BFE.DLL

Description: Base Filtering Engine

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6328

Architecture: 64-bit

Operating System: Windows NT

SHA256: 20101891db10277d6030b8e785e544b9

File Size: 870.5 KB

Uploaded At: Dec. 1, 2025, 7:23 a.m.

Views: 17

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • BfeGetDirectDispatchTable (Ordinal: 1, Address: 0x24700)
  • BfeOnServiceStartTypeChange (Ordinal: 2, Address: 0x3e5c0)
  • BfeServiceMain (Ordinal: 3, Address: 0x23b00)
  • SvchostPushServiceGlobals (Ordinal: 4, Address: 0x247d0)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x1800979c0)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1800979d0)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x1800979e0)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1800979f0)
  • SetUnhandledExceptionFilter (Address: 0x1800979f8)
  • UnhandledExceptionFilter (Address: 0x180097a00)
api-ms-win-core-file-l1-1-0.dll
  • CreateFileW (Address: 0x180097a10)
  • DeleteFileW (Address: 0x180097a18)
  • WriteFile (Address: 0x180097a20)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180097a30)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180097a48)
  • HeapAlloc (Address: 0x180097a50)
  • HeapCreate (Address: 0x180097a60)
  • HeapDestroy (Address: 0x180097a68)
  • HeapFree (Address: 0x180097a58)
  • HeapReAlloc (Address: 0x180097a70)
  • HeapSize (Address: 0x180097a40)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x180097a80)
  • LocalFree (Address: 0x180097a88)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180097ab8)
  • GetModuleHandleExW (Address: 0x180097ab0)
  • GetModuleHandleW (Address: 0x180097aa0)
  • GetProcAddress (Address: 0x180097aa8)
  • LoadStringW (Address: 0x180097a98)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x180097ad8)
  • MapViewOfFile (Address: 0x180097ac8)
  • UnmapViewOfFile (Address: 0x180097ad0)
api-ms-win-core-perfcounters-l1-1-0.dll
  • PerfCreateInstance (Address: 0x180097af8)
  • PerfSetCounterSetInfo (Address: 0x180097b08)
  • PerfSetULongCounterValue (Address: 0x180097b10)
  • PerfSetULongLongCounterValue (Address: 0x180097af0)
  • PerfStartProvider (Address: 0x180097b00)
  • PerfStopProvider (Address: 0x180097ae8)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x180097b20)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateThread (Address: 0x180097b50)
  • GetCurrentProcess (Address: 0x180097b30)
  • GetCurrentProcessId (Address: 0x180097b78)
  • GetCurrentThread (Address: 0x180097b38)
  • GetCurrentThreadId (Address: 0x180097b70)
  • GetProcessId (Address: 0x180097b60)
  • OpenThreadToken (Address: 0x180097b58)
  • TerminateProcess (Address: 0x180097b48)
  • TlsAlloc (Address: 0x180097b80)
  • TlsFree (Address: 0x180097b68)
  • TlsGetValue (Address: 0x180097b88)
  • TlsSetValue (Address: 0x180097b40)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x180097b98)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180097ba8)
api-ms-win-core-psapi-l1-1-0.dll
  • QueryFullProcessImageNameW (Address: 0x180097bb8)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180097be0)
  • RegCreateKeyExW (Address: 0x180097c00)
  • RegDeleteValueW (Address: 0x180097bc8)
  • RegEnumValueW (Address: 0x180097bf8)
  • RegOpenKeyExW (Address: 0x180097bd8)
  • RegQueryInfoKeyW (Address: 0x180097bf0)
  • RegQueryValueExW (Address: 0x180097bd0)
