| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2090-Jul-25 04:10:42 |
| Detected languages |
English - United States
|
| Debug artifacts |
twinui.pcshell.pdb
|
| CompanyName | Microsoft Corporation |
| FileDescription | Twinui.PCShell |
| FileVersion | 10.0.19041.7058 (WinBuild.160101.0800) |
| InternalName | Twinui.PCShell.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | Twinui.PCShell.dll |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.7058 |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Safe | VirusTotal score: 0/72 (Scanned on 2026-03-10 21:11:13) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xf8 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2090-Jul-25 04:10:42 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x4f6c00 |
| SizeOfInitializedData | 0x1b9400 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000000000008F9E0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | A.0 |
| ImageVersion | A.0 |
| SubsystemVersion | A.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x6b4000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x6ac623 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x40000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| api-ms-win-crt-runtime-l1-1-0.dll |
_initterm
_initterm_e |
|---|---|
| api-ms-win-crt-private-l1-1-0.dll |
_o__unlock_file
_o__wcsicmp _o__wcsnicmp _o__wtof _o__wtol _o_ceil _o_fclose _o_fflush _o_fgetc _o_fgetpos _o_fputc _o_fread _o_free _o_fsetpos _o_fwrite _o_iswspace _o_malloc _o_memcpy_s _o_pow _o_realloc _o_setvbuf _o_sqrt _o_terminate _o_toupper _o_towlower _o_ungetc _o_wcscat_s _o_wcscpy_s _o_wcstod _o_wcstok_s _o_wcstol _o_wcstoul __C_specific_handler __CxxFrameHandler3 _CxxThrowException _o__set_errno _o__seh_filter_dll _o__register_onexit_function _o__purecall wcsrchr wcsstr wcschr memcpy memmove memcmp _o__lock_file _o__itow_s _o__invalid_parameter_noinfo_noreturn _o__invalid_parameter_noinfo _o__initialize_onexit_table _o__initialize_narrow_environment _o__get_stream_buffer_pointers _o__get_errno _o__fseeki64 _o__execute_onexit_table _o__errno _o__crt_atexit _o__configure_narrow_argv _o__cexit _o__callnewh _o___stdio_common_vswscanf _o___stdio_common_vswprintf_s _o___stdio_common_vswprintf _o___stdio_common_vsnprintf_s _o___std_type_info_destroy_list _o___std_exception_destroy _o___std_exception_copy _o____lc_codepage_func __std_terminate __CxxFrameHandler4 |
| api-ms-win-crt-string-l1-1-0.dll |
memset
wcscspn wcscmp wcsnlen _wcsrev wcslen wcsncpy |
| api-ms-win-core-libraryloader-l1-2-0.dll |
LoadStringW
DisableThreadLibraryCalls GetProcAddress FreeLibrary GetModuleFileNameA LockResource GetModuleHandleExW GetModuleFileNameW FindResourceExW LoadLibraryExW FindStringOrdinal GetModuleHandleW LoadResource |
| api-ms-win-core-synch-l1-2-0.dll |
InitOnceComplete
InitOnceBeginInitialize Sleep WakeByAddressAll WaitOnAddress InitOnceExecuteOnce |
| api-ms-win-core-synch-l1-1-0.dll |
SetEvent
InitializeSRWLock CreateSemaphoreExW ReleaseSRWLockExclusive TryEnterCriticalSection ReleaseSemaphore OpenEventW InitializeCriticalSectionAndSpinCount DeleteCriticalSection ResetEvent ReleaseMutex ReleaseSRWLockShared OpenMutexW WaitForSingleObject EnterCriticalSection InitializeCriticalSectionEx LeaveCriticalSection TryAcquireSRWLockShared AcquireSRWLockExclusive CreateEventExW WaitForSingleObjectEx CreateMutexExW AcquireSRWLockShared CreateEventW WaitForMultipleObjectsEx TryAcquireSRWLockExclusive InitializeCriticalSection OpenSemaphoreW |
