tdh.dll

Description: Event Trace Helper Library

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5915

Architecture: 32-bit

Operating System: Windows NT

SHA256: 4fa92338371d4a002d00237b55b67d3e

File Size: 866.0 KB

Uploaded At: Dec. 1, 2025, 8:05 a.m.

Views: 6

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x75e40)
  • DllGetClassObject (Ordinal: 2, Address: 0x75e60)
  • TdhAggregatePayloadFilters (Ordinal: 3, Address: 0xa1950)
  • TdhApplyPayloadFilter (Ordinal: 4, Address: 0xa2520)
  • TdhCleanupPayloadEventFilterDescriptor (Ordinal: 5, Address: 0xa19a0)
  • TdhCloseDecodingHandle (Ordinal: 6, Address: 0xa3aa0)
  • TdhCreatePayloadFilter (Ordinal: 7, Address: 0xa1a00)
  • TdhDeletePayloadFilter (Ordinal: 8, Address: 0xa1a40)
  • TdhEnumerateManifestProviderEvents (Ordinal: 9, Address: 0x76ad0)
  • TdhEnumerateProviderFieldInformation (Ordinal: 10, Address: 0x76b10)
  • TdhEnumerateProviderFilters (Ordinal: 11, Address: 0xa1a90)
  • TdhEnumerateProviders (Ordinal: 12, Address: 0x76be0)
  • TdhEnumerateRemoteWBEMProviderFieldInformation (Ordinal: 13, Address: 0xa3160)
  • TdhEnumerateRemoteWBEMProviders (Ordinal: 14, Address: 0xa3220)
  • TdhFormatProperty (Ordinal: 15, Address: 0x76d20)
  • TdhGetAllEventsInformation (Ordinal: 16, Address: 0xa1af0)
  • TdhGetDecodingParameter (Ordinal: 17, Address: 0xa3ac0)
  • TdhGetEventInformation (Ordinal: 18, Address: 0x76ea0)
  • TdhGetEventMapInformation (Ordinal: 19, Address: 0x76fd0)
  • TdhGetManifestEventInformation (Ordinal: 20, Address: 0x77040)
  • TdhGetProperty (Ordinal: 21, Address: 0x77090)
  • TdhGetPropertyOffsetAndSize (Ordinal: 22, Address: 0xa1b50)
  • TdhGetPropertySize (Ordinal: 23, Address: 0x77200)
  • TdhGetWppMessage (Ordinal: 24, Address: 0xa3b30)
  • TdhGetWppProperty (Ordinal: 25, Address: 0xa3b60)
  • TdhLoadManifest (Ordinal: 26, Address: 0x77360)
  • TdhLoadManifestFromBinary (Ordinal: 27, Address: 0xa1bc0)
  • TdhLoadManifestFromMemory (Ordinal: 28, Address: 0x773a0)
  • TdhOpenDecodingHandle (Ordinal: 29, Address: 0xa3be0)
  • TdhQueryProviderFieldInformation (Ordinal: 30, Address: 0x773d0)
  • TdhQueryRemoteWBEMProviderFieldInformation (Ordinal: 31, Address: 0xa3360)
  • TdhSetDecodingParameter (Ordinal: 32, Address: 0xa3c60)
  • TdhUnloadManifest (Ordinal: 33, Address: 0x774c0)
  • TdhUnloadManifestFromMemory (Ordinal: 34, Address: 0x77500)
  • TdhValidatePayloadFilter (Ordinal: 35, Address: 0xa2cf0)

