Windows.System.Diagnostics.dll

Description: Windows System Diagnostics DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 64-bit

Operating System: Windows NT

SHA256: ea370fd64bfd19382268e7b80d969fd3

File Size: 348.0 KB

Uploaded At: Dec. 1, 2025, 7:44 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x4f90)
  • DllGetActivationFactory (Ordinal: 2, Address: 0x5060)

Imported DLLs & Functions

api-ms-win-appmodel-runtime-l1-1-0.dll
  • GetApplicationUserModelId (Address: 0x180043b30)
  • GetPackageFamilyName (Address: 0x180043b18)
  • GetPackageFullName (Address: 0x180043b28)
  • PackageFamilyNameFromFullName (Address: 0x180043b20)
api-ms-win-appmodel-runtime-l1-1-1.dll
  • FormatApplicationUserModelId (Address: 0x180043b48)
  • ParseApplicationUserModelId (Address: 0x180043b40)
api-ms-win-core-biptcltapi-l1-1-7.dll
  • BiPtEnumerateWorkItemsForPackageNameEx (Address: 0x180043b60)
  • BiPtFreeMemory (Address: 0x180043b68)
  • BiPtQueryWorkItemEx (Address: 0x180043b58)
api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x180043bc0)
  • CoCreateInstance (Address: 0x180043b88)
  • CoGetApartmentType (Address: 0x180043b98)
  • CoGetCallContext (Address: 0x180043bb0)
  • CoGetCallerTID (Address: 0x180043b90)
  • CoGetInterfaceAndReleaseStream (Address: 0x180043b80)
  • CoIncrementMTAUsage (Address: 0x180043bd0)
  • CoMarshalInterface (Address: 0x180043b78)
  • CoReleaseMarshalData (Address: 0x180043ba8)
  • CoTaskMemAlloc (Address: 0x180043bc8)
  • CoTaskMemFree (Address: 0x180043ba0)
  • CreateStreamOnHGlobal (Address: 0x180043bb8)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x180043be0)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180043bf0)
  • IsDebuggerPresent (Address: 0x180043c00)
  • OutputDebugStringW (Address: 0x180043bf8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180043c10)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180043c20)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180043c48)
  • RaiseException (Address: 0x180043c30)
  • SetLastError (Address: 0x180043c50)
  • SetUnhandledExceptionFilter (Address: 0x180043c38)
  • UnhandledExceptionFilter (Address: 0x180043c40)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180043c60)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180043c80)
  • HeapAlloc (Address: 0x180043c70)
  • HeapFree (Address: 0x180043c78)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x180043c90)
  • LocalFree (Address: 0x180043c98)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x180043cb0)
  • InterlockedFlushSList (Address: 0x180043cb8)
  • InterlockedPushEntrySList (Address: 0x180043ca8)
api-ms-win-core-libraryloader-l1-2-0.dll
  • GetModuleFileNameA (Address: 0x180043cd8)
  • GetModuleHandleExW (Address: 0x180043cc8)
  • GetModuleHandleW (Address: 0x180043ce0)
  • GetProcAddress (Address: 0x180043cd0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180043cf0)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x180043d00)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x180043d28)
  • GetCurrentProcessId (Address: 0x180043d50)
  • GetCurrentThread (Address: 0x180043d18)
  • GetCurrentThreadId (Address: 0x180043d38)
  • GetProcessId (Address: 0x180043d20)
  • OpenProcessToken (Address: 0x180043d10)
  • OpenThreadToken (Address: 0x180043d58)
  • TerminateProcess (Address: 0x180043d30)
  • TlsAlloc (Address: 0x180043d48)
  • TlsFree (Address: 0x180043d40)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x180043d68)
  • OpenProcess (Address: 0x180043d70)
api-ms-win-core-processthreads-l1-1-2.dll
  • GetSystemTimes (Address: 0x180043d80)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180043d90)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x180043da0)
api-ms-win-core-psm-key-l1-1-0.dll
