winsrvext.dll

Description: Multi-User Windows Server Extension DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 265c54edc632e9a284ec05ea4a5eb22b

File Size: 101.0 KB

Uploaded At: Dec. 1, 2025, 7:44 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • UserServerDllInitializationExt (Ordinal: 1, Address: 0x1370)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x1800136d8)
api-ms-win-core-com-l1-1-0.dll
  • CoTaskMemFree (Address: 0x1800136e8)
api-ms-win-core-debug-l1-1-0.dll
  • IsDebuggerPresent (Address: 0x1800136f8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180013708)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180013718)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180013728)
  • SetLastError (Address: 0x180013738)
  • SetUnhandledExceptionFilter (Address: 0x180013730)
  • UnhandledExceptionFilter (Address: 0x180013740)
api-ms-win-core-file-l1-1-0.dll
  • GetLogicalDrives (Address: 0x180013758)
  • ReadFile (Address: 0x180013750)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180013768)
api-ms-win-core-heap-l2-1-0.dll
  • LocalFree (Address: 0x180013778)
api-ms-win-core-io-l1-1-0.dll
  • GetOverlappedResult (Address: 0x180013788)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • GetComputerNameW (Address: 0x180013798)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x1800137c8)
  • FreeLibrary (Address: 0x1800137a8)
  • GetModuleHandleW (Address: 0x1800137b0)
  • GetProcAddress (Address: 0x1800137b8)
  • LoadLibraryExW (Address: 0x1800137c0)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x180013800)
  • GetCurrentProcessId (Address: 0x1800137f0)
  • GetCurrentThread (Address: 0x1800137f8)
  • GetCurrentThreadId (Address: 0x180013808)
  • GetExitCodeProcess (Address: 0x1800137e0)
  • GetExitCodeThread (Address: 0x1800137e8)
  • GetThreadId (Address: 0x180013810)
  • TerminateProcess (Address: 0x1800137d8)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x180013820)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180013830)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x180013840)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180013858)
  • RegGetValueW (Address: 0x180013860)
  • RegLoadAppKeyW (Address: 0x180013850)
  • RegOpenKeyExW (Address: 0x180013868)
api-ms-win-core-synch-l1-1-0.dll
  • CreateEventW (Address: 0x180013880)
  • OpenMutexW (Address: 0x180013888)
  • WaitForMultipleObjectsEx (Address: 0x180013878)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemDirectoryW (Address: 0x1800138a8)
  • GetSystemTimeAsFileTime (Address: 0x1800138a0)
  • GetTickCount (Address: 0x180013898)
api-ms-win-core-timezone-private-l1-1-0.dll
  • SetClientDynamicTimeZoneInformation (Address: 0x1800138b8)
  • SetClientTimeZoneInformation (Address: 0x1800138c0)
api-ms-win-core-windowserrorreporting-l1-1-0.dll
  • GetApplicationRestartSettings (Address: 0x1800138d0)
api-ms-win-devices-swdevice-l1-1-0.dll
  • SwDeviceClose (Address: 0x1800138e8)
  • SwDeviceCreate (Address: 0x1800138e0)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180013900)
  • EventSetInformation (Address: 0x1800138f8)
  • EventUnregister (Address: 0x180013908)
  • EventWrite (Address: 0x180013918)
  • EventWriteTransfer (Address: 0x180013910)
api-ms-win-security-base-l1-1-0.dll
  • CheckTokenMembership (Address: 0x180013928)
BASESRV.dll
  • BaseGetProcessCrtlRoutine (Address: 0x180013308)
  • BaseSetProcessCreateNotify (Address: 0x1800132f8)
  • BaseSrvNlsLogon (Address: 0x180013300)
  • BaseSrvNlsUpdateRegistryCache (Address: 0x180013310)
CSRSRV.dll
  • CsrAddStaticServerThread (Address: 0x180013378)
  • CsrConnectToUser (Address: 0x180013398)