| api-ms-win-core-heap-l1-1-0.dll |
HeapReAlloc
GetProcessHeap HeapFree HeapAlloc |
| api-ms-win-core-errorhandling-l1-1-0.dll |
UnhandledExceptionFilter
RaiseException SetUnhandledExceptionFilter SetLastError GetLastError |
| api-ms-win-core-winrt-string-l1-1-0.dll |
WindowsConcatString
WindowsCompareStringOrdinal WindowsCreateStringReference WindowsDeleteString WindowsCreateString WindowsDuplicateString WindowsGetStringRawBuffer WindowsIsStringEmpty WindowsDeleteStringBuffer WindowsStringHasEmbeddedNull WindowsGetStringLen WindowsPreallocateStringBuffer WindowsPromoteStringBuffer WindowsSubstringWithSpecifiedLength |
| api-ms-win-core-com-l1-1-0.dll |
CoEnableCallCancellation
CoGetMalloc CoGetCallerTID CoUninitialize CoDecrementMTAUsage CoRevokeClassObject CoRegisterClassObject StringFromGUID2 CoIncrementMTAUsage CoInitializeEx CoDisableCallCancellation CoReleaseMarshalData CoTaskMemRealloc IIDFromString CoGetInterfaceAndReleaseStream CoGetObjectContext CoGetCallContext CoGetApartmentType CoCreateGuid CoWaitForMultipleHandles CoWaitForMultipleObjects CoCancelCall CoGetStdMarshalEx PropVariantClear StringFromCLSID CoGetContextToken CreateStreamOnHGlobal CLSIDFromString CoTaskMemFree CoTaskMemAlloc CoMarshalInterface CoMarshalInterThreadInterfaceInStream CoCreateFreeThreadedMarshaler CoCreateInstance |
| api-ms-win-eventing-provider-l1-1-0.dll |
EventSetInformation
EventEnabled EventWrite EventActivityIdControl EventUnregister EventRegister EventWriteTransfer EventProviderEnabled |
| api-ms-win-core-util-l1-1-0.dll |
EncodePointer
DecodePointer |
| api-ms-win-core-threadpool-l1-2-0.dll |
FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback CreateThreadpoolWait CreateThreadpoolTimer WaitForThreadpoolIoCallbacks CancelThreadpoolIo DisassociateCurrentThreadFromCallback SetThreadpoolTimer CloseThreadpoolIo SetThreadpoolWait StartThreadpoolIo CloseThreadpoolTimer CreateThreadpoolWork WaitForThreadpoolWaitCallbacks CloseThreadpoolWait CloseThreadpoolWork SubmitThreadpoolWork WaitForThreadpoolTimerCallbacks IsThreadpoolTimerSet CreateThreadpoolIo |
| api-ms-win-core-processthreads-l1-1-0.dll |
TerminateProcess
GetThreadPriority OpenThreadToken CreateThread GetProcessTimes OpenThread GetCurrentProcessId GetCurrentThread ProcessIdToSessionId GetCurrentProcess SetThreadPriority GetProcessId GetCurrentThreadId OpenProcessToken |
| api-ms-win-core-winrt-error-l1-1-0.dll |
RoOriginateErrorW
RoOriginateError GetRestrictedErrorInfo RoTransformError SetRestrictedErrorInfo RoFailFastWithErrorContext |
| api-ms-win-core-localization-l1-2-0.dll |
GetThreadUILanguage
GetLocaleInfoW FormatMessageW GetUserPreferredUILanguages |
| api-ms-win-core-debug-l1-1-0.dll |
OutputDebugStringW
DebugBreak IsDebuggerPresent |
| api-ms-win-core-handle-l1-1-0.dll |
DuplicateHandle
CloseHandle |
| api-ms-win-core-rtlsupport-l1-1-0.dll |
RtlLookupFunctionEntry
RtlCaptureContext RtlVirtualUnwind |
| api-ms-win-core-processthreads-l1-1-1.dll |
OpenProcess
GetProcessMitigationPolicy IsProcessorFeaturePresent |
| api-ms-win-core-profile-l1-1-0.dll |
QueryPerformanceCounter
QueryPerformanceFrequency |
| api-ms-win-core-sysinfo-l1-1-0.dll |
GetTickCount
GetTickCount64 GetVersionExW GetSystemTime GetSystemTimeAsFileTime |
| api-ms-win-core-interlocked-l1-1-0.dll |