  • PsmGetApplicationNameFromKey (Address: 0x180043db0)
  • PsmGetPackageFullNameFromKey (Address: 0x180043db8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180043dc8)
  • RegEnumKeyExW (Address: 0x180043dd8)
  • RegGetValueW (Address: 0x180043de8)
  • RegOpenKeyExW (Address: 0x180043de0)
  • RegQueryInfoKeyW (Address: 0x180043dd0)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180043e00)
  • RtlLookupFunctionEntry (Address: 0x180043e08)
  • RtlVirtualUnwind (Address: 0x180043df8)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x180043e18)
  • MultiByteToWideChar (Address: 0x180043e20)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180043e78)
  • AcquireSRWLockShared (Address: 0x180043e60)
  • CreateEventExW (Address: 0x180043e38)
  • CreateMutexExW (Address: 0x180043e40)
  • CreateSemaphoreExW (Address: 0x180043e70)
  • InitializeSRWLock (Address: 0x180043e98)
  • OpenSemaphoreW (Address: 0x180043e48)
  • ReleaseMutex (Address: 0x180043e88)
  • ReleaseSemaphore (Address: 0x180043e90)
  • ReleaseSRWLockExclusive (Address: 0x180043e80)
  • ReleaseSRWLockShared (Address: 0x180043e68)
  • ResetEvent (Address: 0x180043e30)
  • SetEvent (Address: 0x180043ea0)
  • WaitForSingleObject (Address: 0x180043e58)
  • WaitForSingleObjectEx (Address: 0x180043e50)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceBeginInitialize (Address: 0x180043ec8)
  • InitOnceComplete (Address: 0x180043eb8)
  • InitOnceExecuteOnce (Address: 0x180043ec0)
  • Sleep (Address: 0x180043eb0)
  • WaitOnAddress (Address: 0x180043ed8)
  • WakeByAddressAll (Address: 0x180043ed0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x180043ef0)
  • GetTickCount (Address: 0x180043ee8)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x180043f08)
  • EncodePointer (Address: 0x180043f00)
api-ms-win-core-winrt-error-l1-1-0.dll
  • GetRestrictedErrorInfo (Address: 0x180043f28)
  • RoOriginateError (Address: 0x180043f18)
  • RoOriginateErrorW (Address: 0x180043f30)
  • RoTransformError (Address: 0x180043f38)
  • SetRestrictedErrorInfo (Address: 0x180043f20)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x180043f58)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x180043f50)
  • RoOriginateLanguageException (Address: 0x180043f48)
  • RoReportFailedDelegate (Address: 0x180043f60)
api-ms-win-core-winrt-l1-1-0.dll
  • RoGetActivationFactory (Address: 0x180043f80)
  • RoInitialize (Address: 0x180043f78)
  • RoUninitialize (Address: 0x180043f70)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCreateString (Address: 0x180043fa0)
  • WindowsCreateStringReference (Address: 0x180043fa8)
  • WindowsDeleteString (Address: 0x180043f98)
  • WindowsDeleteStringBuffer (Address: 0x180043fd0)
  • WindowsDuplicateString (Address: 0x180043f90)
  • WindowsGetStringRawBuffer (Address: 0x180043fb0)
  • WindowsIsStringEmpty (Address: 0x180043fc0)
  • WindowsPreallocateStringBuffer (Address: 0x180043fd8)
  • WindowsPromoteStringBuffer (Address: 0x180043fc8)
  • WindowsStringHasEmbeddedNull (Address: 0x180043fb8)
api-ms-win-crt-private-l1-1-0.dll
  • __C_specific_handler (Address: 0x180044058)
  • __CxxFrameHandler3 (Address: 0x180044060)
  • __CxxFrameHandler4 (Address: 0x1800440e0)
  • __std_terminate (Address: 0x1800440d8)
  • _CxxThrowException (Address: 0x180044068)
  • _o___std_exception_copy (Address: 0x180044098)
  • _o___std_exception_destroy (Address: 0x180044090)
  • _o___std_type_info_destroy_list (Address: 0x180044088)
  • _o___stdio_common_vsnprintf_s (Address: 0x1800440c0)
  • _o___stdio_common_vswprintf (Address: 0x1800440a0)
  • _o__callnewh (Address: 0x1800440b0)
  • _o__cexit (Address: 0x1800440a8)
  • _o__configure_narrow_argv (Address: 0x180044078)
  • _o__crt_atexit (Address: 0x180044070)