  • RegSetValueExW (Address: 0x180097be8)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180097c10)
  • RtlLookupFunctionEntry (Address: 0x180097c18)
  • RtlVirtualUnwind (Address: 0x180097c20)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringW (Address: 0x180097c30)
  • MultiByteToWideChar (Address: 0x180097c38)
  • WideCharToMultiByte (Address: 0x180097c40)
api-ms-win-core-string-l2-1-1.dll
  • SHLoadIndirectString (Address: 0x180097c50)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180097cd0)
  • AcquireSRWLockShared (Address: 0x180097c60)
  • CreateEventW (Address: 0x180097ca8)
  • CreateSemaphoreExW (Address: 0x180097c68)
  • DeleteCriticalSection (Address: 0x180097c78)
  • EnterCriticalSection (Address: 0x180097c70)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180097cc0)
  • InitializeSRWLock (Address: 0x180097cb8)
  • LeaveCriticalSection (Address: 0x180097cc8)
  • ReleaseSemaphore (Address: 0x180097c88)
  • ReleaseSRWLockExclusive (Address: 0x180097cb0)
  • ReleaseSRWLockShared (Address: 0x180097c80)
  • SetEvent (Address: 0x180097c90)
  • TryAcquireSRWLockExclusive (Address: 0x180097c98)
  • WaitForSingleObject (Address: 0x180097ca0)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180097ce0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTime (Address: 0x180097cf8)
  • GetSystemTimeAsFileTime (Address: 0x180097cf0)
  • GetTickCount (Address: 0x180097d08)
  • GetTickCount64 (Address: 0x180097d00)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x180097d28)
  • CloseThreadpoolWork (Address: 0x180097d48)
  • CreateThreadpoolTimer (Address: 0x180097d38)
  • CreateThreadpoolWork (Address: 0x180097d40)
  • SetThreadpoolTimer (Address: 0x180097d30)
  • SubmitThreadpoolWork (Address: 0x180097d20)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180097d18)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • CreateTimerQueue (Address: 0x180097d68)
  • CreateTimerQueueTimer (Address: 0x180097d78)
  • DeleteTimerQueueEx (Address: 0x180097d70)
  • DeleteTimerQueueTimer (Address: 0x180097d60)
  • UnregisterWaitEx (Address: 0x180097d58)
api-ms-win-core-threadpool-private-l1-1-0.dll
  • RegisterWaitForSingleObjectEx (Address: 0x180097d88)
api-ms-win-core-timezone-l1-1-0.dll
  • FileTimeToSystemTime (Address: 0x180097d98)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x180097db0)
  • EncodePointer (Address: 0x180097da8)
api-ms-win-eventing-consumer-l1-1-0.dll
  • CloseTrace (Address: 0x180097dc0)
  • OpenTraceW (Address: 0x180097dc8)
  • ProcessTrace (Address: 0x180097dd0)
api-ms-win-eventing-controller-l1-1-0.dll
  • ControlTraceW (Address: 0x180097df0)
  • EnableTraceEx2 (Address: 0x180097de0)
  • StartTraceW (Address: 0x180097de8)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180097e00)
  • EventSetInformation (Address: 0x180097e18)
  • EventUnregister (Address: 0x180097e10)
  • EventWriteTransfer (Address: 0x180097e08)
api-ms-win-security-base-l1-1-0.dll
  • AddAccessAllowedAce (Address: 0x180097ea0)
  • AllocateAndInitializeSid (Address: 0x180097ea8)
  • CopySid (Address: 0x180097e30)
  • CreatePrivateObjectSecurityEx (Address: 0x180097e88)
  • CreateWellKnownSid (Address: 0x180097eb8)
  • DestroyPrivateObjectSecurity (Address: 0x180097e80)
  • EqualSid (Address: 0x180097e40)
  • FreeSid (Address: 0x180097e98)
  • GetLengthSid (Address: 0x180097e28)
  • GetPrivateObjectSecurity (Address: 0x180097e78)
