RdpIdd.dll

Description: Rdp Indirect Display

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: aecd5226ef352176c8bc9e316390f57d

File Size: 248.5 KB

Uploaded At: Dec. 1, 2025, 7:47 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

FxDriverEntryUm (Ordinal: 1, Address: 0x28620)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll

CoCreateGuid (Address: 0x18002f9e8)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x18002fa00)
IsDebuggerPresent (Address: 0x18002fa08)
OutputDebugStringW (Address: 0x18002f9f8)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x18002fa28)
SetLastError (Address: 0x18002fa18)
SetUnhandledExceptionFilter (Address: 0x18002fa30)
UnhandledExceptionFilter (Address: 0x18002fa20)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x18002fa40)
DuplicateHandle (Address: 0x18002fa48)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x18002fa60)
HeapAlloc (Address: 0x18002fa58)
HeapFree (Address: 0x18002fa68)

api-ms-win-core-heap-l2-1-0.dll

LocalAlloc (Address: 0x18002fa78)
LocalFree (Address: 0x18002fa80)

api-ms-win-core-interlocked-l1-1-0.dll

InitializeSListHead (Address: 0x18002fa90)

api-ms-win-core-kernel32-legacy-l1-1-0.dll

WaitForMultipleObjects (Address: 0x18002faa0)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x18002fab8)
FreeLibrary (Address: 0x18002fae0)
GetModuleFileNameA (Address: 0x18002fac0)
GetModuleHandleExA (Address: 0x18002fab0)
GetModuleHandleExW (Address: 0x18002fad0)
GetModuleHandleW (Address: 0x18002fad8)
GetProcAddress (Address: 0x18002fac8)

api-ms-win-core-localization-l1-2-0.dll

FormatMessageW (Address: 0x18002faf0)

api-ms-win-core-memory-l1-1-0.dll

CreateFileMappingW (Address: 0x18002fb00)
MapViewOfFile (Address: 0x18002fb10)
OpenFileMappingW (Address: 0x18002fb18)
UnmapViewOfFile (Address: 0x18002fb08)

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentProcess (Address: 0x18002fb30)
GetCurrentProcessId (Address: 0x18002fb28)
GetCurrentThreadId (Address: 0x18002fb38)
TerminateProcess (Address: 0x18002fb40)

api-ms-win-core-processthreads-l1-1-1.dll

IsProcessorFeaturePresent (Address: 0x18002fb50)
OpenProcess (Address: 0x18002fb58)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x18002fb68)
QueryPerformanceFrequency (Address: 0x18002fb70)

api-ms-win-core-string-l1-1-0.dll

WideCharToMultiByte (Address: 0x18002fb80)

api-ms-win-core-synch-l1-1-0.dll

AcquireSRWLockExclusive (Address: 0x18002fc00)
AcquireSRWLockShared (Address: 0x18002fbc0)
CreateEventExW (Address: 0x18002fbb8)
CreateMutexExW (Address: 0x18002fbb0)
CreateSemaphoreExW (Address: 0x18002fb98)
DeleteCriticalSection (Address: 0x18002fbd8)
EnterCriticalSection (Address: 0x18002fc18)
InitializeCriticalSectionEx (Address: 0x18002fbf0)
LeaveCriticalSection (Address: 0x18002fc08)
OpenEventW (Address: 0x18002fbd0)
OpenSemaphoreW (Address: 0x18002fb90)
ReleaseMutex (Address: 0x18002fbc8)
ReleaseSemaphore (Address: 0x18002fbe8)
ReleaseSRWLockExclusive (Address: 0x18002fba8)
ReleaseSRWLockShared (Address: 0x18002fba0)
SetEvent (Address: 0x18002fbf8)
WaitForSingleObject (Address: 0x18002fbe0)
WaitForSingleObjectEx (Address: 0x18002fc10)

api-ms-win-core-synch-l1-2-0.dll

InitOnceBeginInitialize (Address: 0x18002fc30)
InitOnceComplete (Address: 0x18002fc28)
Sleep (Address: 0x18002fc38)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime (Address: 0x18002fc58)
GetTickCount (Address: 0x18002fc50)
GetTickCount64 (Address: 0x18002fc48)

api-ms-win-core-sysinfo-l1-2-0.dll

GetSystemTimePreciseAsFileTime (Address: 0x18002fc68)

api-ms-win-core-threadpool-l1-2-0.dll

CloseThreadpoolTimer (Address: 0x18002fc80)
CloseThreadpoolWait (Address: 0x18002fc98)
CreateThreadpoolTimer (Address: 0x18002fcb0)
CreateThreadpoolWait (Address: 0x18002fc78)
SetThreadpoolTimer (Address: 0x18002fc90)
SetThreadpoolWait (Address: 0x18002fc88)
WaitForThreadpoolTimerCallbacks (Address: 0x18002fca0)
WaitForThreadpoolWaitCallbacks (Address: 0x18002fca8)

api-ms-win-core-timezone-l1-1-0.dll

FileTimeToSystemTime (Address: 0x18002fcc0)