Imported DLLs & Functions

api-ms-win-core-datetime-l1-1-0.dll
  • GetDateFormatW (Address: 0x100d100c)
  • GetTimeFormatW (Address: 0x100d1008)
api-ms-win-core-debug-l1-1-0.dll
  • IsDebuggerPresent (Address: 0x100d1014)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x100d101c)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x100d1024)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x100d1030)
  • RaiseException (Address: 0x100d103c)
  • SetLastError (Address: 0x100d102c)
  • SetUnhandledExceptionFilter (Address: 0x100d1038)
  • UnhandledExceptionFilter (Address: 0x100d1034)
api-ms-win-core-file-l1-1-0.dll
  • CreateFileW (Address: 0x100d104c)
  • FileTimeToLocalFileTime (Address: 0x100d1058)
  • FindFirstVolumeW (Address: 0x100d1044)
  • FindNextVolumeW (Address: 0x100d1060)
  • FindVolumeClose (Address: 0x100d1054)
  • GetFileSize (Address: 0x100d105c)
  • GetFileTime (Address: 0x100d1048)
  • QueryDosDeviceW (Address: 0x100d1050)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x100d1068)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x100d1078)
  • HeapAlloc (Address: 0x100d1074)
  • HeapFree (Address: 0x100d1070)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x100d1084)
  • LocalFree (Address: 0x100d1080)
api-ms-win-core-interlocked-l1-1-0.dll
  • InitializeSListHead (Address: 0x100d1094)
  • InterlockedFlushSList (Address: 0x100d1090)
  • InterlockedPopEntrySList (Address: 0x100d1098)
  • InterlockedPushEntrySList (Address: 0x100d108c)
api-ms-win-core-libraryloader-l1-2-0.dll
  • FindResourceExW (Address: 0x100d10c8)
  • FreeLibrary (Address: 0x100d10b4)
  • FreeResource (Address: 0x100d10c0)
  • GetModuleFileNameW (Address: 0x100d10ac)
  • GetModuleHandleW (Address: 0x100d10a4)
  • GetProcAddress (Address: 0x100d10b0)
  • LoadLibraryExW (Address: 0x100d10b8)
  • LoadResource (Address: 0x100d10a8)
  • LoadStringW (Address: 0x100d10a0)
  • LockResource (Address: 0x100d10c4)
  • SizeofResource (Address: 0x100d10bc)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x100d10d0)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x100d10dc)
  • MapViewOfFile (Address: 0x100d10e0)
  • UnmapViewOfFile (Address: 0x100d10d8)
api-ms-win-core-processenvironment-l1-1-0.dll
  • ExpandEnvironmentStringsW (Address: 0x100d10f8)
  • GetCurrentDirectoryW (Address: 0x100d10ec)
  • GetEnvironmentVariableA (Address: 0x100d10f4)
  • GetEnvironmentVariableW (Address: 0x100d10e8)
  • SearchPathW (Address: 0x100d10f0)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x100d1100)
  • GetCurrentProcessId (Address: 0x100d110c)
  • GetCurrentThreadId (Address: 0x100d1108)
  • TerminateProcess (Address: 0x100d1104)
api-ms-win-core-processthreads-l1-1-1.dll
  • IsProcessorFeaturePresent (Address: 0x100d1114)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x100d111c)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x100d1134)
  • RegEnumKeyExW (Address: 0x100d1128)
  • RegOpenKeyExW (Address: 0x100d1130)
  • RegQueryInfoKeyW (Address: 0x100d1124)
  • RegQueryValueExW (Address: 0x100d112c)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x100d1140)
  • MultiByteToWideChar (Address: 0x100d1144)
  • WideCharToMultiByte (Address: 0x100d113c)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x100d117c)
  • AcquireSRWLockShared (Address: 0x100d1174)
  • CreateEventW (Address: 0x100d1170)
  • DeleteCriticalSection (Address: 0x100d114c)
  • EnterCriticalSection (Address: 0x100d1158)
  • InitializeCriticalSection (Address: 0x100d1150)
  • InitializeCriticalSectionAndSpinCount (Address: 0x100d1168)
  • InitializeCriticalSectionEx (Address: 0x100d116c)
  • LeaveCriticalSection (Address: 0x100d1154)
  • ReleaseSRWLockExclusive (Address: 0x100d1180)
  • ReleaseSRWLockShared (Address: 0x100d1178)
  • ResetEvent (Address: 0x100d1160)
  • SetEvent (Address: 0x100d1164)
  • WaitForSingleObjectEx (Address: 0x100d115c)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x100d1188)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x100d1190)
api-ms-win-core-timezone-l1-1-0.dll
  • FileTimeToSystemTime (Address: 0x100d1198)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x100d11a8)
  • Wow64DisableWow64FsRedirection (Address: 0x100d11a4)
  • Wow64RevertWow64FsRedirection (Address: 0x100d11a0)
api-ms-win-crt-private-l1-1-0.dll
  • __CxxFrameHandler3 (Address: 0x100d12a0)
  • __std_terminate (Address: 0x100d129c)
  • _CxxThrowException (Address: 0x100d125c)
