dbghelp.dll
Description: Windows Image Helper
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5848
Architecture: 32-bit
Operating System: Windows NT
SHA256: 441643b1e0f8d9bee076deafa614f94e
File Size: 1.6 MB
Uploaded At: Dec. 1, 2025, 7:54 a.m.
Views: 10
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- (Ordinal: 1101, Address: 0x10f4c0)
- (Ordinal: 1102, Address: 0x10f560)
- (Ordinal: 1103, Address: 0x10f6a0)
- (Ordinal: 1104, Address: 0x10f9b0)
- (Ordinal: 1105, Address: 0x10fe40)
- (Ordinal: 1106, Address: 0x10ff20)
- (Ordinal: 1107, Address: 0x10f620)
- (Ordinal: 1108, Address: 0x10f8b0)
- (Ordinal: 1109, Address: 0x10fd80)
- (Ordinal: 1110, Address: 0x10fe60)
- (Ordinal: 1111, Address: 0x10f650)
- (Ordinal: 1112, Address: 0x10f930)
- (Ordinal: 1113, Address: 0x10fde0)
- (Ordinal: 1114, Address: 0x10fec0)
- (Ordinal: 1115, Address: 0x10f6d0)
- (Ordinal: 1116, Address: 0x10f770)
- (Ordinal: 1117, Address: 0x10f3d0)
- (Ordinal: 1118, Address: 0x10f450)
- (Ordinal: 1119, Address: 0x10f5d0)
- SymAllocDiaString (Ordinal: 1120, Address: 0x10f390)
- SymFreeDiaString (Ordinal: 1121, Address: 0x144d30)
- SymGetDiaSession (Ordinal: 1122, Address: 0x144d40)
- SymGetOmapBlockBase (Ordinal: 1123, Address: 0x144d80)
- SymSetDiaSession (Ordinal: 1124, Address: 0x10ff40)
- _EFN_DumpImage (Ordinal: 1125, Address: 0x139c10)
- DbgHelpCreateUserDump (Ordinal: 1126, Address: 0x1508c0)
- DbgHelpCreateUserDumpW (Ordinal: 1127, Address: 0x150960)
- EnumDirTree (Ordinal: 1128, Address: 0x14b060)
- EnumDirTreeW (Ordinal: 1129, Address: 0x14b160)
- EnumerateLoadedModules64 (Ordinal: 1130, Address: 0x145890)
- EnumerateLoadedModules (Ordinal: 1131, Address: 0x145920)
- EnumerateLoadedModulesEx (Ordinal: 1132, Address: 0x1459b0)
- EnumerateLoadedModulesExW (Ordinal: 1133, Address: 0x145a40)
- EnumerateLoadedModulesW64 (Ordinal: 1134, Address: 0x145ad0)
- ExtensionApiVersion (Ordinal: 1135, Address: 0x3a0f0)
- FindDebugInfoFile (Ordinal: 1136, Address: 0x14b1a0)
- FindDebugInfoFileEx (Ordinal: 1137, Address: 0x14b1c0)
- FindDebugInfoFileExW (Ordinal: 1138, Address: 0x14b280)
- FindExecutableImage (Ordinal: 1139, Address: 0x14b2c0)
- FindExecutableImageEx (Ordinal: 1140, Address: 0x14b2e0)
- FindExecutableImageExW (Ordinal: 1141, Address: 0x14b3c0)
- FindFileInPath (Ordinal: 1142, Address: 0x14b400)
- FindFileInSearchPath (Ordinal: 1143, Address: 0x14b430)
- GetSymLoadError (Ordinal: 1144, Address: 0x2ffd0)
- GetTimestampForLoadedLibrary (Ordinal: 1145, Address: 0x1402c0)
- ImageDirectoryEntryToData (Ordinal: 1146, Address: 0x140010)
- ImageDirectoryEntryToDataEx (Ordinal: 1147, Address: 0x140040)
- ImageNtHeader (Ordinal: 1148, Address: 0x140100)
- ImageRvaToSection (Ordinal: 1149, Address: 0x140130)
- ImageRvaToVa (Ordinal: 1150, Address: 0x140190)
- ImagehlpApiVersion (Ordinal: 1151, Address: 0x14b460)
- ImagehlpApiVersionEx (Ordinal: 1152, Address: 0x39ff0)
- MakeSureDirectoryPathExists (Ordinal: 1153, Address: 0x14b470)
- MapDebugInformation (Ordinal: 1154, Address: 0x14b5b0)
- MiniDumpReadDumpStream (Ordinal: 1155, Address: 0x17294e)