api-ms-win-crt-private-l1-1-0.dll

__C_specific_handler (Address: 0x18002fda0)
__CxxFrameHandler4 (Address: 0x18002fdd0)
__std_terminate (Address: 0x18002fdc8)
_CxxThrowException (Address: 0x18002fda8)
_o___std_exception_copy (Address: 0x18002fdc0)
_o___std_exception_destroy (Address: 0x18002fdb8)
_o___std_type_info_destroy_list (Address: 0x18002fdb0)
_o___stdio_common_vsnprintf_s (Address: 0x18002fcd0)
_o___stdio_common_vsprintf (Address: 0x18002fcd8)
_o___stdio_common_vsprintf_s (Address: 0x18002fce0)
_o___stdio_common_vswprintf (Address: 0x18002fce8)
_o___stdio_common_vswprintf_s (Address: 0x18002fcf0)
_o__callnewh (Address: 0x18002fcf8)
_o__cexit (Address: 0x18002fd00)
_o__configure_narrow_argv (Address: 0x18002fd08)
_o__crt_atexit (Address: 0x18002fd10)
_o__errno (Address: 0x18002fd18)
_o__execute_onexit_table (Address: 0x18002fd20)
_o__initialize_narrow_environment (Address: 0x18002fd28)
_o__initialize_onexit_table (Address: 0x18002fd30)
_o__invalid_parameter_noinfo (Address: 0x18002fd38)
_o__invalid_parameter_noinfo_noreturn (Address: 0x18002fd40)
_o__purecall (Address: 0x18002fd48)
_o__register_onexit_function (Address: 0x18002fd50)
_o__seh_filter_dll (Address: 0x18002fd58)
_o__wfopen_s (Address: 0x18002fd60)
_o_fclose (Address: 0x18002fd68)
_o_fflush (Address: 0x18002fd70)
_o_free (Address: 0x18002fd78)
_o_fwrite (Address: 0x18002fd80)
_o_malloc (Address: 0x18002fd88)
_o_terminate (Address: 0x18002fd90)
_o_toupper (Address: 0x18002fd98)
memcmp (Address: 0x18002fde0)
memcpy (Address: 0x18002fde8)
memmove (Address: 0x18002fdd8)

api-ms-win-crt-runtime-l1-1-0.dll

_initterm (Address: 0x18002fdf8)
_initterm_e (Address: 0x18002fe00)

api-ms-win-crt-string-l1-1-0.dll

memset (Address: 0x18002fe10)

api-ms-win-eventing-classicprovider-l1-1-0.dll

GetTraceEnableFlags (Address: 0x18002fe28)
GetTraceEnableLevel (Address: 0x18002fe20)
GetTraceLoggerHandle (Address: 0x18002fe38)
RegisterTraceGuidsW (Address: 0x18002fe40)
TraceMessage (Address: 0x18002fe30)
UnregisterTraceGuids (Address: 0x18002fe48)

api-ms-win-eventing-provider-l1-1-0.dll

EventActivityIdControl (Address: 0x18002fe78)
EventProviderEnabled (Address: 0x18002fe80)
EventRegister (Address: 0x18002fe70)
EventSetInformation (Address: 0x18002fe68)
EventUnregister (Address: 0x18002fe58)
EventWriteTransfer (Address: 0x18002fe60)

api-ms-win-security-base-l1-1-0.dll

AllocateAndInitializeSid (Address: 0x18002fea8)
CheckTokenMembership (Address: 0x18002fe98)
FreeSid (Address: 0x18002fe90)
GetSecurityDescriptorLength (Address: 0x18002fec0)
InitializeSecurityDescriptor (Address: 0x18002feb8)
MakeSelfRelativeSD (Address: 0x18002fea0)
SetSecurityDescriptorDacl (Address: 0x18002feb0)

api-ms-win-security-provider-l1-1-0.dll

SetEntriesInAclW (Address: 0x18002fed0)

d3d11.dll

D3D11CreateDevice (Address: 0x18002fee0)

dxgi.dll

CreateDXGIFactory2 (Address: 0x18002fef0)

msvcp_win.dll

_Lock_shared_ptr_spin_lock (Address: 0x18002ff10)
_Mtx_destroy_in_situ (Address: 0x18002ff28)
_Mtx_init_in_situ (Address: 0x18002ff08)
_Mtx_lock (Address: 0x18002ff20)
_Mtx_unlock (Address: 0x18002ff38)
_Unlock_shared_ptr_spin_lock (Address: 0x18002ff18)
?_Throw_C_error@std@@YAXH@Z (Address: 0x18002ff40)
?_Xbad_function_call@std@@YAXXZ (Address: 0x18002ff00)
?_Xlength_error@std@@YAXPEBD@Z (Address: 0x18002ff30)

ntdll.dll

DbgPrintEx (Address: 0x18002ff70)
RtlCaptureContext (Address: 0x18002ff50)
RtlInitUnicodeString (Address: 0x18002ff68)
RtlLookupFunctionEntry (Address: 0x18002ff58)
RtlVirtualUnwind (Address: 0x18002ff60)

WppRecorderUM.dll

WppAutoLogStart (Address: 0x18002f9d0)
WppAutoLogStop (Address: 0x18002f9c8)
WppAutoLogTrace (Address: 0x18002f9d8)