  • CsrDereferenceProcess (Address: 0x180013338)
  • CsrDereferenceThread (Address: 0x1800133a0)
  • CsrExecServerThread (Address: 0x1800133a8)
  • CsrGetProcessLuid (Address: 0x180013370)
  • CsrImpersonateClient (Address: 0x180013388)
  • CsrLockedReferenceProcess (Address: 0x180013330)
  • CsrLockProcessByClientId (Address: 0x180013350)
  • CsrLockThreadByClientId (Address: 0x180013360)
  • CsrQueryApiPort (Address: 0x180013380)
  • CsrReferenceThread (Address: 0x180013348)
  • CsrReplyToMessage (Address: 0x180013320)
  • CsrRevertToSelf (Address: 0x180013390)
  • CsrShutdownProcesses (Address: 0x180013368)
  • CsrUnlockProcess (Address: 0x180013340)
  • CsrUnlockThread (Address: 0x180013358)
  • CsrValidateMessageBuffer (Address: 0x180013328)
GDI32.dll
  • CreateCompatibleDC (Address: 0x1800133d0)
  • CreateSolidBrush (Address: 0x1800133f0)
  • DeleteDC (Address: 0x1800133b8)
  • DeleteObject (Address: 0x180013408)
  • GdiAddFontResourceW (Address: 0x180013400)
  • GdiAddInitialFonts (Address: 0x1800133f8)
  • GdiSupportsFontChangeEvent (Address: 0x180013410)
  • GdiTransparentBlt (Address: 0x1800133c0)
  • GetLayout (Address: 0x1800133e8)
  • GetObjectW (Address: 0x1800133d8)
  • SelectObject (Address: 0x1800133c8)
  • SetLayout (Address: 0x1800133e0)
KERNELBASE.dll
  • GetApplicationUserModelId (Address: 0x180013440)
  • LocalAlloc (Address: 0x180013448)
  • LocalReAlloc (Address: 0x180013438)
  • lstrcmpiW (Address: 0x180013420)
  • Sleep (Address: 0x180013428)
  • WTSGetServiceSessionId (Address: 0x180013430)
ntdll.dll
  • _strnicmp (Address: 0x180013960)
  • _vsnwprintf (Address: 0x180013c40)
  • _wtoi (Address: 0x180013c48)
  • AlpcGetMessageAttribute (Address: 0x180013be8)
  • AlpcInitializeMessageAttribute (Address: 0x180013a60)
  • DbgUiIssueRemoteBreakin (Address: 0x180013c08)
  • EtwEventEnabled (Address: 0x180013b38)
  • EtwEventRegister (Address: 0x180013c38)
  • EtwEventUnregister (Address: 0x180013bb8)
  • EtwEventWrite (Address: 0x180013b30)
  • EtwEventWriteNoRegistration (Address: 0x180013c60)
  • EvtIntReportEventAndSourceAsync (Address: 0x180013c28)
  • LdrFlushAlternateResourceModules (Address: 0x180013c18)
  • memcpy (Address: 0x180013bc0)
  • memmove (Address: 0x180013a90)
  • memset (Address: 0x180013ca8)
  • NtAlertThread (Address: 0x180013a78)
  • NtAlpcAcceptConnectPort (Address: 0x180013a20)
  • NtAlpcCancelMessage (Address: 0x180013a10)
  • NtAlpcConnectPort (Address: 0x180013a00)
  • NtAlpcCreatePort (Address: 0x180013a80)
  • NtAlpcOpenSenderProcess (Address: 0x180013a08)
  • NtAlpcSendWaitReceivePort (Address: 0x180013a58)
  • NtClearEvent (Address: 0x180013968)
  • NtClose (Address: 0x180013ba8)
  • NtCreateEvent (Address: 0x180013b90)
  • NtCreateKey (Address: 0x180013b48)
  • NtDeleteValueKey (Address: 0x180013978)
  • NtDeviceIoControlFile (Address: 0x1800139b8)
  • NtDuplicateObject (Address: 0x1800139c0)
  • NtDuplicateToken (Address: 0x180013bd0)
  • NtEnumerateKey (Address: 0x180013ac0)
  • NtEnumerateValueKey (Address: 0x180013998)
  • NtNotifyChangeKey (Address: 0x180013b18)
  • NtOpenEvent (Address: 0x1800139a8)
  • NtOpenKey (Address: 0x180013b80)
  • NtOpenProcess (Address: 0x1800139d8)
  • NtOpenProcessToken (Address: 0x180013bd8)
  • NtOpenSymbolicLinkObject (Address: 0x180013a70)
  • NtOpenThread (Address: 0x180013a18)
  • NtOpenThreadToken (Address: 0x1800139e8)
  • NtPowerInformation (Address: 0x180013c10)
  • NtQueryInformationProcess (Address: 0x180013b10)
  • NtQueryInformationToken (Address: 0x180013948)
  • NtQuerySymbolicLinkObject (Address: 0x180013a50)
  • NtQuerySystemInformation (Address: 0x180013bf0)
  • NtQueryValueKey (Address: 0x180013b28)