- MiniDumpWriteDump (Ordinal: 1156, Address: 0x17297f)
- RangeMapAddPeImageSections (Ordinal: 1157, Address: 0x155410)
- RangeMapCreate (Ordinal: 1158, Address: 0x1554a0)
- RangeMapFree (Ordinal: 1159, Address: 0x1554e0)
- RangeMapRead (Ordinal: 1160, Address: 0x155510)
- RangeMapRemove (Ordinal: 1161, Address: 0x155560)
- RangeMapWrite (Ordinal: 1162, Address: 0x1555b0)
- RemoveInvalidModuleList (Ordinal: 1163, Address: 0x39f30)
- ReportSymbolLoadSummary (Ordinal: 1164, Address: 0x39ce0)
- SearchTreeForFile (Ordinal: 1165, Address: 0x14b750)
- SearchTreeForFileW (Ordinal: 1166, Address: 0x14b780)
- SetCheckUserInterruptShared (Ordinal: 1167, Address: 0x39f30)
- SetSymLoadError (Ordinal: 1168, Address: 0x145b60)
- StackWalk64 (Ordinal: 1169, Address: 0x1548c0)
- StackWalk (Ordinal: 1170, Address: 0x154980)
- StackWalkEx (Ordinal: 1171, Address: 0x31b50)
- SymAddSourceStream (Ordinal: 1172, Address: 0x145b80)
- SymAddSourceStreamA (Ordinal: 1173, Address: 0x145bb0)
- SymAddSourceStreamW (Ordinal: 1174, Address: 0x145bf0)
- SymAddSymbol (Ordinal: 1175, Address: 0x145cf0)
- SymAddSymbolW (Ordinal: 1176, Address: 0x30b80)
- SymAddrIncludeInlineTrace (Ordinal: 1177, Address: 0x3a050)
- SymCleanup (Ordinal: 1178, Address: 0x39da0)
- SymCompareInlineTrace (Ordinal: 1179, Address: 0x145d40)
- SymDeleteSymbol (Ordinal: 1180, Address: 0x1461a0)
- SymDeleteSymbolW (Ordinal: 1181, Address: 0x1461e0)
- SymEnumLines (Ordinal: 1182, Address: 0x146290)
- SymEnumLinesW (Ordinal: 1183, Address: 0x146310)
- SymEnumProcesses (Ordinal: 1184, Address: 0x146370)
- SymEnumSourceFileTokens (Ordinal: 1185, Address: 0x1463e0)
- SymEnumSourceFiles (Ordinal: 1186, Address: 0x146460)
- SymEnumSourceFilesW (Ordinal: 1187, Address: 0x146490)
- SymEnumSourceLines (Ordinal: 1188, Address: 0x1464c0)
- SymEnumSourceLinesW (Ordinal: 1189, Address: 0x1464f0)
- SymEnumSym (Ordinal: 1190, Address: 0x146520)
- SymEnumSymbols (Ordinal: 1191, Address: 0x146550)
- SymEnumSymbolsEx (Ordinal: 1192, Address: 0x146580)
- SymEnumSymbolsExW (Ordinal: 1193, Address: 0x30d80)
- SymEnumSymbolsForAddr (Ordinal: 1194, Address: 0x1465f0)
- SymEnumSymbolsForAddrW (Ordinal: 1195, Address: 0x1466d0)
- SymEnumSymbolsW (Ordinal: 1196, Address: 0x1467c0)
- SymEnumTypes (Ordinal: 1197, Address: 0x1467f0)
- SymEnumTypesByName (Ordinal: 1198, Address: 0x146840)
- SymEnumTypesByNameW (Ordinal: 1199, Address: 0x1468f0)
- SymEnumTypesW (Ordinal: 1200, Address: 0x146950)
- SymEnumerateModules64 (Ordinal: 1201, Address: 0x1469b0)
- SymEnumerateModules (Ordinal: 1202, Address: 0x1469f0)
- SymEnumerateModulesW64 (Ordinal: 1203, Address: 0x146a30)
- SymEnumerateSymbols64 (Ordinal: 1204, Address: 0x146a80)
- SymEnumerateSymbols (Ordinal: 1205, Address: 0x146ad0)
- SymEnumerateSymbolsW64 (Ordinal: 1206, Address: 0x146b20)
- SymEnumerateSymbolsW (Ordinal: 1207, Address: 0x146b70)
- SymFindDebugInfoFile (Ordinal: 1208, Address: 0x14b7b0)
- SymFindDebugInfoFileW (Ordinal: 1209, Address: 0x14b890)
- SymFindExecutableImage (Ordinal: 1210, Address: 0x14b8e0)
