basesrv.dll

Description: Windows NT BASE API Server DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: d32eca1083847bfec6a8aee93f4fe3a0

File Size: 70.5 KB

Uploaded At: Dec. 1, 2025, 7:23 a.m.

Views: 14

Exported Functions

  • BaseGetProcessCrtlRoutine (Ordinal: 1, Address: 0x4a20)
  • BaseSetProcessCreateNotify (Ordinal: 2, Address: 0x4a70)
  • BaseSrvNlsLogon (Ordinal: 3, Address: 0x1010)
  • BaseSrvNlsUpdateRegistryCache (Ordinal: 4, Address: 0x4960)
  • BaseSrvRegisterSxS (Ordinal: 5, Address: 0x4a50)
  • ServerDllInitialization (Ordinal: 6, Address: 0x1810)

Imported DLLs & Functions

CSRSRV.dll
  • CsrCreateProcess (Address: 0x18000eab8)
  • CsrCreateThread (Address: 0x18000eaa8)
  • CsrImpersonateClient (Address: 0x18000ead0)
  • CsrIsClientSandboxed (Address: 0x18000eac0)
  • CsrLockProcessByClientId (Address: 0x18000eab0)
  • CsrLockThreadByClientId (Address: 0x18000ea98)
  • CsrRevertToSelf (Address: 0x18000eac8)
  • CsrUnlockProcess (Address: 0x18000eaa0)
  • CsrUnlockThread (Address: 0x18000ea90)
  • CsrValidateMessageBuffer (Address: 0x18000ead8)
ntdll.dll
  • __C_specific_handler (Address: 0x18000ee30)
  • _snwprintf_s (Address: 0x18000ebb8)
  • _vsnwprintf (Address: 0x18000eaf0)
  • _wcsicmp (Address: 0x18000eb30)
  • _wcsnicmp (Address: 0x18000ebe0)
  • DbgPrint (Address: 0x18000ed48)
  • LdrDisableThreadCalloutsForDll (Address: 0x18000edb0)
  • LdrGetDllHandle (Address: 0x18000ec40)
  • LdrGetProcedureAddress (Address: 0x18000ec50)
  • LdrLoadDll (Address: 0x18000ec88)
  • LdrUnloadDll (Address: 0x18000ec90)
  • memcpy (Address: 0x18000eea0)
  • memmove (Address: 0x18000ede0)
  • memset (Address: 0x18000eea8)
  • NtClose (Address: 0x18000eb38)
  • NtCompareTokens (Address: 0x18000ed30)
  • NtCreateDirectoryObject (Address: 0x18000eb58)
  • NtCreateEvent (Address: 0x18000ed40)
  • NtCreateFile (Address: 0x18000eb90)
  • NtCreateKey (Address: 0x18000ed60)
  • NtCreateSymbolicLinkObject (Address: 0x18000eb68)
  • NtCreateUserProcess (Address: 0x18000ecf0)
  • NtDuplicateObject (Address: 0x18000ecc8)
  • NtDuplicateToken (Address: 0x18000eca0)
  • NtEnumerateKey (Address: 0x18000ed78)
  • NtEnumerateValueKey (Address: 0x18000ed88)
  • NtMakePermanentObject (Address: 0x18000ec08)
  • NtMakeTemporaryObject (Address: 0x18000ebd8)
  • NtNotifyChangeKey (Address: 0x18000ed68)
  • NtOpenKey (Address: 0x18000eb20)
  • NtOpenProcess (Address: 0x18000ecb8)
  • NtOpenProcessToken (Address: 0x18000ec98)
  • NtOpenSymbolicLinkObject (Address: 0x18000ebc0)
  • NtOpenThread (Address: 0x18000ecc0)
  • NtOpenThreadToken (Address: 0x18000ed38)
  • NtQueryInformationProcess (Address: 0x18000eb70)
  • NtQueryInformationToken (Address: 0x18000ec70)
  • NtQueryMultipleValueKey (Address: 0x18000ee98)
  • NtQueryObject (Address: 0x18000ee28)
  • NtQuerySymbolicLinkObject (Address: 0x18000ebd0)
  • NtQuerySystemInformation (Address: 0x18000eb00)
  • NtQueryValueKey (Address: 0x18000eb28)
  • NtResetEvent (Address: 0x18000ed28)
  • NtResumeThread (Address: 0x18000ed08)
  • NtSetEvent (Address: 0x18000ecd8)
  • NtSetInformationObject (Address: 0x18000eb60)
  • NtSetInformationProcess (Address: 0x18000ecb0)
  • NtSetInformationThread (Address: 0x18000eca8)
  • NtTerminateProcess (Address: 0x18000edb8)
  • NtVdmControl (Address: 0x18000ed58)
  • NtWaitForSingleObject (Address: 0x18000ed10)
