ProvProvider.dll
Description: DISM Provisioning Provider
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 64-bit
Operating System: Windows NT
SHA256: 2d3af1a4c4733d01c46ab82cb7e8ff03
File Size: 754.9 KB
Uploaded At: Dec. 1, 2025, 7:46 a.m.
Views: 6
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DLLGetDISMProviderCLSID (Ordinal: 1, Address: 0x49f0)
- DllCanUnloadNow (Ordinal: 2, Address: 0x4a20)
- DllGetClassObject (Ordinal: 3, Address: 0x4a60)
- DllRegisterServer (Ordinal: 4, Address: 0x4ba0)
- DllUnregisterServer (Ordinal: 5, Address: 0x4ca0)
Imported DLLs & Functions
ADVAPI32.dll
- AdjustTokenPrivileges (Address: 0x18008e4d0)
- CloseEncryptedFileRaw (Address: 0x18008e568)
- GetAclInformation (Address: 0x18008e510)
- GetSecurityDescriptorControl (Address: 0x18008e500)
- GetSecurityDescriptorDacl (Address: 0x18008e4f0)
- GetSecurityDescriptorGroup (Address: 0x18008e4e8)
- GetSecurityDescriptorLength (Address: 0x18008e508)
- GetSecurityDescriptorOwner (Address: 0x18008e4e0)
- GetSecurityDescriptorSacl (Address: 0x18008e4f8)
- GetSecurityInfo (Address: 0x18008e550)
- LookupPrivilegeValueW (Address: 0x18008e4c8)
- OpenEncryptedFileRawW (Address: 0x18008e558)
- OpenProcessToken (Address: 0x18008e4d8)
- ReadEncryptedFileRaw (Address: 0x18008e578)
- RegCloseKey (Address: 0x18008e518)
- RegCreateKeyExW (Address: 0x18008e538)
- RegGetValueW (Address: 0x18008e540)
- RegOpenKeyExW (Address: 0x18008e520)
- RegQueryInfoKeyW (Address: 0x18008e530)
- RegQueryValueExW (Address: 0x18008e528)
- RegSetValueExW (Address: 0x18008e548)
- RevertToSelf (Address: 0x18008e570)
- WriteEncryptedFileRaw (Address: 0x18008e560)
bcrypt.dll
- BCryptCloseAlgorithmProvider (Address: 0x18008ea68)
- BCryptCreateHash (Address: 0x18008ea78)
- BCryptDestroyHash (Address: 0x18008ea70)
- BCryptFinishHash (Address: 0x18008ea98)
- BCryptGetProperty (Address: 0x18008ea88)
- BCryptHashData (Address: 0x18008ea80)
- BCryptOpenAlgorithmProvider (Address: 0x18008ea90)
Cabinet.dll
- (Address: 0x18008e590)
- (Address: 0x18008e588)
- (Address: 0x18008e598)
KERNEL32.dll
- CloseHandle (Address: 0x18008e860)
- CompareStringW (Address: 0x18008e760)
- CopyFileExW (Address: 0x18008e868)
- CopyFileW (Address: 0x18008e5a8)
- CreateDirectoryW (Address: 0x18008e898)
- CreateEventW (Address: 0x18008e978)
- CreateFileMappingW (Address: 0x18008e680)
- CreateFileW (Address: 0x18008e830)
- CreateMutexExW (Address: 0x18008e930)
- CreateSemaphoreExW (Address: 0x18008e900)
- CreateThread (Address: 0x18008e8e0)
- DebugBreak (Address: 0x18008e938)
- DeleteCriticalSection (Address: 0x18008e6d8)
- DeleteFileW (Address: 0x18008e858)
- DeviceIoControl (Address: 0x18008e818)
- DisableThreadLibraryCalls (Address: 0x18008e6b0)
- DosDateTimeToFileTime (Address: 0x18008e7d0)
- DuplicateHandle (Address: 0x18008e970)
- EnterCriticalSection (Address: 0x18008e6e8)
- ExpandEnvironmentStringsW (Address: 0x18008e8c8)
- FindClose (Address: 0x18008e828)