- SymFindExecutableImageW (Ordinal: 1211, Address: 0x14b9c0)
- SymFindFileInPath (Ordinal: 1212, Address: 0x14ba10)
- SymFindFileInPathW (Ordinal: 1213, Address: 0x14bae0)
- SymFromAddr (Ordinal: 1214, Address: 0x146bc0)
- SymFromAddrW (Ordinal: 1215, Address: 0x146bf0)
- SymFromIndex (Ordinal: 1216, Address: 0x146c20)
- SymFromIndexW (Ordinal: 1217, Address: 0x146ca0)
- SymFromInlineContext (Ordinal: 1218, Address: 0x146d60)
- SymFromInlineContextW (Ordinal: 1219, Address: 0x34950)
- SymFromName (Ordinal: 1220, Address: 0x146db0)
- SymFromNameW (Ordinal: 1221, Address: 0x146e20)
- SymFromToken (Ordinal: 1222, Address: 0x146e50)
- SymFromTokenW (Ordinal: 1223, Address: 0x146ee0)
- SymFunctionTableAccess64 (Ordinal: 1224, Address: 0x34410)
- SymFunctionTableAccess64AccessRoutines (Ordinal: 1225, Address: 0x34430)
- SymFunctionTableAccess (Ordinal: 1226, Address: 0x146fa0)
- SymGetExtendedOption (Ordinal: 1227, Address: 0x10ff80)
- SymGetFileLineOffsets64 (Ordinal: 1228, Address: 0x140f20)
- SymGetHomeDirectory (Ordinal: 1229, Address: 0x146fc0)
- SymGetHomeDirectoryW (Ordinal: 1230, Address: 0x147020)
- SymGetLineFromAddr64 (Ordinal: 1231, Address: 0x1470b0)
- SymGetLineFromAddr (Ordinal: 1232, Address: 0x1470e0)
- SymGetLineFromAddrW64 (Ordinal: 1233, Address: 0x147110)
- SymGetLineFromInlineContext (Ordinal: 1234, Address: 0x147140)
- SymGetLineFromInlineContextW (Ordinal: 1235, Address: 0x147170)
- SymGetLineFromName64 (Ordinal: 1236, Address: 0x1471a0)
- SymGetLineFromName (Ordinal: 1237, Address: 0x1471d0)
- SymGetLineFromNameW64 (Ordinal: 1238, Address: 0x147200)
- SymGetLineNext64 (Ordinal: 1239, Address: 0x147230)
- SymGetLineNext (Ordinal: 1240, Address: 0x147250)
- SymGetLineNextW64 (Ordinal: 1241, Address: 0x147270)
- SymGetLinePrev64 (Ordinal: 1242, Address: 0x147290)
- SymGetLinePrev (Ordinal: 1243, Address: 0x1472b0)
- SymGetLinePrevW64 (Ordinal: 1244, Address: 0x1472d0)
- SymGetModuleBase64 (Ordinal: 1245, Address: 0x1472f0)
- SymGetModuleBase (Ordinal: 1246, Address: 0x147380)
- SymGetModuleInfo64 (Ordinal: 1247, Address: 0x1473a0)
- SymGetModuleInfo (Ordinal: 1248, Address: 0x147430)
- SymGetModuleInfoW64 (Ordinal: 1249, Address: 0x393d0)
- SymGetModuleInfoW (Ordinal: 1250, Address: 0x1474c0)
- SymGetOmaps (Ordinal: 1251, Address: 0x147560)
- SymGetOptions (Ordinal: 1252, Address: 0x2ffa0)
- SymGetScope (Ordinal: 1253, Address: 0x147610)
- SymGetScopeW (Ordinal: 1254, Address: 0x147690)
- SymGetSearchPath (Ordinal: 1255, Address: 0x147780)
- SymGetSearchPathW (Ordinal: 1256, Address: 0x1477e0)
- SymGetSourceFile (Ordinal: 1257, Address: 0x147860)
- SymGetSourceFileChecksum (Ordinal: 1258, Address: 0x1478c0)
- SymGetSourceFileChecksumW (Ordinal: 1259, Address: 0x147910)
- SymGetSourceFileFromToken (Ordinal: 1260, Address: 0x1479d0)
- SymGetSourceFileFromTokenW (Ordinal: 1261, Address: 0x147a40)
- SymGetSourceFileToken (Ordinal: 1262, Address: 0x147a90)
- SymGetSourceFileTokenW (Ordinal: 1263, Address: 0x147ad0)
- SymGetSourceFileW (Ordinal: 1264, Address: 0x147b50)
