mscordbi.dll

Description: Microsoft .NET Runtime Debugging Services

Authors: © Microsoft Corporation. All rights reserved.

Version: 4.8.9310.0

Architecture: 32-bit

Operating System: Windows

SHA256: 6205013544452d057f94c2254796c7a1

File Size: 1.2 MB

Uploaded At: Dec. 1, 2025, 7:19 a.m.

Views: 28

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess

Exported Functions

  • CreateCordbObject (Ordinal: 1, Address: 0x1e690)
  • DllGetClassObjectInternal (Ordinal: 2, Address: 0x1e6c0)
  • OpenVirtualProcess2 (Ordinal: 3, Address: 0x1ecf0)
  • OpenVirtualProcess (Ordinal: 4, Address: 0x1ed40)
  • OpenVirtualProcessImpl (Ordinal: 5, Address: 0x1ea60)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x1011e03c)
  • CopySid (Address: 0x1011e00c)
  • DeregisterEventSource (Address: 0x1011e048)
  • EqualSid (Address: 0x1011e004)
  • EventWrite (Address: 0x1011e02c)
  • GetKernelObjectSecurity (Address: 0x1011e014)
  • GetLengthSid (Address: 0x1011e01c)
  • GetSecurityDescriptorOwner (Address: 0x1011e010)
  • GetSidSubAuthority (Address: 0x1011e018)
  • GetSidSubAuthorityCount (Address: 0x1011e050)
  • GetTokenInformation (Address: 0x1011e028)
  • LookupPrivilegeValueW (Address: 0x1011e044)
  • OpenProcessToken (Address: 0x1011e040)
  • OpenThreadToken (Address: 0x1011e024)
  • RegCloseKey (Address: 0x1011e030)
  • RegisterEventSourceW (Address: 0x1011e000)
  • RegOpenKeyExW (Address: 0x1011e034)
  • RegQueryValueExW (Address: 0x1011e038)
  • ReportEventW (Address: 0x1011e008)
  • RevertToSelf (Address: 0x1011e04c)
  • SetThreadToken (Address: 0x1011e020)
KERNEL32.dll
  • ActivateActCtx (Address: 0x1011e160)
  • CloseHandle (Address: 0x1011e23c)
  • ContinueDebugEvent (Address: 0x1011e258)
  • CreateActCtxW (Address: 0x1011e15c)
  • CreateEventW (Address: 0x1011e234)
  • CreateFileMappingW (Address: 0x1011e074)
  • CreateFileW (Address: 0x1011e06c)
  • CreateMutexW (Address: 0x1011e134)
  • CreateProcessW (Address: 0x1011e118)
  • CreateSemaphoreW (Address: 0x1011e148)
  • CreateThread (Address: 0x1011e208)
  • CreateToolhelp32Snapshot (Address: 0x1011e084)
  • DeactivateActCtx (Address: 0x1011e168)
  • DebugActiveProcess (Address: 0x1011e0a0)
  • DebugBreak (Address: 0x1011e0dc)
  • DecodePointer (Address: 0x1011e17c)
  • DeleteCriticalSection (Address: 0x1011e24c)
  • DuplicateHandle (Address: 0x1011e20c)
  • EncodePointer (Address: 0x1011e178)
  • EnterCriticalSection (Address: 0x1011e240)
  • ExitProcess (Address: 0x1011e198)
  • FindClose (Address: 0x1011e0f0)
  • FindFirstFileExA (Address: 0x1011e1c4)
  • FindNextFileA (Address: 0x1011e1c8)
  • FlushFileBuffers (Address: 0x1011e1b0)
  • FlushInstructionCache (Address: 0x1011e21c)
  • FormatMessageW (Address: 0x1011e108)
  • FreeEnvironmentStringsW (Address: 0x1011e0e4)
  • FreeLibrary (Address: 0x1011e05c)
  • GetACP (Address: 0x1011e104)
  • GetCommandLineA (Address: 0x1011e1d4)
  • GetCommandLineW (Address: 0x1011e1d8)
  • GetConsoleCP (Address: 0x1011e1b8)
  • GetConsoleMode (Address: 0x1011e1bc)
  • GetCPInfo (Address: 0x1011e100)
  • GetCurrentProcess (Address: 0x1011e220)
  • GetCurrentProcessId (Address: 0x1011e0ac)
  • GetCurrentThread (Address: 0x1011e0f8)
  • GetCurrentThreadId (Address: 0x1011e224)
  • GetEnvironmentStringsW (Address: 0x1011e0e8)
  • GetEnvironmentVariableW (Address: 0x1011e0e0)
  • GetFileAttributesExW (Address: 0x1011e1f8)
  • GetFileSize (Address: 0x1011e070)
  • GetFileType (Address: 0x1011e1a8)
  • GetLastError (Address: 0x1011e22c)
  • GetModuleFileNameA (Address: 0x1011e1a0)
  • GetModuleFileNameW (Address: 0x1011e098)
  • GetModuleHandleExW (Address: 0x1011e19c)
  • GetModuleHandleW (Address: 0x1011e218)
  • GetOEMCP (Address: 0x1011e1d0)
  • GetProcAddress (Address: 0x1011e250)
  • GetProcessHeap (Address: 0x1011e0c8)
  • GetStartupInfoW (Address: 0x1011e194)
  • GetStdHandle (Address: 0x1011e1a4)
  • GetStringTypeW (Address: 0x1011e1ac)