- FindFirstFileW (Address: 0x18008e800)
- FindNextFileW (Address: 0x18008e810)
- FindResourceExW (Address: 0x18008e5c8)
- FlushFileBuffers (Address: 0x18008e870)
- FormatMessageW (Address: 0x18008e8d0)
- FreeLibrary (Address: 0x18008e890)
- GetCurrentDirectoryW (Address: 0x18008e888)
- GetCurrentProcess (Address: 0x18008e648)
- GetCurrentProcessId (Address: 0x18008e6c8)
- GetCurrentThread (Address: 0x18008e968)
- GetCurrentThreadId (Address: 0x18008e6d0)
- GetEnvironmentVariableW (Address: 0x18008e600)
- GetFileAttributesW (Address: 0x18008e838)
- GetFileInformationByHandle (Address: 0x18008e848)
- GetFileInformationByHandleEx (Address: 0x18008e7f8)
- GetFileSizeEx (Address: 0x18008e878)
- GetFinalPathNameByHandleW (Address: 0x18008e8b0)
- GetFullPathNameW (Address: 0x18008e8a0)
- GetHandleInformation (Address: 0x18008e700)
- GetLastError (Address: 0x18008e770)
- GetLongPathNameW (Address: 0x18008e8a8)
- GetModuleFileNameA (Address: 0x18008e8f8)
- GetModuleFileNameW (Address: 0x18008e6c0)
- GetModuleHandleExW (Address: 0x18008e910)
- GetModuleHandleW (Address: 0x18008e748)
- GetOverlappedResult (Address: 0x18008e718)
- GetPrivateProfileSectionW (Address: 0x18008e790)
- GetProcAddress (Address: 0x18008e758)
- GetProcessHeap (Address: 0x18008e5f0)
- GetSystemInfo (Address: 0x18008e6f8)
- GetSystemTimeAsFileTime (Address: 0x18008e660)
- GetTempPathW (Address: 0x18008e820)
- GetThreadLocale (Address: 0x18008e6a8)
- GetTickCount (Address: 0x18008e668)
- GetVersionExW (Address: 0x18008e690)
- GetVolumeInformationByHandleW (Address: 0x18008e7a0)
- GetVolumeInformationW (Address: 0x18008e730)
- GetVolumeNameForVolumeMountPointW (Address: 0x18008e8c0)
- GetVolumePathNamesForVolumeNameW (Address: 0x18008e7f0)
- GetVolumePathNameW (Address: 0x18008e8b8)
- HeapAlloc (Address: 0x18008e5e8)
- HeapDestroy (Address: 0x18008e5f8)
- HeapFree (Address: 0x18008e5e0)
- HeapReAlloc (Address: 0x18008e5d8)
- HeapSize (Address: 0x18008e5d0)
- InitializeCriticalSection (Address: 0x18008e6b8)
- InitializeCriticalSectionAndSpinCount (Address: 0x18008e738)
- IsDebuggerPresent (Address: 0x18008e940)
- LeaveCriticalSection (Address: 0x18008e6e0)
- LoadLibraryExW (Address: 0x18008e750)
- LoadLibraryW (Address: 0x18008e7e8)
- LoadResource (Address: 0x18008e5c0)
- LocalAlloc (Address: 0x18008e960)
- LocalFileTimeToFileTime (Address: 0x18008e7d8)
- LocalFree (Address: 0x18008e8f0)
- LockFileEx (Address: 0x18008e778)
- LockResource (Address: 0x18008e5b8)
- MapViewOfFile (Address: 0x18008e678)
- MultiByteToWideChar (Address: 0x18008e6f0)
- OpenProcess (Address: 0x18008e788)
- OpenSemaphoreW (Address: 0x18008e928)
- OutputDebugStringA (Address: 0x18008e768)
- OutputDebugStringW (Address: 0x18008e670)
- QueryPerformanceCounter (Address: 0x18008e658)
- RaiseException (Address: 0x18008e610)
- ReadFile (Address: 0x18008e948)
- ReleaseMutex (Address: 0x18008e918)
- ReleaseSemaphore (Address: 0x18008e908)