InterlockedPushEntrySList
InitializeSListHead |
| USER32.dll |
#2631
#2632 #2629 #2628 #2630 GetDpiForWindow #2561 DestroyIcon CopyImage GetClassInfoW RegisterClassExW #2627 #2537 #2511 RegisterClassW #2556 #2563 GetCursorInfo SetFocus #2540 #2510 DrawIconEx RegisterTouchHitTestingWindow #2509 CopyIcon CreateWindowExW GetKeyboardLayout CreateIconIndirect ReleaseDC GetIconInfo GetDC GetPhysicalCursorPos GetWindowCompositionInfo CalculatePopupWindowPosition GetAsyncKeyState GetClassLongPtrW GetSysColor LoadIconW GetPropA UnregisterHotKey RegisterHotKey SetCursor LoadCursorW GetClassLongW ChangeWindowMessageFilterEx DeleteMenu #2521 GetMenuItemInfoW GetSystemMenu GetMenuInfo InsertMenuW InternalGetWindowText SetMenuInfo SetMenuItemInfoW IsWindowArranged GetWindowMinimizeRect GetKeyState DestroyMenu GetMenuItemCount TrackPopupMenu |
| msvcp_win.dll |
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z ?setf@ios_base@std@@QEAAHHH@Z ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ ??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ ?_Xbad_function_call@std@@YAXXZ ?_Xlength_error@std@@YAXPEBD@Z ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ ?good@ios_base@std@@QEBA_NXZ ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?_Xout_of_range@std@@YAXPEBD@Z ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ _Cnd_wait ??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z ??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?flags@ios_base@std@@QEBAHXZ ?uncaught_exception@std@@YA_NXZ ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z ?width@ios_base@std@@QEAA_J_J@Z ?width@ios_base@std@@QEBA_JXZ ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ ?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A ?always_noconv@codecvt_base@std@@QEBA_NXZ ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z ?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ??Bid@locale@std@@QEAA_KXZ ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ ??0_Lockit@std@@QEAA@H@Z ??1_Lockit@std@@QEAA@XZ ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Winerror_message@std@@YAKKPEADK@Z ?_Winerror_map@std@@YAHH@Z ?_Syserror_map@std@@YAPEBDH@Z _Query_perf_counter _Query_perf_frequency ?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z ?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z ?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z ?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ ?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ ?_ReportUnobservedException@details@Concurrency@@YAXXZ ?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z ??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z ?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z ?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ ?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ ?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z _Cnd_broadcast ?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ _Cnd_destroy_in_situ _Cnd_init_in_situ ?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z ?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z _Mtx_unlock ?_Throw_C_error@std@@YAXH@Z _Mtx_lock _Mtx_init_in_situ _Mtx_destroy_in_situ ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z ??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z ?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@_JH@Z ?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ ?__ExceptionPtrCurrentException@@YAXPEAX@Z ?__ExceptionPtrAssign@@YAXPEAXPEBX@Z ?_XGetLastError@std@@YAXXZ ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z ?__ExceptionPtrRethrow@@YAXPEBX@Z ?__ExceptionPtrToBool@@YA_NPEBX@Z ?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z ?__ExceptionPtrDestroy@@YAXPEAX@Z ?__ExceptionPtrCreate@@YAXPEAX@Z |