- SymGetSourceVarFromToken (Ordinal: 1265, Address: 0x147bb0)
- SymGetSourceVarFromTokenW (Ordinal: 1266, Address: 0x147c40)
- SymGetSymFromAddr64 (Ordinal: 1267, Address: 0x147ca0)
- SymGetSymFromAddr (Ordinal: 1268, Address: 0x147ce0)
- SymGetSymFromName64 (Ordinal: 1269, Address: 0x147d30)
- SymGetSymFromName (Ordinal: 1270, Address: 0x147d80)
- SymGetSymNext64 (Ordinal: 1271, Address: 0x147dd0)
- SymGetSymNext (Ordinal: 1272, Address: 0x147df0)
- SymGetSymPrev64 (Ordinal: 1273, Address: 0x147e60)
- SymGetSymPrev (Ordinal: 1274, Address: 0x147e80)
- SymGetSymbolFile (Ordinal: 1275, Address: 0x14f740)
- SymGetSymbolFileW (Ordinal: 1276, Address: 0x14f810)
- SymGetTypeFromName (Ordinal: 1277, Address: 0x147ef0)
- SymGetTypeFromNameW (Ordinal: 1278, Address: 0x147f90)
- SymGetTypeInfo (Ordinal: 1279, Address: 0x349e0)
- SymGetTypeInfoEx (Ordinal: 1280, Address: 0x1480a0)
- SymGetUnwindInfo (Ordinal: 1281, Address: 0x1480e0)
- SymInitialize (Ordinal: 1282, Address: 0x30450)
- SymInitializeW (Ordinal: 1283, Address: 0x304a0)
- SymLoadModule64 (Ordinal: 1284, Address: 0x148240)
- SymLoadModule (Ordinal: 1285, Address: 0x148270)
- SymLoadModuleEx (Ordinal: 1286, Address: 0x1482a0)
- SymLoadModuleExW (Ordinal: 1287, Address: 0x38dc0)
- SymMatchFileName (Ordinal: 1288, Address: 0x148350)
- SymMatchFileNameW (Ordinal: 1289, Address: 0x148410)
- SymMatchString (Ordinal: 1290, Address: 0x1484d0)
- SymMatchStringA (Ordinal: 1291, Address: 0x148510)
- SymMatchStringW (Ordinal: 1292, Address: 0x148520)
- SymNext (Ordinal: 1293, Address: 0x148560)
- SymNextW (Ordinal: 1294, Address: 0x1485e0)
- SymPrev (Ordinal: 1295, Address: 0x148600)
- SymPrevW (Ordinal: 1296, Address: 0x148680)
- SymQueryInlineTrace (Ordinal: 1297, Address: 0x1486a0)
- SymRefreshModuleList (Ordinal: 1298, Address: 0x148900)
- SymRegisterCallback64 (Ordinal: 1299, Address: 0x148990)
- SymRegisterCallback (Ordinal: 1300, Address: 0x148a20)
- SymRegisterCallbackW64 (Ordinal: 1301, Address: 0x39f70)
- SymRegisterFunctionEntryCallback64 (Ordinal: 1302, Address: 0x148ab0)
- SymRegisterFunctionEntryCallback (Ordinal: 1303, Address: 0x148b40)
- SymSearch (Ordinal: 1304, Address: 0x148bc0)
- SymSearchW (Ordinal: 1305, Address: 0x148c20)
- SymSetContext (Ordinal: 1306, Address: 0x148c80)
- SymSetExtendedOption (Ordinal: 1307, Address: 0x10ffa0)
- SymSetHomeDirectory (Ordinal: 1308, Address: 0x148ce0)
- SymSetHomeDirectoryW (Ordinal: 1309, Address: 0x148d60)
- SymSetOptions (Ordinal: 1310, Address: 0x2f980)
- SymSetParentWindow (Ordinal: 1311, Address: 0x148dc0)
- SymSetScopeFromAddr (Ordinal: 1312, Address: 0x148df0)
- SymSetScopeFromIndex (Ordinal: 1313, Address: 0x148e10)
- SymSetScopeFromInlineContext (Ordinal: 1314, Address: 0x318a0)
- SymSetSearchPath (Ordinal: 1315, Address: 0x148ea0)
- SymSetSearchPathW (Ordinal: 1316, Address: 0x30720)
- SymSrvDeltaName (Ordinal: 1317, Address: 0x14fc40)
- SymSrvDeltaNameW (Ordinal: 1318, Address: 0x14fce0)
- SymSrvGetFileIndexInfo (Ordinal: 1319, Address: 0x14fe60)
- SymSrvGetFileIndexInfoW (Ordinal: 1320, Address: 0x14ff20)