- RemoveDirectoryW (Address: 0x18008e958)
- ResetEvent (Address: 0x18008e8e8)
- RtlCaptureContext (Address: 0x18008e620)
- RtlLookupFunctionEntry (Address: 0x18008e628)
- RtlVirtualUnwind (Address: 0x18008e630)
- SearchPathW (Address: 0x18008e698)
- SetEndOfFile (Address: 0x18008e710)
- SetEvent (Address: 0x18008e8d8)
- SetFileAttributesW (Address: 0x18008e840)
- SetFileInformationByHandle (Address: 0x18008e850)
- SetFilePointer (Address: 0x18008e720)
- SetFilePointerEx (Address: 0x18008e708)
- SetFileTime (Address: 0x18008e7e0)
- SetLastError (Address: 0x18008e808)
- SetThreadIdealProcessor (Address: 0x18008e728)
- SetThreadLocale (Address: 0x18008e6a0)
- SetThreadUILanguage (Address: 0x18008e740)
- SetUnhandledExceptionFilter (Address: 0x18008e640)
- SizeofResource (Address: 0x18008e5b0)
- Sleep (Address: 0x18008e618)
- TerminateProcess (Address: 0x18008e650)
- TlsAlloc (Address: 0x18008e7a8)
- TlsFree (Address: 0x18008e7b0)
- TlsGetValue (Address: 0x18008e7b8)
- TlsSetValue (Address: 0x18008e7c0)
- UnhandledExceptionFilter (Address: 0x18008e638)
- UnlockFileEx (Address: 0x18008e780)
- UnmapViewOfFile (Address: 0x18008e688)
- WaitForMultipleObjects (Address: 0x18008e798)
- WaitForMultipleObjectsEx (Address: 0x18008e7c8)
- WaitForSingleObject (Address: 0x18008e880)
- WaitForSingleObjectEx (Address: 0x18008e920)
- WideCharToMultiByte (Address: 0x18008e608)
- WriteFile (Address: 0x18008e950)
msvcrt.dll
- __C_specific_handler (Address: 0x18008ec50)
- __CxxFrameHandler3 (Address: 0x18008ec78)
- __dllonexit (Address: 0x18008eb70)
- __RTDynamicCast (Address: 0x18008eb50)
- _amsg_exit (Address: 0x18008eba0)
- _callnewh (Address: 0x18008ebb8)
- _CxxThrowException (Address: 0x18008ebb0)
- _errno (Address: 0x18008eb60)
- _initterm (Address: 0x18008eb98)
- _lock (Address: 0x18008eb80)
- _onexit (Address: 0x18008eb68)
- _purecall (Address: 0x18008ebf8)
- _strnicmp (Address: 0x18008eaf8)
- _unlock (Address: 0x18008eb78)
- _vscwprintf (Address: 0x18008ec08)
- _vsnprintf_s (Address: 0x18008eb30)
- _vsnwprintf (Address: 0x18008eaa8)
- _vsnwprintf_s (Address: 0x18008ec58)
- _wcsicmp (Address: 0x18008eab0)
- _wcslwr (Address: 0x18008eaf0)
- _wcslwr_s (Address: 0x18008ebd0)
- _wcsnicmp (Address: 0x18008ead0)
- _wcsrev (Address: 0x18008eae8)
- _wcstoi64 (Address: 0x18008eb18)
- _wtoi (Address: 0x18008eb20)
- _XcptFilter (Address: 0x18008eba8)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18008ec20)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18008ebc0)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x18008ec40)
- ??0exception@@QEAA@XZ (Address: 0x18008ec10)
- ??1exception@@UEAA@XZ (Address: 0x18008ec28)
- ??1type_info@@UEAA@XZ (Address: 0x18008eb88)
- ?terminate@@YAXXZ (Address: 0x18008eb90)
- ?what@exception@@UEBAPEBDXZ (Address: 0x18008ec30)
- free (Address: 0x18008ec48)
- iswalpha (Address: 0x18008eb08)
- iswspace (Address: 0x18008eb38)
- malloc (Address: 0x18008ebd8)
