wiaservc.dll

Description: Still Image Devices Service

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: c2483ea717b6817045680c18fb99924b

File Size: 764.0 KB

Uploaded At: Dec. 1, 2025, 7:42 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0x15890)
  • DllRegisterServer (Ordinal: 2, Address: 0x2ca10)
  • DllUnregisterServer (Ordinal: 3, Address: 0x2ca30)
  • wiasCreateChildAppItem (Ordinal: 4, Address: 0x3bc70)
  • wiasCreateDrvItem (Ordinal: 5, Address: 0x33f00)
  • wiasCreateLogInstance (Ordinal: 6, Address: 0x341d0)
  • wiasCreatePropContext (Ordinal: 7, Address: 0x342f0)
  • wiasDebugError (Ordinal: 8, Address: 0x34570)
  • wiasDebugTrace (Ordinal: 9, Address: 0x34760)
  • wiasDownSampleBuffer (Ordinal: 10, Address: 0x34950)
  • wiasFormatArgs (Ordinal: 11, Address: 0x34c80)
  • wiasFreePropContext (Ordinal: 12, Address: 0x34e10)
  • wiasGetChangedValueFloat (Ordinal: 13, Address: 0x34ef0)
  • wiasGetChangedValueGuid (Ordinal: 14, Address: 0x350b0)
  • wiasGetChangedValueLong (Ordinal: 15, Address: 0x35270)
  • wiasGetChangedValueStr (Ordinal: 16, Address: 0x35430)
  • wiasGetChildrenContexts (Ordinal: 17, Address: 0x355f0)
  • wiasGetContextFromName (Ordinal: 18, Address: 0x35a70)
  • wiasGetDrvItem (Ordinal: 19, Address: 0x35cc0)
  • wiasGetImageInformation (Ordinal: 20, Address: 0x35e30)
  • wiasGetItemType (Ordinal: 21, Address: 0x36030)
  • wiasGetPropertyAttributes (Ordinal: 22, Address: 0x36160)
  • wiasGetRootItem (Ordinal: 23, Address: 0x36300)
  • wiasIsPropChanged (Ordinal: 24, Address: 0x363f0)
  • wiasParseEndorserString (Ordinal: 25, Address: 0x36580)
  • wiasPrintDebugHResult (Ordinal: 26, Address: 0x36c60)
  • wiasQueueEvent (Ordinal: 27, Address: 0x30700)
  • wiasReadMultiple (Ordinal: 28, Address: 0x36cd0)
  • wiasReadPropBin (Ordinal: 29, Address: 0x36ec0)
  • wiasReadPropFloat (Ordinal: 30, Address: 0x37130)
  • wiasReadPropGuid (Ordinal: 31, Address: 0x37310)
  • wiasReadPropLong (Ordinal: 32, Address: 0x37520)
  • wiasReadPropStr (Ordinal: 33, Address: 0x37700)
  • wiasSendEndOfPage (Ordinal: 34, Address: 0x379d0)
  • wiasSetItemPropAttribs (Ordinal: 35, Address: 0x37b00)
  • wiasSetItemPropNames (Ordinal: 36, Address: 0x37d40)
  • wiasSetPropChanged (Ordinal: 37, Address: 0x37ed0)
  • wiasSetPropertyAttributes (Ordinal: 38, Address: 0x38030)
  • wiasSetValidFlag (Ordinal: 39, Address: 0x38360)
  • wiasSetValidListFloat (Ordinal: 40, Address: 0x38540)
  • wiasSetValidListGuid (Ordinal: 41, Address: 0x387a0)
  • wiasSetValidListLong (Ordinal: 42, Address: 0x38a10)
  • wiasSetValidListStr (Ordinal: 43, Address: 0x38c70)
  • wiasSetValidRangeFloat (Ordinal: 44, Address: 0x38fd0)
  • wiasSetValidRangeLong (Ordinal: 45, Address: 0x391d0)
  • wiasUpdateScanRect (Ordinal: 46, Address: 0x39470)
  • wiasUpdateValidFormat (Ordinal: 47, Address: 0x39650)
  • wiasValidateItemProperties (Ordinal: 48, Address: 0x39bd0)
  • wiasWriteBufToFile (Ordinal: 49, Address: 0x39f60)
  • wiasWriteMultiple (Ordinal: 50, Address: 0x3a0f0)
  • wiasWritePageBufToFile (Ordinal: 51, Address: 0x3a460)