  • NtReadVirtualMemory (Address: 0x1800139f0)
  • NtResetEvent (Address: 0x180013aa8)
  • NtResumeThread (Address: 0x180013b70)
  • NtSetEvent (Address: 0x180013c00)
  • NtSetInformationThread (Address: 0x180013ab8)
  • NtSetSystemInformation (Address: 0x180013b20)
  • NtSetValueKey (Address: 0x180013be0)
  • NtTerminateProcess (Address: 0x180013c30)
  • NtTerminateThread (Address: 0x180013a88)
  • NtWaitForMultipleObjects (Address: 0x180013ab0)
  • NtWaitForSingleObject (Address: 0x180013a98)
  • PssNtCaptureSnapshot (Address: 0x180013c58)
  • PssNtFreeSnapshot (Address: 0x180013c78)
  • qsort (Address: 0x180013a28)
  • RtlAddAccessAllowedAce (Address: 0x180013ae0)
  • RtlAllocateAndInitializeSid (Address: 0x180013af8)
  • RtlAnsiStringToUnicodeString (Address: 0x1800139c8)
  • RtlAppendUnicodeToString (Address: 0x180013b50)
  • RtlCaptureContext (Address: 0x180013c80)
  • RtlCopySid (Address: 0x180013970)
  • RtlCopyUnicodeString (Address: 0x180013b58)
  • RtlCreateAcl (Address: 0x180013ae8)
  • RtlCreateSecurityDescriptor (Address: 0x180013ad8)
  • RtlCreateUnicodeString (Address: 0x180013990)
  • RtlCreateUserThread (Address: 0x180013b78)
  • RtlDeleteCriticalSection (Address: 0x180013bb0)
  • RtlDeriveCapabilitySidsFromName (Address: 0x180013a68)
  • RtlEnterCriticalSection (Address: 0x180013b98)
  • RtlEqualUnicodeString (Address: 0x180013a30)
  • RtlExitUserThread (Address: 0x180013aa0)
  • RtlFindMessage (Address: 0x180013938)
  • RtlFormatCurrentUserKeyPath (Address: 0x180013b60)
  • RtlFreeAnsiString (Address: 0x1800139b0)
  • RtlFreeHeap (Address: 0x180013950)
  • RtlFreeSid (Address: 0x180013ac8)
  • RtlFreeUnicodeString (Address: 0x180013b40)
  • RtlGetNtProductType (Address: 0x180013c98)
  • RtlInitializeCriticalSection (Address: 0x180013ba0)
  • RtlInitUnicodeString (Address: 0x180013b88)
  • RtlLeaveCriticalSection (Address: 0x180013b68)
  • RtlLengthSid (Address: 0x180013af0)
  • RtlLookupFunctionEntry (Address: 0x180013c88)
  • RtlNtStatusToDosError (Address: 0x180013bc8)
  • RtlOpenCurrentUser (Address: 0x180013c20)
  • RtlQueryPackageClaims (Address: 0x180013bf8)
  • RtlRegisterThreadWithCsrss (Address: 0x180013a38)
  • RtlRunOnceExecuteOnce (Address: 0x180013ca0)
  • RtlSetDaclSecurityDescriptor (Address: 0x180013ad0)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x180013b08)
  • RtlUnicodeStringToAnsiString (Address: 0x1800139e0)
  • RtlUnicodeStringToInteger (Address: 0x1800139d0)
  • RtlUnsubscribeWnfStateChangeNotification (Address: 0x180013b00)
  • RtlUpcaseUnicodeChar (Address: 0x180013988)
  • RtlVerifyVersionInfo (Address: 0x180013a40)
  • RtlVirtualUnwind (Address: 0x180013c90)
  • strstr (Address: 0x180013c50)
  • towlower (Address: 0x180013980)
  • VerSetConditionMask (Address: 0x1800139a0)
  • wcscpy_s (Address: 0x180013a48)
  • wcsncmp (Address: 0x1800139f8)
  • wcsrchr (Address: 0x180013940)
  • WinSqmAddToStream (Address: 0x180013958)
  • ZwQueryWnfStateNameInformation (Address: 0x180013c70)
  • ZwUpdateWnfStateData (Address: 0x180013c68)
USER32.dll
  • (Address: 0x180013510)
  • (Address: 0x180013550)
  • (Address: 0x180013630)
  • BeginPaint (Address: 0x180013470)
  • BroadcastSystemMessageW (Address: 0x1800136c8)
  • CallMsgFilterW (Address: 0x1800135f8)
  • ChangeWindowMessageFilterEx (Address: 0x180013558)
  • CheckWindowThreadDesktop (Address: 0x1800134b8)
  • CreateDialogParamW (Address: 0x1800135d8)
  • CtxInitUser32 (Address: 0x180013518)
  • DestroyIcon (Address: 0x1800134b0)
  • DestroyWindow (Address: 0x1800135d0)
  • DispatchMessageW (Address: 0x1800135e8)
  • DrawEdge (Address: 0x180013480)
  • DrawIcon (Address: 0x180013478)