  • RtlAcquireSRWLockExclusive (Address: 0x18000ec38)
  • RtlAddAccessAllowedAce (Address: 0x18000ec00)
  • RtlAddAccessAllowedAceEx (Address: 0x18000ec28)
  • RtlAddMandatoryAce (Address: 0x18000ec30)
  • RtlAllocateAndInitializeSid (Address: 0x18000ebe8)
  • RtlAllocateHeap (Address: 0x18000eaf8)
  • RtlAnsiStringToUnicodeString (Address: 0x18000ed20)
  • RtlAppendStringToString (Address: 0x18000ed00)
  • RtlAppendUnicodeStringToString (Address: 0x18000eb88)
  • RtlAppendUnicodeToString (Address: 0x18000eb80)
  • RtlCaptureContext (Address: 0x18000edc0)
  • RtlCheckTokenMembershipEx (Address: 0x18000eda8)
  • RtlCompareUnicodeString (Address: 0x18000ece0)
  • RtlConvertSidToUnicodeString (Address: 0x18000ee40)
  • RtlCopyLuid (Address: 0x18000ec10)
  • RtlCopySid (Address: 0x18000ed70)
  • RtlCopyUnicodeString (Address: 0x18000ecd0)
  • RtlCreateAcl (Address: 0x18000ebf8)
  • RtlCreateProcessParametersEx (Address: 0x18000ece8)
  • RtlCreateSecurityDescriptor (Address: 0x18000eb40)
  • RtlCreateTagHeap (Address: 0x18000ee08)
  • RtlCreateUnicodeString (Address: 0x18000edf0)
  • RtlCreateUserThread (Address: 0x18000ec78)
  • RtlDeleteCriticalSection (Address: 0x18000eba0)
  • RtlDestroyProcessParameters (Address: 0x18000ecf8)
  • RtlEnterCriticalSection (Address: 0x18000eba8)
  • RtlEqualSid (Address: 0x18000ed50)
  • RtlEqualUnicodeString (Address: 0x18000ed80)
  • RtlExitUserThread (Address: 0x18000ec80)
  • RtlExpandEnvironmentStrings_U (Address: 0x18000edf8)
  • RtlFreeHeap (Address: 0x18000eb98)
  • RtlFreeSid (Address: 0x18000ebf0)
  • RtlFreeUnicodeString (Address: 0x18000ee48)
  • RtlGetAce (Address: 0x18000ee20)
  • RtlGetCurrentServiceSessionId (Address: 0x18000ee10)
  • RtlGetPersistedStateLocation (Address: 0x18000ee50)
  • RtlInitAnsiString (Address: 0x18000ed18)
  • RtlInitializeCriticalSection (Address: 0x18000ee00)
  • RtlInitializeCriticalSectionAndSpinCount (Address: 0x18000eb78)
  • RtlInitializeSidEx (Address: 0x18000eda0)
  • RtlInitString (Address: 0x18000ec48)
  • RtlInitUnicodeString (Address: 0x18000ee18)
  • RtlInitUnicodeStringEx (Address: 0x18000eb18)
  • RtlIsMultiSessionSku (Address: 0x18000ee70)
  • RtlIsMultiUsersInSessionSku (Address: 0x18000ee68)
  • RtlLeaveCriticalSection (Address: 0x18000ec18)
  • RtlLengthSid (Address: 0x18000ec20)
  • RtlLockHeap (Address: 0x18000ed90)
  • RtlLookupFunctionEntry (Address: 0x18000edc8)
  • RtlOpenCurrentUser (Address: 0x18000ee80)
  • RtlPrefixUnicodeString (Address: 0x18000ec68)
  • RtlQueryRegistryValuesEx (Address: 0x18000eb08)
  • RtlReleaseSRWLockExclusive (Address: 0x18000ec58)
  • RtlSetDaclSecurityDescriptor (Address: 0x18000eb48)
  • RtlSetSaclSecurityDescriptor (Address: 0x18000eb50)
  • RtlSubAuthorityCountSid (Address: 0x18000ee58)
  • RtlSubAuthoritySid (Address: 0x18000ee38)
  • RtlUnhandledExceptionFilter (Address: 0x18000edd8)
  • RtlUnlockHeap (Address: 0x18000ed98)
  • RtlUpcaseUnicodeChar (Address: 0x18000ebb0)
  • RtlVirtualUnwind (Address: 0x18000edd0)
  • swprintf_s (Address: 0x18000eae8)
  • wcscat_s (Address: 0x18000ede8)
  • wcscpy_s (Address: 0x18000ec60)
  • wcsncpy_s (Address: 0x18000eb10)
  • wcsnlen (Address: 0x18000ebc8)
  • ZwClose (Address: 0x18000ee88)
  • ZwOpenKey (Address: 0x18000ee90)
  • ZwQueryInformationToken (Address: 0x18000ee60)
  • ZwQueryValueKey (Address: 0x18000ee78)