  • wiasWritePageBufToStream (Ordinal: 52, Address: 0x3a610)
  • wiasWritePropBin (Ordinal: 53, Address: 0x3a7b0)
  • wiasWritePropFloat (Ordinal: 54, Address: 0x3aae0)
  • wiasWritePropGuid (Ordinal: 55, Address: 0x3adb0)
  • wiasWritePropLong (Ordinal: 56, Address: 0x3b0f0)
  • wiasWritePropStr (Ordinal: 57, Address: 0x3b3b0)

Imported DLLs & Functions

ADVAPI32.dll
  • AccessCheck (Address: 0x180084618)
  • AddAccessAllowedAce (Address: 0x180084758)
  • AddAce (Address: 0x1800846f8)
  • AllocateAndInitializeSid (Address: 0x180084728)
  • CloseServiceHandle (Address: 0x1800846a0)
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180084748)
  • CopySid (Address: 0x180084658)
  • CreatePrivateObjectSecurity (Address: 0x180084650)
  • DestroyPrivateObjectSecurity (Address: 0x180084640)
  • EventRegister (Address: 0x180084698)
  • EventSetInformation (Address: 0x180084688)
  • EventUnregister (Address: 0x180084678)
  • EventWriteTransfer (Address: 0x1800846b0)
  • FreeSid (Address: 0x180084730)
  • GetAce (Address: 0x180084628)
  • GetAclInformation (Address: 0x180084610)
  • GetKernelObjectSecurity (Address: 0x180084708)
  • GetLengthSid (Address: 0x180084750)
  • GetSecurityDescriptorDacl (Address: 0x180084608)
  • GetSidLengthRequired (Address: 0x180084648)
  • GetSidSubAuthority (Address: 0x180084638)
  • GetSidSubAuthorityCount (Address: 0x180084630)
  • GetTokenInformation (Address: 0x180084600)
  • InitializeAcl (Address: 0x180084740)
  • InitializeSecurityDescriptor (Address: 0x180084738)
  • InitializeSid (Address: 0x180084660)
  • LookupAccountSidW (Address: 0x1800845f8)
  • OpenProcessToken (Address: 0x180084700)
  • OpenSCManagerW (Address: 0x180084690)
  • OpenServiceW (Address: 0x180084670)
  • OpenThreadToken (Address: 0x1800845d0)
  • QueryServiceStatus (Address: 0x1800846a8)
  • RegCloseKey (Address: 0x1800846f0)
  • RegCreateKeyExA (Address: 0x1800845d8)
  • RegCreateKeyExW (Address: 0x1800846d8)
  • RegDeleteKeyExW (Address: 0x180084780)
  • RegDeleteKeyW (Address: 0x1800846e0)
  • RegDeleteValueW (Address: 0x180084788)
  • RegEnumKeyExW (Address: 0x1800846d0)
  • RegGetValueW (Address: 0x180084768)
  • RegisterServiceCtrlHandlerExW (Address: 0x180084770)
  • RegOpenKeyExA (Address: 0x1800845e0)
  • RegOpenKeyExW (Address: 0x1800846c0)
  • RegOpenKeyW (Address: 0x180084760)
  • RegQueryInfoKeyW (Address: 0x1800846e8)
  • RegQueryValueExA (Address: 0x1800845e8)
  • RegQueryValueExW (Address: 0x1800846b8)
  • RegQueryValueW (Address: 0x1800845f0)
  • RegSetValueExW (Address: 0x1800846c8)
  • SetKernelObjectSecurity (Address: 0x180084710)
  • SetSecurityDescriptorDacl (Address: 0x180084720)
  • SetSecurityDescriptorGroup (Address: 0x180084718)
  • SetSecurityDescriptorOwner (Address: 0x180084620)
  • SetSecurityDescriptorSacl (Address: 0x180084668)
  • SetServiceStatus (Address: 0x180084778)
  • StartServiceW (Address: 0x180084680)
KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x180084988)
  • AcquireSRWLockShared (Address: 0x180084968)
  • ClearCommError (Address: 0x1800848c0)
  • CloseHandle (Address: 0x1800847a0)