- SymSrvGetFileIndexString (Ordinal: 1321, Address: 0x150010)
- SymSrvGetFileIndexStringW (Ordinal: 1322, Address: 0x1500c0)
- SymSrvGetFileIndexes (Ordinal: 1323, Address: 0x150160)
- SymSrvGetFileIndexesW (Ordinal: 1324, Address: 0x1501a0)
- SymSrvGetSupplement (Ordinal: 1325, Address: 0x150230)
- SymSrvGetSupplementW (Ordinal: 1326, Address: 0x1502c0)
- SymSrvIsStore (Ordinal: 1327, Address: 0x1503c0)
- SymSrvIsStoreW (Ordinal: 1328, Address: 0x1503f0)
- SymSrvStoreFile (Ordinal: 1329, Address: 0x1504b0)
- SymSrvStoreFileW (Ordinal: 1330, Address: 0x150530)
- SymSrvStoreSupplement (Ordinal: 1331, Address: 0x1505e0)
- SymSrvStoreSupplementW (Ordinal: 1332, Address: 0x150670)
- SymUnDName64 (Ordinal: 1333, Address: 0x148ed0)
- SymUnDName (Ordinal: 1334, Address: 0x148f50)
- SymUnloadModule64 (Ordinal: 1335, Address: 0x39730)
- SymUnloadModule (Ordinal: 1336, Address: 0x148fd0)
- UnDecorateSymbolName (Ordinal: 1337, Address: 0x148ff0)
- UnDecorateSymbolNameW (Ordinal: 1338, Address: 0x149090)
- UnmapDebugInformation (Ordinal: 1339, Address: 0x14bb30)
- WinDbgExtensionDllInit (Ordinal: 1340, Address: 0x3a0d0)
- block (Ordinal: 1341, Address: 0x13dd80)
- chksym (Ordinal: 1342, Address: 0x13df30)
- dbghelp (Ordinal: 1343, Address: 0x149100)
- dh (Ordinal: 1344, Address: 0x13e0d0)
- fptr (Ordinal: 1345, Address: 0x13e0f0)
- homedir (Ordinal: 1346, Address: 0x13e170)
- inlinedbg (Ordinal: 1347, Address: 0x13e290)
- itoldyouso (Ordinal: 1348, Address: 0x13e2f0)
- lmi (Ordinal: 1349, Address: 0x13e490)
- lminfo (Ordinal: 1350, Address: 0x13e740)
- omap (Ordinal: 1351, Address: 0x13e970)
- optdbgdump (Ordinal: 1352, Address: 0x13eb50)
- optdbgdumpaddr (Ordinal: 1353, Address: 0x13ec90)
- srcfiles (Ordinal: 1354, Address: 0x13edc0)
- stack_force_ebp (Ordinal: 1355, Address: 0x13eed0)
- stackdbg (Ordinal: 1356, Address: 0x13f040)
- sym (Ordinal: 1357, Address: 0x13f200)
- symsrv (Ordinal: 1358, Address: 0x13f330)
- vc7fpo (Ordinal: 1359, Address: 0x13f380)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x3192008)
- IsDebuggerPresent (Address: 0x3192000)
- OutputDebugStringA (Address: 0x319200c)
- OutputDebugStringW (Address: 0x3192004)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x3192014)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x319201c)
- SetErrorMode (Address: 0x3192024)
- SetLastError (Address: 0x3192028)
- SetUnhandledExceptionFilter (Address: 0x3192020)
- UnhandledExceptionFilter (Address: 0x319202c)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryA (Address: 0x3192088)
- CreateDirectoryW (Address: 0x319206c)
- CreateFileA (Address: 0x3192070)
- CreateFileW (Address: 0x319207c)
- DeleteFileW (Address: 0x3192060)
- FindClose (Address: 0x3192058)
- FindFirstFileW (Address: 0x3192074)
- FindNextFileW (Address: 0x319205c)
- GetFileAttributesA (Address: 0x3192050)
- GetFileAttributesW (Address: 0x3192080)
- GetFileSize (Address: 0x3192084)
- GetFileSizeEx (Address: 0x3192064)
- GetFileType (Address: 0x319203c)
- GetFullPathNameW (Address: 0x3192078)