  • EndPaint (Address: 0x180013498)
  • EnumThreadWindows (Address: 0x180013650)
  • EnumWindows (Address: 0x180013538)
  • FillRect (Address: 0x180013488)
  • GetClassLongW (Address: 0x180013660)
  • GetClassNameW (Address: 0x180013668)
  • GetClientRect (Address: 0x180013560)
  • GetDC (Address: 0x1800134a0)
  • GetDlgItem (Address: 0x1800135b8)
  • GetGUIThreadInfo (Address: 0x180013540)
  • GetReasonTitleFromReasonCode (Address: 0x1800134c8)
  • GetSysColor (Address: 0x180013570)
  • GetSystemMetrics (Address: 0x1800136a8)
  • GetTaskmanWindow (Address: 0x1800134d8)
  • GetThreadDesktop (Address: 0x1800135a0)
  • GetUserObjectInformationW (Address: 0x180013598)
  • GetWindow (Address: 0x180013688)
  • GetWindowLongPtrW (Address: 0x180013468)
  • GetWindowLongW (Address: 0x180013528)
  • GetWindowRect (Address: 0x180013568)
  • GetWindowTextLengthW (Address: 0x1800134d0)
  • GetWindowTextW (Address: 0x180013680)
  • GetWindowThreadProcessId (Address: 0x1800136a0)
  • GhostWindowFromHungWindow (Address: 0x180013640)
  • HungWindowFromGhostWindow (Address: 0x1800134c0)
  • InflateRect (Address: 0x180013588)
  • InternalGetWindowIcon (Address: 0x180013678)
  • InvalidateRect (Address: 0x180013590)
  • IsDialogMessageW (Address: 0x180013600)
  • IsHungAppWindow (Address: 0x180013638)
  • IsInDesktopWindowBand (Address: 0x180013658)
  • IsWindow (Address: 0x1800135e0)
  • IsWindowEnabled (Address: 0x180013690)
  • IsWindowVisible (Address: 0x180013648)
  • KillTimer (Address: 0x180013530)
  • LoadBitmapW (Address: 0x180013490)
  • LoadIconW (Address: 0x180013670)
  • MapWindowPoints (Address: 0x180013578)
  • MB_GetString (Address: 0x1800134f0)
  • MessageBoxTimeoutW (Address: 0x180013500)
  • MsgWaitForMultipleObjects (Address: 0x180013610)
  • OffsetRect (Address: 0x180013580)
  • PeekMessageW (Address: 0x180013608)
  • PostMessageW (Address: 0x180013620)
  • PostThreadMessageW (Address: 0x180013508)
  • RecordShutdownReason (Address: 0x180013698)
  • RegisterWindowMessageW (Address: 0x1800136c0)
  • ReleaseDC (Address: 0x1800134a8)
  • SendInput (Address: 0x180013548)
  • SendMessageCallbackW (Address: 0x180013618)
  • SendMessageTimeoutW (Address: 0x1800134e8)
  • SendMessageW (Address: 0x1800135b0)
  • SendNotifyMessageW (Address: 0x1800136b8)
  • SetDlgItemTextW (Address: 0x1800135c8)
  • SetFocus (Address: 0x1800135a8)
  • SetForegroundWindow (Address: 0x180013628)
  • SetTimer (Address: 0x1800135c0)
  • SetWindowLongPtrW (Address: 0x180013458)
  • SetWindowPos (Address: 0x1800134e0)
  • SetWindowTextW (Address: 0x180013460)
  • ShutdownBlockReasonQuery (Address: 0x180013520)
  • SoftModalMessageBox (Address: 0x1800134f8)
  • SystemParametersInfoW (Address: 0x1800136b0)
  • TranslateMessage (Address: 0x1800135f0)
win32u.dll
  • gDispatchTableValues (Address: 0x180013d20)
  • NtUserAutoRotateScreen (Address: 0x180013ce8)
  • NtUserCallNoParam (Address: 0x180013d10)
  • NtUserCallOneParam (Address: 0x180013cd8)
  • NtUserCallTwoParam (Address: 0x180013cd0)
  • NtUserCtxDisplayIOCtl (Address: 0x180013cf8)
  • NtUserHardErrorControl (Address: 0x180013d40)
  • NtUserInitialize (Address: 0x180013d30)
  • NtUserNotifyProcessCreate (Address: 0x180013d38)
  • NtUserProcessConnect (Address: 0x180013d18)
  • NtUserQueryInformationThread (Address: 0x180013d08)
  • NtUserQueryWindow (Address: 0x180013d00)
  • NtUserRemoteConnect (Address: 0x180013ce0)
  • NtUserRemoteRedrawRectangle (Address: 0x180013cc0)
  • NtUserRemoteRedrawScreen (Address: 0x180013cb8)
  • NtUserRemoteStopScreenUpdates (Address: 0x180013cc8)
  • NtUserSetInformationThread (Address: 0x180013d28)
  • NtUserSetSensorPresence (Address: 0x180013cf0)