  • CloseThreadpoolTimer (Address: 0x180084990)
  • CompareStringW (Address: 0x180084a50)
  • CreateDirectoryW (Address: 0x180084b20)
  • CreateEventW (Address: 0x1800849d8)
  • CreateFileMappingW (Address: 0x180084930)
  • CreateFileW (Address: 0x180084aa0)
  • CreateMutexExW (Address: 0x1800847b8)
  • CreateMutexW (Address: 0x180084af8)
  • CreateSemaphoreExW (Address: 0x180084a48)
  • CreateThread (Address: 0x180084aa8)
  • CreateThreadpoolTimer (Address: 0x180084970)
  • DebugBreak (Address: 0x1800847e0)
  • DeleteCriticalSection (Address: 0x1800847c0)
  • DeleteFileW (Address: 0x180084940)
  • DisableThreadLibraryCalls (Address: 0x1800849b0)
  • DuplicateHandle (Address: 0x180084a80)
  • EnterCriticalSection (Address: 0x180084a28)
  • EscapeCommFunction (Address: 0x1800848c8)
  • ExpandEnvironmentStringsW (Address: 0x180084b18)
  • FlushFileBuffers (Address: 0x1800848d8)
  • FormatMessageA (Address: 0x180084ad8)
  • FormatMessageW (Address: 0x1800849c8)
  • FreeLibrary (Address: 0x180084800)
  • GetCurrentProcess (Address: 0x180084898)
  • GetCurrentProcessId (Address: 0x1800847c8)
  • GetCurrentThread (Address: 0x180084960)
  • GetCurrentThreadId (Address: 0x1800849f0)
  • GetDateFormatW (Address: 0x1800848e0)
  • GetFileInformationByHandle (Address: 0x1800848e8)
  • GetFileSize (Address: 0x180084908)
  • GetFileType (Address: 0x180084918)
  • GetLastError (Address: 0x1800849c0)
  • GetLocalTime (Address: 0x180084860)
  • GetModuleFileNameA (Address: 0x180084a58)
  • GetModuleFileNameW (Address: 0x1800848f0)
  • GetModuleHandleA (Address: 0x180084ae8)
  • GetModuleHandleExW (Address: 0x180084a18)
  • GetModuleHandleW (Address: 0x1800847d8)
  • GetProcAddress (Address: 0x1800847b0)
  • GetProcessHeap (Address: 0x1800847d0)
  • GetSystemDirectoryA (Address: 0x180084ae0)
  • GetSystemDirectoryW (Address: 0x1800847f8)
  • GetSystemInfo (Address: 0x180084ab8)
  • GetSystemTime (Address: 0x180084830)
  • GetSystemTimeAsFileTime (Address: 0x1800848b0)
  • GetTempFileNameW (Address: 0x180084938)
  • GetTempPathW (Address: 0x180084950)
  • GetThreadId (Address: 0x180084a98)
  • GetTickCount (Address: 0x1800847e8)
  • HeapAlloc (Address: 0x1800847a8)
  • HeapFree (Address: 0x180084a40)
  • InitializeCriticalSection (Address: 0x180084a00)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180084a10)
  • InitializeCriticalSectionEx (Address: 0x1800849a8)
  • InitOnceBeginInitialize (Address: 0x180084a88)
  • InitOnceComplete (Address: 0x180084a70)
  • IsDebuggerPresent (Address: 0x1800847f0)
  • LeaveCriticalSection (Address: 0x180084a08)
  • LoadLibraryExA (Address: 0x180084b00)
  • LoadLibraryExW (Address: 0x180084808)
  • LocalAlloc (Address: 0x180084818)
  • LocalFree (Address: 0x180084820)
  • lstrcmpA (Address: 0x180084af0)
  • lstrcmpiW (Address: 0x180084838)
  • lstrcmpW (Address: 0x180084840)
  • lstrlenA (Address: 0x180084850)
  • lstrlenW (Address: 0x180084810)
  • MapViewOfFileEx (Address: 0x180084928)
  • MulDiv (Address: 0x180084868)
  • MultiByteToWideChar (Address: 0x180084858)
  • OpenProcess (Address: 0x180084958)