  • _except_handler4_common (Address: 0x100d1258)
  • _o___acrt_iob_func (Address: 0x100d1290)
  • _o___std_exception_copy (Address: 0x100d127c)
  • _o___std_exception_destroy (Address: 0x100d1278)
  • _o___std_type_info_destroy_list (Address: 0x100d1274)
  • _o___stdio_common_vfprintf (Address: 0x100d1270)
  • _o___stdio_common_vsnwprintf_s (Address: 0x100d126c)
  • _o___stdio_common_vsprintf (Address: 0x100d1268)
  • _o___stdio_common_vsprintf_s (Address: 0x100d1264)
  • _o___stdio_common_vswprintf (Address: 0x100d1260)
  • _o___stdio_common_vswscanf (Address: 0x100d12a4)
  • _o__callnewh (Address: 0x100d11b0)
  • _o__cexit (Address: 0x100d11b4)
  • _o__configure_narrow_argv (Address: 0x100d11b8)
  • _o__crt_atexit (Address: 0x100d11bc)
  • _o__errno (Address: 0x100d11c0)
  • _o__execute_onexit_table (Address: 0x100d11c4)
  • _o__initialize_narrow_environment (Address: 0x100d11c8)
  • _o__initialize_onexit_table (Address: 0x100d11cc)
  • _o__invalid_parameter_noinfo_noreturn (Address: 0x100d11d0)
  • _o__purecall (Address: 0x100d11d4)
  • _o__register_onexit_function (Address: 0x100d11d8)
  • _o__resetstkoflw (Address: 0x100d11dc)
  • _o__seh_filter_dll (Address: 0x100d11e0)
  • _o__splitpath_s (Address: 0x100d11e4)
  • _o__wcsicmp (Address: 0x100d11ec)
  • _o__wcsnicmp (Address: 0x100d11f0)
  • _o__wcstoi64 (Address: 0x100d11f4)
  • _o__wcstoui64 (Address: 0x100d11f8)
  • _o__wfopen (Address: 0x100d11fc)
  • _o__wsplitpath_s (Address: 0x100d1200)
  • _o__wtoi (Address: 0x100d1204)
  • _o_ceil (Address: 0x100d1208)
  • _o_fclose (Address: 0x100d120c)
  • _o_fgets (Address: 0x100d1210)
  • _o_fgetws (Address: 0x100d1214)
  • _o_fopen (Address: 0x100d1218)
  • _o_fputs (Address: 0x100d121c)
  • _o_free (Address: 0x100d1220)
  • _o_isdigit (Address: 0x100d1224)
  • _o_iswspace (Address: 0x100d1228)
  • _o_iswxdigit (Address: 0x100d122c)
  • _o_malloc (Address: 0x100d1230)
  • _o_memcpy_s (Address: 0x100d1234)
  • _o_strcpy_s (Address: 0x100d1238)
  • _o_strncpy_s (Address: 0x100d123c)
  • _o_terminate (Address: 0x100d1240)
  • _o_towlower (Address: 0x100d1244)
  • _o_wcscpy_s (Address: 0x100d1248)
  • _o_wcstok_s (Address: 0x100d124c)
  • _o_wcstol (Address: 0x100d1250)
  • _o_wcstoul (Address: 0x100d1254)
  • memcmp (Address: 0x100d12a8)
  • memcpy (Address: 0x100d12ac)
  • memmove (Address: 0x100d11e8)
  • strchr (Address: 0x100d1288)
  • strrchr (Address: 0x100d128c)
  • strstr (Address: 0x100d1284)
  • wcschr (Address: 0x100d1298)
  • wcsrchr (Address: 0x100d1280)
  • wcsstr (Address: 0x100d1294)
api-ms-win-crt-runtime-l1-1-0.dll
  • _initterm (Address: 0x100d12b8)
  • _initterm_e (Address: 0x100d12b4)
api-ms-win-crt-string-l1-1-0.dll
  • memset (Address: 0x100d12d4)
  • strncmp (Address: 0x100d12c0)
  • strnlen (Address: 0x100d12cc)
  • wcscspn (Address: 0x100d12d8)
  • wcsncmp (Address: 0x100d12d0)
  • wcsnlen (Address: 0x100d12c4)
  • wcsspn (Address: 0x100d12c8)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x100d12f0)
  • GetTraceEnableLevel (Address: 0x100d12f4)
  • GetTraceLoggerHandle (Address: 0x100d12ec)
  • RegisterTraceGuidsW (Address: 0x100d12f8)
  • TraceEvent (Address: 0x100d12e0)
  • TraceMessage (Address: 0x100d12e8)
  • UnregisterTraceGuids (Address: 0x100d12e4)
api-ms-win-eventing-consumer-l1-1-0.dll
  • CloseTrace (Address: 0x100d1304)
  • OpenTraceW (Address: 0x100d1308)
  • ProcessTrace (Address: 0x100d1300)
api-ms-win-eventing-controller-l1-1-0.dll
  • StartTraceW (Address: 0x100d1314)
  • StopTraceW (Address: 0x100d1310)
api-ms-win-security-base-l1-1-0.dll
  • GetLengthSid (Address: 0x100d131c)
api-ms-win-security-lsalookup-l1-1-0.dll
  • LookupAccountSidLocalW (Address: 0x100d1324)
msvcp_win.dll
  • ?_Xlength_error@std@@YAXPBD@Z (Address: 0x100d132c)
  • ?_Xout_of_range@std@@YAXPBD@Z (Address: 0x100d1330)
ntdll.dll
  • RtlAcquireSRWLockExclusive (Address: 0x100d1340)
  • RtlAcquireSRWLockShared (Address: 0x100d1344)
  • RtlEthernetAddressToStringW (Address: 0x100d1358)
  • RtlGUIDFromString (Address: 0x100d134c)
  • RtlInitializeSRWLock (Address: 0x100d1338)
  • RtlIpv4AddressToStringExW (Address: 0x100d1354)
  • RtlIpv6AddressToStringExW (Address: 0x100d1364)
  • RtlIpv6AddressToStringW (Address: 0x100d135c)
  • RtlLengthRequiredSid (Address: 0x100d1360)
  • RtlReleaseSRWLockExclusive (Address: 0x100d133c)
  • RtlReleaseSRWLockShared (Address: 0x100d1348)
  • RtlSubAuthorityCountSid (Address: 0x100d1350)
SECHOST.dll
  • EtwQueryRealtimeConsumer (Address: 0x100d1000)