  • _o__errno (Address: 0x1800440c8)
  • _o__execute_onexit_table (Address: 0x1800440b8)
  • _o__initialize_narrow_environment (Address: 0x180043fe8)
  • _o__initialize_onexit_table (Address: 0x180043ff0)
  • _o__invalid_parameter_noinfo (Address: 0x180043ff8)
  • _o__invalid_parameter_noinfo_noreturn (Address: 0x180044000)
  • _o__purecall (Address: 0x180044008)
  • _o__register_onexit_function (Address: 0x180044010)
  • _o__seh_filter_dll (Address: 0x180044018)
  • _o__wcsicmp (Address: 0x1800440d0)
  • _o_free (Address: 0x180044028)
  • _o_iswspace (Address: 0x180044030)
  • _o_malloc (Address: 0x180044038)
  • _o_realloc (Address: 0x180044040)
  • _o_terminate (Address: 0x180044048)
  • _o_toupper (Address: 0x180044050)
  • memcpy (Address: 0x1800440e8)
  • memmove (Address: 0x180044020)
  • wcschr (Address: 0x180044080)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x180044100)
  • _initterm_e (Address: 0x1800440f8)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x180044110)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventActivityIdControl (Address: 0x180044130)
  • EventProviderEnabled (Address: 0x180044120)
  • EventRegister (Address: 0x180044138)
  • EventSetInformation (Address: 0x180044140)
  • EventUnregister (Address: 0x180044128)
  • EventWriteTransfer (Address: 0x180044148)
api-ms-win-security-accesshlpr-l1-1-0.dll
  • FreeTransientObjectSecurityDescriptor (Address: 0x180044158)
  • QueryTransientObjectSecurityDescriptor (Address: 0x180044160)
api-ms-win-security-base-l1-1-0.dll
  • CopySid (Address: 0x180044170)
  • CreateWellKnownSid (Address: 0x180044188)
  • DuplicateTokenEx (Address: 0x180044198)
  • GetLengthSid (Address: 0x180044180)
  • GetSidSubAuthority (Address: 0x1800441a0)
  • GetTokenInformation (Address: 0x180044190)
  • IsValidSid (Address: 0x180044178)
api-ms-win-security-capability-l1-1-0.dll
  • CapabilityCheck (Address: 0x1800441b0)
api-ms-win-shcore-taskpool-l1-1-0.dll
  • SHTaskPoolAllowThreadReuse (Address: 0x1800441c0)
  • SHTaskPoolQueueTask (Address: 0x1800441c8)
msvcp_win.dll
  • ?_Xbad_function_call@std@@YAXXZ (Address: 0x1800441e0)
  • ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x1800441d8)
ntdll.dll
  • NtQueryInformationJobObject (Address: 0x180044288)
  • NtQueryInformationToken (Address: 0x1800441f8)
  • NtQuerySecurityAttributesToken (Address: 0x180044268)
  • NtQuerySystemInformation (Address: 0x180044290)
  • NtQueryWnfStateData (Address: 0x180044240)
  • RtlAcquireSRWLockExclusive (Address: 0x180044298)
  • RtlAllocateHeap (Address: 0x180044230)
  • RtlCompareUnicodeString (Address: 0x180044260)
  • RtlCopySid (Address: 0x180044278)
  • RtlFreeHeap (Address: 0x1800441f0)
  • RtlInitializeSRWLock (Address: 0x1800442a8)
  • RtlInitUnicodeString (Address: 0x180044208)
  • RtlLengthSid (Address: 0x180044280)
  • RtlNtStatusToDosErrorNoTeb (Address: 0x180044200)
  • RtlRbInsertNodeEx (Address: 0x180044250)
  • RtlRbRemoveNode (Address: 0x180044238)
  • RtlReleaseSRWLockExclusive (Address: 0x1800442a0)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x180044258)
  • RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x180044210)
  • RtlValidSid (Address: 0x180044270)
  • TpAllocWork (Address: 0x180044248)
  • TpPostWork (Address: 0x180044228)
  • TpReleaseWork (Address: 0x180044218)
  • TpWaitForWork (Address: 0x180044220)
OLEAUT32.dll
  • SysFreeString (Address: 0x180043ac0)
  • SysStringLen (Address: 0x180043ac8)
RPCRT4.dll
  • I_RpcExceptionFilter (Address: 0x180043b08)
  • I_RpcMapWin32Status (Address: 0x180043b00)
  • NdrClientCall3 (Address: 0x180043ae8)
  • RpcBindingBind (Address: 0x180043ae0)
  • RpcBindingCreateW (Address: 0x180043ad8)
  • RpcBindingFree (Address: 0x180043af8)
  • RpcExceptionFilter (Address: 0x180043af0)