  • OpenSemaphoreW (Address: 0x180084798)
  • OutputDebugStringW (Address: 0x1800849b8)
  • PowerClearRequest (Address: 0x180084a68)
  • PowerCreateRequest (Address: 0x180084a78)
  • PowerSetRequest (Address: 0x180084a90)
  • PurgeComm (Address: 0x1800848d0)
  • QueryPerformanceCounter (Address: 0x1800848a8)
  • RaiseException (Address: 0x180084ac8)
  • ReadFile (Address: 0x180084900)
  • ReleaseMutex (Address: 0x1800849e8)
  • ReleaseSemaphore (Address: 0x180084a20)
  • ReleaseSRWLockExclusive (Address: 0x180084998)
  • ReleaseSRWLockShared (Address: 0x180084978)
  • RemoveDirectoryW (Address: 0x180084b08)
  • ResetEvent (Address: 0x180084a30)
  • RtlCaptureContext (Address: 0x180084870)
  • RtlLookupFunctionEntry (Address: 0x180084878)
  • RtlVirtualUnwind (Address: 0x180084880)
  • SetCommMask (Address: 0x1800848b8)
  • SetEndOfFile (Address: 0x180084910)
  • SetEvent (Address: 0x180084b10)
  • SetFilePointer (Address: 0x180084920)
  • SetLastError (Address: 0x180084a38)
  • SetProcessMitigationPolicy (Address: 0x1800849e0)
  • SetThreadpoolTimer (Address: 0x180084980)
  • SetUnhandledExceptionFilter (Address: 0x180084890)
  • Sleep (Address: 0x1800849d0)
  • SystemTimeToFileTime (Address: 0x180084828)
  • TerminateProcess (Address: 0x1800848a0)
  • UnhandledExceptionFilter (Address: 0x180084888)
  • UnmapViewOfFile (Address: 0x180084948)
  • VirtualProtect (Address: 0x180084ad0)
  • VirtualQuery (Address: 0x180084ab0)
  • WaitForMultipleObjects (Address: 0x180084ac0)
  • WaitForSingleObject (Address: 0x1800849f8)
  • WaitForSingleObjectEx (Address: 0x180084a60)
  • WaitForThreadpoolTimerCallbacks (Address: 0x1800849a0)
  • WideCharToMultiByte (Address: 0x1800848f8)
  • WriteFile (Address: 0x180084848)
msvcrt.dll
  • __C_specific_handler (Address: 0x180084cd8)
  • __CxxFrameHandler3 (Address: 0x180084d28)
  • __dllonexit (Address: 0x180084d08)
  • __RTDynamicCast (Address: 0x180084d78)
  • _amsg_exit (Address: 0x180084ce8)
  • _callnewh (Address: 0x180084d60)
  • _initterm (Address: 0x180084cf0)
  • _lock (Address: 0x180084da0)
  • _onexit (Address: 0x180084d68)
  • _purecall (Address: 0x180084d50)
  • _splitpath_s (Address: 0x180084db0)
  • _unlock (Address: 0x180084d00)
  • _vscwprintf (Address: 0x180084d10)
  • _vsnprintf (Address: 0x180084d70)
  • _vsnwprintf (Address: 0x180084d30)
  • _wcsicmp (Address: 0x180084cd0)
  • _wsplitpath_s (Address: 0x180084d38)
  • _XcptFilter (Address: 0x180084d98)
  • ??1type_info@@UEAA@XZ (Address: 0x180084d18)
  • free (Address: 0x180084cf8)
  • malloc (Address: 0x180084ce0)
  • memcmp (Address: 0x180084d80)
  • memcpy (Address: 0x180084d88)
  • memcpy_s (Address: 0x180084da8)
  • memmove (Address: 0x180084d90)
  • memmove_s (Address: 0x180084d40)
  • memset (Address: 0x180084d20)
  • wcschr (Address: 0x180084d58)
  • wcscmp (Address: 0x180084db8)
  • wcsstr (Address: 0x180084d48)
ole32.dll
  • CLSIDFromString (Address: 0x180084e38)
  • CoCreateInstance (Address: 0x180084e60)
  • CoDisconnectObject (Address: 0x180084e18)
  • CoGetCallContext (Address: 0x180084dc8)
  • CoImpersonateClient (Address: 0x180084e08)