- ReadFile (Address: 0x3192068)
- RemoveDirectoryW (Address: 0x3192044)
- SetEndOfFile (Address: 0x3192048)
- SetFileAttributesW (Address: 0x3192038)
- SetFilePointer (Address: 0x3192054)
- SetFilePointerEx (Address: 0x319204c)
- SetFileTime (Address: 0x3192040)
- WriteFile (Address: 0x3192034)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x3192094)
- DuplicateHandle (Address: 0x3192090)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x31920a8)
- HeapAlloc (Address: 0x31920a4)
- HeapFree (Address: 0x319209c)
- HeapReAlloc (Address: 0x31920a0)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x31920b0)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x31920b8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- CreateFileMappingA (Address: 0x31920c0)
api-ms-win-core-libraryloader-l1-1-0.dll
- FreeLibrary (Address: 0x31920e0)
- GetModuleFileNameW (Address: 0x31920d4)
- GetModuleHandleExW (Address: 0x31920cc)
- GetModuleHandleW (Address: 0x31920dc)
- GetProcAddress (Address: 0x31920d0)
- LoadLibraryExA (Address: 0x31920d8)
- LoadLibraryExW (Address: 0x31920c8)
api-ms-win-core-localization-l1-1-0.dll
- LCMapStringEx (Address: 0x31920ec)
- LCMapStringW (Address: 0x31920e8)
api-ms-win-core-localregistry-l1-1-0.dll
- RegCloseKey (Address: 0x31920f8)
- RegEnumKeyExW (Address: 0x3192100)
- RegOpenKeyExW (Address: 0x3192104)
- RegQueryInfoKeyW (Address: 0x31920f4)
- RegQueryValueExW (Address: 0x31920fc)
api-ms-win-core-memory-l1-1-0.dll
- CreateFileMappingW (Address: 0x3192114)
- MapViewOfFile (Address: 0x319211c)
- MapViewOfFileEx (Address: 0x3192124)
- ReadProcessMemory (Address: 0x3192120)
- UnmapViewOfFile (Address: 0x3192118)
- VirtualAlloc (Address: 0x3192110)
- VirtualFree (Address: 0x3192128)
- VirtualProtect (Address: 0x319210c)
api-ms-win-core-misc-l1-1-0.dll
- FormatMessageW (Address: 0x3192134)
- LocalAlloc (Address: 0x3192138)
- Sleep (Address: 0x3192130)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x3192144)
- GetEnvironmentVariableW (Address: 0x3192148)
- SetEnvironmentVariableA (Address: 0x3192140)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x3192170)
- GetCurrentProcessId (Address: 0x3192168)
- GetCurrentThread (Address: 0x3192164)
- GetCurrentThreadId (Address: 0x319215c)
- OpenThreadToken (Address: 0x3192160)
- TerminateProcess (Address: 0x3192154)
- TlsAlloc (Address: 0x319216c)
- TlsFree (Address: 0x3192158)
- TlsGetValue (Address: 0x3192150)
- TlsSetValue (Address: 0x3192174)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x319217c)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x3192184)
api-ms-win-core-string-l1-1-0.dll
- GetStringTypeW (Address: 0x3192190)
- MultiByteToWideChar (Address: 0x3192194)
- WideCharToMultiByte (Address: 0x319218c)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x319219c)
- DeleteCriticalSection (Address: 0x31921ac)
- EnterCriticalSection (Address: 0x31921b4)
- InitializeCriticalSection (Address: 0x31921a0)
- InitializeCriticalSectionAndSpinCount (Address: 0x31921bc)
- InitializeCriticalSectionEx (Address: 0x31921a4)