- memcmp (Address: 0x18008eab8)
- memcpy (Address: 0x18008eac0)
- memcpy_s (Address: 0x18008ec38)
- memmove (Address: 0x18008eb58)
- memmove_s (Address: 0x18008ec18)
- memset (Address: 0x18008ec80)
- qsort (Address: 0x18008eae0)
- strcpy_s (Address: 0x18008ead8)
- strncpy_s (Address: 0x18008eb10)
- swscanf_s (Address: 0x18008eb48)
- towlower (Address: 0x18008eb40)
- towupper (Address: 0x18008eb28)
- vswprintf_s (Address: 0x18008ec00)
- wcscat_s (Address: 0x18008ebe8)
- wcschr (Address: 0x18008eac8)
- wcscpy_s (Address: 0x18008ebf0)
- wcsncmp (Address: 0x18008eb00)
- wcsncpy_s (Address: 0x18008ebe0)
- wcsrchr (Address: 0x18008ec70)
- wcsstr (Address: 0x18008ebc8)
- wcstok_s (Address: 0x18008ec68)
- wcstoul (Address: 0x18008ec60)
ntdll.dll
- DbgPrintEx (Address: 0x18008ed38)
- NtClose (Address: 0x18008ecb8)
- NtCreateFile (Address: 0x18008ecd8)
- NtOpenFile (Address: 0x18008eca8)
- NtQueryDirectoryFile (Address: 0x18008ecb0)
- NtQueryEaFile (Address: 0x18008ecd0)
- NtQueryInformationFile (Address: 0x18008ecc0)
- NtQueryInformationProcess (Address: 0x18008ecc8)
- NtSetEaFile (Address: 0x18008ece0)
- NtSetInformationFile (Address: 0x18008ed60)
- NtSetSecurityObject (Address: 0x18008ec98)
- NtYieldExecution (Address: 0x18008ed30)
- RtlAcquireResourceExclusive (Address: 0x18008ed00)
- RtlAcquireResourceShared (Address: 0x18008ed40)
- RtlAdjustPrivilege (Address: 0x18008ecf0)
- RtlAllocateHeap (Address: 0x18008ed50)
- RtlDeleteResource (Address: 0x18008ed18)
- RtlDosPathNameToNtPathName_U (Address: 0x18008eca0)
- RtlFindAceByType (Address: 0x18008ec90)
- RtlFreeHeap (Address: 0x18008ed48)
- RtlImpersonateSelf (Address: 0x18008ece8)
- RtlInitializeResource (Address: 0x18008ecf8)
- RtlNtStatusToDosError (Address: 0x18008ed58)
- RtlRaiseStatus (Address: 0x18008ed28)
- RtlReAllocateHeap (Address: 0x18008ed20)
- RtlReleaseResource (Address: 0x18008ed10)
- RtlSetControlSecurityDescriptor (Address: 0x18008ed08)
OLE32.dll
- CoCreateGuid (Address: 0x18008e988)
- CoCreateInstance (Address: 0x18008e990)
- StringFromGUID2 (Address: 0x18008e998)
OLEAUT32.dll
- LoadRegTypeLib (Address: 0x18008e9f8)
- LoadTypeLib (Address: 0x18008ea00)
- RegisterTypeLib (Address: 0x18008e9d8)
- SysAllocString (Address: 0x18008e9e8)
- SysAllocStringByteLen (Address: 0x18008e9d0)
- SysAllocStringLen (Address: 0x18008e9b0)
- SysFreeString (Address: 0x18008e9c0)
- SysStringByteLen (Address: 0x18008e9c8)
- SysStringLen (Address: 0x18008e9f0)
- UnRegisterTypeLib (Address: 0x18008e9b8)
- VarBstrCmp (Address: 0x18008e9a8)
- VariantClear (Address: 0x18008e9e0)
profapi.dll
- (Address: 0x18008ed70)
RPCRT4.dll
- RpcStringFreeW (Address: 0x18008ea10)
- UuidCreate (Address: 0x18008ea20)
- UuidToStringW (Address: 0x18008ea18)
USER32.dll
- CharLowerBuffW (Address: 0x18008ea30)
- CharNextW (Address: 0x18008ea40)
- CharUpperW (Address: 0x18008ea38)
XmlLite.dll
- CreateXmlReader (Address: 0x18008ea58)
- CreateXmlWriter (Address: 0x18008ea50)