  • CoInitializeEx (Address: 0x180084e68)
  • CoInitializeSecurity (Address: 0x180084e58)
  • CoRegisterClassObject (Address: 0x180084df8)
  • CoResumeClassObjects (Address: 0x180084e78)
  • CoRevertToSelf (Address: 0x180084de8)
  • CoRevokeClassObject (Address: 0x180084df0)
  • CoSuspendClassObjects (Address: 0x180084e10)
  • CoTaskMemAlloc (Address: 0x180084e28)
  • CoTaskMemFree (Address: 0x180084e40)
  • CoUninitialize (Address: 0x180084e70)
  • CreateStreamOnHGlobal (Address: 0x180084dd0)
  • FreePropVariantArray (Address: 0x180084e00)
  • PropVariantClear (Address: 0x180084e30)
  • PropVariantCopy (Address: 0x180084e20)
  • StgCreatePropStg (Address: 0x180084dd8)
  • StgOpenPropStg (Address: 0x180084de0)
  • StringFromCLSID (Address: 0x180084e50)
  • StringFromGUID2 (Address: 0x180084e48)
OLEAUT32.dll
  • BSTR_UserFree (Address: 0x180084b30)
  • BSTR_UserFree64 (Address: 0x180084b50)
  • BSTR_UserMarshal (Address: 0x180084b48)
  • BSTR_UserMarshal64 (Address: 0x180084b60)
  • BSTR_UserSize (Address: 0x180084b78)
  • BSTR_UserSize64 (Address: 0x180084b58)
  • BSTR_UserUnmarshal (Address: 0x180084b40)
  • BSTR_UserUnmarshal64 (Address: 0x180084b38)
  • SysAllocString (Address: 0x180084b80)
  • SysFreeString (Address: 0x180084b68)
  • SysStringLen (Address: 0x180084b70)
RPCRT4.dll
  • Ndr64AsyncServerCallAll (Address: 0x180084bc0)
  • NdrAsyncServerCall (Address: 0x180084b90)
  • NdrServerCall2 (Address: 0x180084bc8)
  • NdrServerCallAll (Address: 0x180084c18)
  • RpcAsyncAbortCall (Address: 0x180084c08)
  • RpcAsyncCompleteCall (Address: 0x180084be0)
  • RpcBindingInqAuthClientW (Address: 0x180084c00)
  • RpcBindingToStringBindingW (Address: 0x180084c38)
  • RpcImpersonateClient (Address: 0x180084b98)
  • RpcRevertToSelf (Address: 0x180084bf0)
  • RpcServerInqDefaultPrincNameW (Address: 0x180084c40)
  • RpcServerListen (Address: 0x180084ba8)
  • RpcServerRegisterAuthInfoW (Address: 0x180084ba0)
  • RpcServerRegisterIfEx (Address: 0x180084bb0)
  • RpcServerSubscribeForNotification (Address: 0x180084c20)
  • RpcServerTestCancel (Address: 0x180084be8)
  • RpcServerUnsubscribeForNotification (Address: 0x180084c28)
  • RpcServerUseProtseqEpW (Address: 0x180084c10)
  • RpcStringBindingParseW (Address: 0x180084bb8)
  • RpcStringFreeA (Address: 0x180084bd0)
  • RpcStringFreeW (Address: 0x180084c50)
  • UuidCreate (Address: 0x180084bd8)
  • UuidCreateNil (Address: 0x180084c30)
  • UuidToStringA (Address: 0x180084c48)
  • UuidToStringW (Address: 0x180084bf8)
USER32.dll
  • CharNextA (Address: 0x180084c68)
  • CharNextW (Address: 0x180084c70)
  • CharUpperA (Address: 0x180084c60)
  • IsWindow (Address: 0x180084c80)
  • PostMessageW (Address: 0x180084c78)
  • RegisterDeviceNotificationW (Address: 0x180084ca0)
  • RegisterPowerSettingNotification (Address: 0x180084c90)
  • UnregisterDeviceNotification (Address: 0x180084c98)
  • UnregisterPowerSettingNotification (Address: 0x180084c88)
VERSION.dll
  • GetFileVersionInfoSizeW (Address: 0x180084cc0)
  • GetFileVersionInfoW (Address: 0x180084cb8)
  • VerQueryValueW (Address: 0x180084cb0)