370)
- _wcsicmp (Address: 0x180007338)
- _wcsnicmp (Address: 0x180007358)
- _wtoi (Address: 0x180007320)
- _XcptFilter (Address: 0x180007348)
- free (Address: 0x180007368)
- isspace (Address: 0x180007350)
- malloc (Address: 0x180007360)
- memcpy (Address: 0x180007378)
- memmove (Address: 0x180007330)
- memset (Address: 0x180007398)
- toupper (Address: 0x180007390)
- wcschr (Address: 0x180007340)
ntdll.dll
- DbgPrintEx (Address: 0x180007490)
- EtwEventWriteNoRegistration (Address: 0x180007460)
- LdrDisableThreadCalloutsForDll (Address: 0x180007498)
- LdrGetDllHandle (Address: 0x1800073d8)
- LdrGetProcedureAddress (Address: 0x1800073e8)
- NtAlpcConnectPort (Address: 0x180007410)
- NtAlpcSendWaitReceivePort (Address: 0x1800073a8)
- NtClose (Address: 0x180007480)
- NtDelayExecution (Address: 0x1800073d0)
- NtDeleteFile (Address: 0x180007488)
- NtDeleteKey (Address: 0x1800073c8)
- NtDeleteValueKey (Address: 0x1800073f0)
- NtOpenEvent (Address: 0x180007438)
- NtOpenKey (Address: 0x180007418)
- NtQueryInformationProcess (Address: 0x180007430)
- NtQuerySystemInformation (Address: 0x180007448)
- NtQueryValueKey (Address: 0x180007420)
- NtSetValueKey (Address: 0x180007428)
- NtWaitForSingleObject (Address: 0x180007440)
- RtlAllocateAndInitializeSid (Address: 0x1800074a0)
- RtlAllocateHeap (Address: 0x1800073f8)
- RtlCreateUserThread (Address: 0x1800073c0)
- RtlDosPathNameToNtPathName_U (Address: 0x180007408)
- RtlFormatCurrentUserKeyPath (Address: 0x180007478)
- RtlFreeHeap (Address: 0x1800073b0)
- RtlFreeSid (Address: 0x1800073b8)
- RtlFreeUnicodeString (Address: 0x180007470)
- RtlGUIDFromString (Address: 0x180007400)
- RtlInitAnsiString (Address: 0x1800073e0)
- RtlInitUnicodeString (Address: 0x180007468)
- ZwQueryWnfStateNameInformation (Address: 0x180007450)
- ZwUpdateWnfStateData (Address: 0x180007458)