  • GetSystemInfo (Address: 0x1011e0d0)
  • GetSystemTimeAsFileTime (Address: 0x1011e0bc)
  • GetThreadContext (Address: 0x1011e204)
  • GetWindowsDirectoryW (Address: 0x1011e16c)
  • HeapAlloc (Address: 0x1011e0c4)
  • HeapCreate (Address: 0x1011e11c)
  • HeapDestroy (Address: 0x1011e144)
  • HeapFree (Address: 0x1011e0c0)
  • HeapReAlloc (Address: 0x1011e1ec)
  • HeapSize (Address: 0x1011e1e8)
  • HeapValidate (Address: 0x1011e138)
  • InitializeCriticalSection (Address: 0x1011e238)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1011e1c0)
  • InitializeSListHead (Address: 0x1011e190)
  • InterlockedFlushSList (Address: 0x1011e1f0)
  • IsDBCSLeadByte (Address: 0x1011e10c)
  • IsDebuggerPresent (Address: 0x1011e174)
  • IsProcessorFeaturePresent (Address: 0x1011e188)
  • IsValidCodePage (Address: 0x1011e1cc)
  • IsWow64Process (Address: 0x1011e0b0)
  • LCMapStringW (Address: 0x1011e114)
  • LeaveCriticalSection (Address: 0x1011e244)
  • LoadLibraryExW (Address: 0x1011e058)
  • LocalFree (Address: 0x1011e110)
  • MapViewOfFile (Address: 0x1011e078)
  • Module32FirstW (Address: 0x1011e090)
  • Module32NextW (Address: 0x1011e094)
  • MultiByteToWideChar (Address: 0x1011e0f4)
  • OpenFileMappingW (Address: 0x1011e1f4)
  • OpenProcess (Address: 0x1011e060)
  • OpenThread (Address: 0x1011e0a8)
  • OutputDebugStringW (Address: 0x1011e0d8)
  • QueryPerformanceCounter (Address: 0x1011e18c)
  • RaiseException (Address: 0x1011e0cc)
  • ReadFile (Address: 0x1011e200)
  • ReadProcessMemory (Address: 0x1011e068)
  • ReleaseActCtx (Address: 0x1011e170)
  • ReleaseMutex (Address: 0x1011e064)
  • ReleaseSemaphore (Address: 0x1011e25c)
  • ResetEvent (Address: 0x1011e228)
  • ResumeThread (Address: 0x1011e210)
  • SetErrorMode (Address: 0x1011e260)
  • SetEvent (Address: 0x1011e230)
  • SetFilePointer (Address: 0x1011e1fc)
  • SetFilePointerEx (Address: 0x1011e1e0)
  • SetLastError (Address: 0x1011e0b8)
  • SetStdHandle (Address: 0x1011e1dc)
  • SetThreadContext (Address: 0x1011e12c)
  • SetUnhandledExceptionFilter (Address: 0x1011e184)
  • Sleep (Address: 0x1011e080)
  • SleepEx (Address: 0x1011e14c)
  • SuspendThread (Address: 0x1011e214)
  • SwitchToThread (Address: 0x1011e0fc)
  • TerminateProcess (Address: 0x1011e164)
  • Thread32First (Address: 0x1011e088)
  • Thread32Next (Address: 0x1011e08c)
  • TlsAlloc (Address: 0x1011e140)
  • TlsFree (Address: 0x1011e154)
  • TlsGetValue (Address: 0x1011e150)
  • TlsSetValue (Address: 0x1011e120)
  • UnhandledExceptionFilter (Address: 0x1011e180)
  • UnmapViewOfFile (Address: 0x1011e07c)
  • VerifyVersionInfoW (Address: 0x1011e0d4)
  • VirtualAlloc (Address: 0x1011e130)
  • VirtualFree (Address: 0x1011e128)
  • VirtualProtect (Address: 0x1011e124)
  • VirtualQuery (Address: 0x1011e158)
  • VirtualQueryEx (Address: 0x1011e09c)
  • WaitForDebugEvent (Address: 0x1011e0a4)
  • WaitForMultipleObjectsEx (Address: 0x1011e248)
  • WaitForSingleObject (Address: 0x1011e254)
  • WaitForSingleObjectEx (Address: 0x1011e13c)
  • WideCharToMultiByte (Address: 0x1011e0ec)
  • WriteConsoleW (Address: 0x1011e1e4)
  • WriteFile (Address: 0x1011e1b4)
  • WriteProcessMemory (Address: 0x1011e0b4)
ntdll.dll
  • RtlUnwind (Address: 0x1011e294)
  • VerSetConditionMask (Address: 0x1011e298)
ole32.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x1011e2ac)
  • CoCreateGuid (Address: 0x1011e2b0)
  • CoTaskMemAlloc (Address: 0x1011e2b4)
  • CoTaskMemFree (Address: 0x1011e2a4)
  • CreateStreamOnHGlobal (Address: 0x1011e2a8)
  • IIDFromString (Address: 0x1011e2a0)
OLEAUT32.dll
  • CreateErrorInfo (Address: 0x1011e270)
  • SetErrorInfo (Address: 0x1011e26c)
  • VariantInit (Address: 0x1011e268)
USER32.dll
  • GetProcessWindowStation (Address: 0x1011e27c)
  • GetUserObjectInformationW (Address: 0x1011e278)
  • LoadStringW (Address: 0x1011e280)
WTSAPI32.dll
  • WTSEnumerateProcessesW (Address: 0x1011e28c)
  • WTSFreeMemory (Address: 0x1011e288)