pwrshsip.dll

Description: Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml)

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 31648c3363fecfdb61e14c2717ddc952

File Size: 30.0 KB

Uploaded At: Dec. 1, 2025, 7:52 a.m.

Views: 5

Exported Functions

  • PsCreateHash (Ordinal: 1, Address: 0x48a0)
  • PsDelSignature (Ordinal: 2, Address: 0x4a00)
  • PsGetSignature (Ordinal: 3, Address: 0x4710)
  • PsIsMyFileType (Ordinal: 4, Address: 0x4ae0)
  • PsPutSignature (Ordinal: 5, Address: 0x47e0)
  • PsVerifyHash (Ordinal: 6, Address: 0x4940)
  • DllRegisterServer (Ordinal: 7, Address: 0x4c00)
  • DllUnregisterServer (Ordinal: 8, Address: 0x4d30)

Imported DLLs & Functions

ADVAPI32.dll
  • CryptAcquireContextW (Address: 0x180006218)
  • CryptCreateHash (Address: 0x180006200)
  • CryptDestroyHash (Address: 0x180006208)
  • CryptGetHashParam (Address: 0x1800061f0)
  • CryptGetProvParam (Address: 0x1800061e8)
  • CryptHashData (Address: 0x1800061f8)
  • CryptReleaseContext (Address: 0x180006210)
CRYPT32.dll
  • CertOIDToAlgId (Address: 0x180006230)
  • CryptBinaryToStringW (Address: 0x180006248)
  • CryptEncodeObject (Address: 0x180006238)
  • CryptFindOIDInfo (Address: 0x180006228)
  • CryptSIPAddProvider (Address: 0x180006250)
  • CryptSIPRemoveProvider (Address: 0x180006258)
  • CryptStringToBinaryW (Address: 0x180006240)
KERNEL32.dll
  • CloseHandle (Address: 0x180006270)
  • CreateFileW (Address: 0x180006278)
  • GetCurrentProcess (Address: 0x1800062c0)
  • GetCurrentProcessId (Address: 0x180006310)
  • GetCurrentThreadId (Address: 0x180006318)
  • GetFileSizeEx (Address: 0x180006280)
  • GetLastError (Address: 0x180006268)
  • GetModuleFileNameW (Address: 0x1800062f8)
  • GetSystemTimeAsFileTime (Address: 0x180006320)
  • GetTickCount (Address: 0x180006328)
  • MultiByteToWideChar (Address: 0x1800062b0)
  • QueryPerformanceCounter (Address: 0x180006308)
  • ReadFile (Address: 0x180006298)
  • RtlCaptureContext (Address: 0x1800062f0)
  • RtlLookupFunctionEntry (Address: 0x1800062e8)
  • RtlVirtualUnwind (Address: 0x1800062e0)
  • SetEndOfFile (Address: 0x180006288)
  • SetFilePointerEx (Address: 0x180006290)
  • SetLastError (Address: 0x1800062c8)
  • SetUnhandledExceptionFilter (Address: 0x1800062d0)
  • Sleep (Address: 0x180006300)
  • TerminateProcess (Address: 0x1800062b8)
  • UnhandledExceptionFilter (Address: 0x1800062d8)
  • WideCharToMultiByte (Address: 0x1800062a8)
  • WriteFile (Address: 0x1800062a0)
msvcrt.dll
  • __C_specific_handler (Address: 0x180006370)
  • _amsg_exit (Address: 0x180006380)
  • _callnewh (Address: 0x180006358)
  • _initterm (Address: 0x180006378)
  • _purecall (Address: 0x180006338)
  • _wcsicmp (Address: 0x180006388)
  • _XcptFilter (Address: 0x180006390)
  • free (Address: 0x180006348)
  • malloc (Address: 0x180006350)
  • memcmp (Address: 0x180006398)
  • memcpy (Address: 0x1800063a0)
  • memset (Address: 0x180006360)
  • wcscmp (Address: 0x1800063a8)
  • wcsncmp (Address: 0x180006368)
  • wcsrchr (Address: 0x180006340)