- LeaveCriticalSection (Address: 0x31921a8)
- OpenProcess (Address: 0x31921b0)
- ReleaseSRWLockExclusive (Address: 0x31921b8)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceExecuteOnce (Address: 0x31921c4)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemDirectoryW (Address: 0x31921e0)
- GetSystemInfo (Address: 0x31921d0)
- GetSystemTime (Address: 0x31921cc)
- GetSystemTimeAsFileTime (Address: 0x31921d8)
- GetTickCount (Address: 0x31921d4)
- GetVersionExA (Address: 0x31921e4)
- GetVersionExW (Address: 0x31921dc)
- SystemTimeToFileTime (Address: 0x31921e8)
api-ms-win-core-util-l1-1-0.dll
- DecodePointer (Address: 0x31921f0)
- EncodePointer (Address: 0x31921f4)
api-ms-win-crt-locale-l1-1-0.dll
- _lock_locales (Address: 0x3192200)
- _unlock_locales (Address: 0x31921fc)
api-ms-win-crt-private-l1-1-0.dll
- __CxxFrameHandler3 (Address: 0x31923a4)
- __std_terminate (Address: 0x3192380)
- __uncaught_exception (Address: 0x3192328)
- __unDName (Address: 0x319239c)
- __unDNameEx (Address: 0x3192390)
- _CxxThrowException (Address: 0x3192330)
- _except_handler4_common (Address: 0x319232c)
- _o____lc_codepage_func (Address: 0x3192374)
- _o____lc_locale_name_func (Address: 0x3192370)
- _o____mb_cur_max_func (Address: 0x319236c)
- _o___acrt_iob_func (Address: 0x3192368)
- _o___pctype_func (Address: 0x3192364)
- _o___std_exception_copy (Address: 0x3192360)
- _o___std_exception_destroy (Address: 0x319235c)
- _o___std_type_info_destroy_list (Address: 0x3192358)
- _o___stdio_common_vfprintf (Address: 0x3192354)
- _o___stdio_common_vsnprintf_s (Address: 0x3192350)
- _o___stdio_common_vsnwprintf_s (Address: 0x319234c)
- _o___stdio_common_vsprintf_s (Address: 0x3192348)
- _o___stdio_common_vsscanf (Address: 0x3192344)
- _o___stdio_common_vswprintf_s (Address: 0x3192340)
- _o__callnewh (Address: 0x319233c)
- _o__calloc_base (Address: 0x3192338)
- _o__cexit (Address: 0x3192334)
- _o__close (Address: 0x3192208)
- _o__configure_narrow_argv (Address: 0x319220c)
- _o__crt_atexit (Address: 0x3192210)
- _o__errno (Address: 0x3192214)
- _o__execute_onexit_table (Address: 0x3192218)
- _o__filelengthi64 (Address: 0x319221c)
- _o__fullpath (Address: 0x3192220)
- _o__initialize_narrow_environment (Address: 0x3192224)
- _o__initialize_onexit_table (Address: 0x3192228)
- _o__invalid_parameter_noinfo (Address: 0x319222c)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x3192230)
- _o__itoa_s (Address: 0x3192234)
- _o__lseeki64 (Address: 0x3192238)
- _o__ltoa (Address: 0x319223c)
- _o__mbscmp (Address: 0x3192240)
- _o__memicmp (Address: 0x3192244)
- _o__open_osfhandle (Address: 0x3192248)
- _o__purecall (Address: 0x319224c)
- _o__read (Address: 0x3192250)
- _o__register_onexit_function (Address: 0x3192254)
- _o__seh_filter_dll (Address: 0x3192258)
- _o__splitpath_s (Address: 0x319225c)
- _o__stricmp (Address: 0x3192260)
- _o__strlwr (Address: 0x3192264)
- _o__strnicmp (Address: 0x319226c)
- _o__wcsdup (Address: 0x3192270)
- _o__wcsicmp (Address: 0x3192274)
- _o__wcslwr (Address: 0x3192278)
- _o__wcsnicmp (Address: 0x319227c)