  • GetSecurityDescriptorControl (Address: 0x180097e70)
  • GetSecurityDescriptorLength (Address: 0x180097e90)
  • InitializeAcl (Address: 0x180097eb0)
  • InitializeSecurityDescriptor (Address: 0x180097e60)
  • MapGenericMask (Address: 0x180097e48)
  • PrivilegeCheck (Address: 0x180097e38)
  • SetPrivateObjectSecurityEx (Address: 0x180097e58)
  • SetSecurityDescriptorControl (Address: 0x180097e68)
  • SetSecurityDescriptorDacl (Address: 0x180097e50)
AUTHZ.dll
  • AuthzAccessCheck (Address: 0x1800978b0)
  • AuthzFreeAuditEvent (Address: 0x180097888)
  • AuthzFreeContext (Address: 0x180097890)
  • AuthzFreeResourceManager (Address: 0x180097878)
  • AuthzGetInformationFromContext (Address: 0x1800978a8)
  • AuthziFreeAuditEventType (Address: 0x1800978a0)
  • AuthziInitializeAuditEvent (Address: 0x1800978c8)
  • AuthziInitializeAuditEventType (Address: 0x1800978b8)
  • AuthziInitializeAuditParamsFromArray (Address: 0x1800978c0)
  • AuthziLogAuditEvent (Address: 0x180097880)
  • AuthzInitializeContextFromSid (Address: 0x180097898)
  • AuthzInitializeResourceManager (Address: 0x180097870)
IPHLPAPI.DLL
  • GetCurrentThreadCompartmentId (Address: 0x1800978d8)
msvcrt.dll
  • __C_specific_handler (Address: 0x180097fa0)
  • _amsg_exit (Address: 0x180097fc0)
  • _i64toa_s (Address: 0x180097f00)
  • _initterm (Address: 0x180097fa8)
  • _ltoa_s (Address: 0x180097ef8)
  • _ui64toa_s (Address: 0x180097f08)
  • _ultoa_s (Address: 0x180097ed0)
  • _ultow (Address: 0x180097f28)
  • _vsnprintf (Address: 0x180097f50)
  • _vsnwprintf (Address: 0x180097f70)
  • _wcsicmp (Address: 0x180097f90)
  • _wcslwr (Address: 0x180097f48)
  • _wcsnicmp (Address: 0x180097f20)
  • _XcptFilter (Address: 0x180097f80)
  • bsearch (Address: 0x180097ec8)
  • free (Address: 0x180097fb8)
  • isprint (Address: 0x180097ef0)
  • iswctype (Address: 0x180097f38)
  • log (Address: 0x180097f30)
  • malloc (Address: 0x180097fb0)
  • memcmp (Address: 0x180097f60)
  • memcpy (Address: 0x180097f68)
  • memset (Address: 0x180097fd0)
  • qsort (Address: 0x180097f98)
  • sprintf_s (Address: 0x180097ee8)
  • strpbrk (Address: 0x180097ed8)
  • strstr (Address: 0x180097ee0)
  • tolower (Address: 0x180097f58)
  • wcschr (Address: 0x180097f88)
  • wcscspn (Address: 0x180097f18)
  • wcsnlen (Address: 0x180097f40)
  • wcstol (Address: 0x180097fc8)
  • wcstoul (Address: 0x180097f78)
  • wprintf (Address: 0x180097f10)
ntdll.dll
  • EtwEventActivityIdControl (Address: 0x180098188)
  • EtwEventEnabled (Address: 0x180098170)
  • EtwEventRegister (Address: 0x180098198)
  • EtwEventSetInformation (Address: 0x180097ff8)
  • EtwEventUnregister (Address: 0x180098190)
  • EtwEventWrite (Address: 0x180098180)
  • EtwEventWriteTransfer (Address: 0x180098178)
  • EtwGetTraceEnableFlags (Address: 0x1800981c0)
  • EtwGetTraceEnableLevel (Address: 0x1800981d0)
  • EtwGetTraceLoggerHandle (Address: 0x1800981c8)
  • EtwRegisterTraceGuidsW (Address: 0x1800981d8)
  • EtwTraceMessage (Address: 0x1800981a8)
  • EtwUnregisterTraceGuids (Address: 0x1800981b8)
  • NtDeviceIoControlFile (Address: 0x180098020)
  • NtQueryLicenseValue (Address: 0x180098058)
  • NtQueryObject (Address: 0x180097fe0)
  • RtlAbsoluteToSelfRelativeSD (Address: 0x1800980d8)
  • RtlAcquireSRWLockExclusive (Address: 0x180098050)
  • RtlAcquireSRWLockShared (Address: 0x180098040)
  • RtlAdjustPrivilege (Address: 0x1800980c8)
  • RtlAllocateHeap (Address: 0x180098028)