- _o__wctime32 (Address: 0x3192280)
- _o__wdupenv_s (Address: 0x3192284)
- _o__wfsopen (Address: 0x3192288)
- _o__wfullpath (Address: 0x319228c)
- _o__wgetenv (Address: 0x3192290)
- _o__wmakepath_s (Address: 0x3192294)
- _o__wsplitpath_s (Address: 0x3192298)
- _o__wtoi (Address: 0x319229c)
- _o_abort (Address: 0x31922a0)
- _o_atoi (Address: 0x31922a4)
- _o_atol (Address: 0x31922a8)
- _o_bsearch (Address: 0x31922ac)
- _o_calloc (Address: 0x31922b0)
- _o_fclose (Address: 0x31922b4)
- _o_fflush (Address: 0x31922b8)
- _o_fread (Address: 0x31922bc)
- _o_free (Address: 0x31922c0)
- _o_frexp (Address: 0x31922c4)
- _o_fseek (Address: 0x31922c8)
- _o_ftell (Address: 0x31922cc)
- _o_isspace (Address: 0x31922d0)
- _o_iswprint (Address: 0x31922d4)
- _o_iswspace (Address: 0x31922d8)
- _o_iswxdigit (Address: 0x31922dc)
- _o_localeconv (Address: 0x31922e0)
- _o_malloc (Address: 0x31922e4)
- _o_qsort (Address: 0x31922e8)
- _o_realloc (Address: 0x31922ec)
- _o_setlocale (Address: 0x31922f0)
- _o_strcat_s (Address: 0x31922f4)
- _o_strcpy_s (Address: 0x31922f8)
- _o_strncat_s (Address: 0x31922fc)
- _o_strncpy_s (Address: 0x3192300)
- _o_terminate (Address: 0x3192304)
- _o_tolower (Address: 0x3192308)
- _o_towlower (Address: 0x319230c)
- _o_wcscat_s (Address: 0x3192310)
- _o_wcscpy_s (Address: 0x3192314)
- _o_wcsncat_s (Address: 0x3192318)
- _o_wcsncpy_s (Address: 0x319231c)
- _o_wcstoul (Address: 0x3192320)
- _o_wmemcpy_s (Address: 0x3192324)
- memcmp (Address: 0x3192268)
- memcpy (Address: 0x31923a0)
- memmove (Address: 0x319238c)
- strchr (Address: 0x3192398)
- strrchr (Address: 0x3192394)
- strstr (Address: 0x319237c)
- wcschr (Address: 0x3192388)
- wcsrchr (Address: 0x3192378)
- wcsstr (Address: 0x3192384)
api-ms-win-crt-runtime-l1-1-0.dll
- __doserrno (Address: 0x31923b0)
- _initterm (Address: 0x31923b4)
- _initterm_e (Address: 0x31923ac)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x31923bc)
- strcmp (Address: 0x31923c0)
- strcspn (Address: 0x31923c4)
- strlen (Address: 0x31923d4)
- strncmp (Address: 0x31923d0)
- strnlen (Address: 0x31923cc)
- wcsncmp (Address: 0x31923d8)
- wcsnlen (Address: 0x31923c8)
api-ms-win-crt-time-l1-1-0.dll
- _ctime32 (Address: 0x31923e0)
- _time32 (Address: 0x31923e4)
api-ms-win-downlevel-kernel32-l2-1-0.dll
- LocalFree (Address: 0x31923ec)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x31923f8)
- EventRegister (Address: 0x3192400)
- EventUnregister (Address: 0x31923f4)
- EventWriteTransfer (Address: 0x31923fc)
api-ms-win-security-base-l1-1-0.dll
- AccessCheck (Address: 0x319240c)
- GetFileSecurityW (Address: 0x3192414)
- ImpersonateSelf (Address: 0x3192410)
- RevertToSelf (Address: 0x3192408)
ntdll.dll
- NtQueryInformationProcess (Address: 0x3192430)
- NtQueryObject (Address: 0x319241c)
- RtlCreateQueryDebugBuffer (Address: 0x3192420)
- RtlDestroyQueryDebugBuffer (Address: 0x3192434)
- RtlEqualUnicodeString (Address: 0x3192438)
- RtlQueryProcessDebugInformation (Address: 0x3192424)
- RtlRunOnceExecuteOnce (Address: 0x3192428)
- RtlUTF8ToUnicodeN (Address: 0x319242c)