  • RtlApplicationVerifierStop (Address: 0x180098168)
  • RtlContractHashTable (Address: 0x1800980c0)
  • RtlCreateHashTable (Address: 0x180098070)
  • RtlCreateServiceSid (Address: 0x1800980f8)
  • RtlDeleteHashTable (Address: 0x180098078)
  • RtlEndEnumerationHashTable (Address: 0x1800980b0)
  • RtlEnumerateEntryHashTable (Address: 0x1800980a8)
  • RtlEqualSid (Address: 0x180098158)
  • RtlEthernetAddressToStringA (Address: 0x180098130)
  • RtlExpandHashTable (Address: 0x1800980b8)
  • RtlFreeHeap (Address: 0x180098118)
  • RtlGetCurrentServiceSessionId (Address: 0x1800981b0)
  • RtlGetNextEntryHashTable (Address: 0x180098098)
  • RtlGetOwnerSecurityDescriptor (Address: 0x1800980d0)
  • RtlGetSaclSecurityDescriptor (Address: 0x180097fe8)
  • RtlInitEnumerationHashTable (Address: 0x1800980a0)
  • RtlInitializeBitMap (Address: 0x180098008)
  • RtlInitializeSRWLock (Address: 0x180098030)
  • RtlInitUnicodeString (Address: 0x180098108)
  • RtlInsertEntryHashTable (Address: 0x180098080)
  • RtlIntegerToUnicodeString (Address: 0x1800980f0)
  • RtlIpv4AddressToStringA (Address: 0x180098120)
  • RtlIpv4AddressToStringW (Address: 0x180098068)
  • RtlIpv6AddressToStringA (Address: 0x180098128)
  • RtlIpv6AddressToStringW (Address: 0x180098060)
  • RtlLengthSecurityDescriptor (Address: 0x180098160)
  • RtlLengthSid (Address: 0x180098018)
  • RtlLookupEntryHashTable (Address: 0x180098090)
  • RtlNtStatusToDosError (Address: 0x1800981a0)
  • RtlNumberOfSetBits (Address: 0x180098000)
  • RtlReleaseSRWLockExclusive (Address: 0x180098048)
  • RtlReleaseSRWLockShared (Address: 0x180098038)
  • RtlRemoveEntryHashTable (Address: 0x180098088)
  • RtlSelfRelativeToAbsoluteSD2 (Address: 0x1800980e8)
  • RtlSetOwnerSecurityDescriptor (Address: 0x1800980e0)
  • RtlSetThreadPreferredUILanguages (Address: 0x1800981e0)
  • RtlSubAuthorityCountSid (Address: 0x180098100)
  • RtlValidRelativeSecurityDescriptor (Address: 0x180097ff0)
  • RtlValidSid (Address: 0x180098010)
  • TpAllocTimer (Address: 0x180098150)
  • TpIsTimerSet (Address: 0x180098148)
  • TpReleaseTimer (Address: 0x180098110)
  • TpSetTimer (Address: 0x180098140)
  • TpWaitForTimer (Address: 0x180098138)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x180097998)
  • I_RpcExceptionFilter (Address: 0x1800979a0)
  • MesDecodeBufferHandleCreate (Address: 0x180097908)
  • MesEncodeDynBufferHandleCreate (Address: 0x180097920)
  • MesHandleFree (Address: 0x180097918)
  • NdrMesTypeDecode3 (Address: 0x180097970)
  • NdrMesTypeEncode3 (Address: 0x180097940)
  • NdrServerCall2 (Address: 0x180097990)
  • NdrServerCallAll (Address: 0x180097988)
  • RpcBindingVectorFree (Address: 0x180097900)
  • RpcEpRegisterW (Address: 0x180097928)
  • RpcEpUnregister (Address: 0x180097968)
  • RpcFreeAuthorizationContext (Address: 0x180097980)
  • RpcGetAuthorizationContextForClient (Address: 0x180097978)
  • RpcImpersonateClient (Address: 0x180097948)
  • RpcRaiseException (Address: 0x180097938)
  • RpcRevertToSelf (Address: 0x180097958)
  • RpcServerInqBindings (Address: 0x1800978e8)
  • RpcServerInqCallAttributesW (Address: 0x180097950)
  • RpcServerRegisterIf3 (Address: 0x1800978f8)
  • RpcServerUnregisterIfEx (Address: 0x1800978f0)
  • RpcServerUseProtseqW (Address: 0x180097930)
  • UuidCreate (Address: 0x180097960)
  • UuidFromStringW (Address: 0x180097910)
WS2_32.dll
  • htonl (Address: 0x1800979b0)