| api-ms-win-core-sidebyside-l1-1-0.dll |
ReleaseActCtx
DeactivateActCtx CreateActCtxW ActivateActCtx |
| api-ms-win-core-registry-l1-1-0.dll |
RegOpenCurrentUser
RegOpenKeyExW RegSetValueExW RegGetKeySecurity RegSetKeySecurity RegDeleteTreeW RegDeleteValueW RegEnumValueW RegQueryInfoKeyW RegEnumKeyExW RegQueryValueExW RegNotifyChangeKeyValue RegGetValueW RegCloseKey RegCreateKeyExW |
| api-ms-win-shcore-taskpool-l1-1-0.dll |
SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask SHTaskPoolGetUniqueContext |
| ntdll.dll |
NtQueryInformationProcess
RtlPublishWnfStateData NtQueryWnfStateData RtlUnsubscribeWnfNotificationWaitForCompletion NtQueryInformationToken RtlSubscribeWnfStateChangeNotification RtlUnsubscribeWnfStateChangeNotification NtPowerInformation RtlAllocateHeap RtlGetDeviceFamilyInfoEnum RtlQueryTokenHostIdAsUlong64 NtSetInformationProcess RtlNtStatusToDosError RtlInitUnicodeString RtlQueryWnfStateData RtlNtStatusToDosErrorNoTeb RtlCompareUnicodeString RtlFreeHeap RtlGetAppContainerSidType |
| api-ms-win-core-com-l1-1-1.dll |
RoGetAgileReference
|
| api-ms-win-shcore-obsolete-l1-1-0.dll |
CommandLineToArgvW
SHStrDupW |
| api-ms-win-eventing-classicprovider-l1-1-0.dll |
TraceMessage
UnregisterTraceGuids RegisterTraceGuidsW GetTraceLoggerHandle GetTraceEnableFlags GetTraceEnableLevel |
| api-ms-win-core-heap-l2-1-0.dll |
LocalAlloc
LocalReAlloc LocalFree |
| api-ms-win-core-atoms-l1-1-0.dll |
GlobalAddAtomW
GlobalDeleteAtom GlobalGetAtomNameW |
| api-ms-win-core-winrt-l1-1-0.dll |
RoGetActivationFactory
RoInitialize RoActivateInstance RoUninitialize |
| api-ms-win-core-file-l1-1-0.dll |
DeleteFileW
GetFileAttributesExW GetFullPathNameW FindClose FindNextFileW WriteFile CompareFileTime CreateFileW GetFileSize GetLongPathNameW ReadFile GetFileAttributesW CreateDirectoryW FindFirstFileExW |
| api-ms-win-core-realtime-l1-1-0.dll |
QueryProcessCycleTime
QueryUnbiasedInterruptTime |
| api-ms-win-core-quirks-l1-1-1.dll |
QuirkIsEnabledForPackage4
|
| api-ms-win-core-string-l1-1-0.dll |
WideCharToMultiByte
MultiByteToWideChar CompareStringOrdinal |
| api-ms-win-core-psapi-l1-1-0.dll |
K32GetModuleFileNameExW
QueryFullProcessImageNameW |
| api-ms-win-core-winrt-error-l1-1-1.dll |
RoReportFailedDelegate
IsErrorPropagationEnabled RoOriginateLanguageException RoGetMatchingRestrictedErrorInfo |
| OLEAUT32.dll |
SafeArrayUnaccessData
SafeArrayGetDim SafeArrayDestroy SysAllocString SafeArrayCreate VariantChangeType SafeArrayCreateVector SafeArrayPutElement SafeArrayAccessData VariantClear SysFreeString VariantCopy SysStringLen VariantInit |
| api-ms-win-core-shlwapi-legacy-l1-1-0.dll |
SHExpandEnvironmentStringsW
PathFindFileNameW PathGetDriveNumberW PathFileExistsW PathFindExtensionW PathIsRelativeW PathRemoveFileSpecW PathCommonPrefixW PathIsFileSpecW |
| api-ms-win-core-url-l1-1-0.dll |
PathIsURLW
UrlUnescapeW HashData |
| api-ms-win-core-sysinfo-l1-2-0.dll |
GetSystemTimePreciseAsFileTime
VerSetConditionMask GetProductInfo |
| api-ms-win-core-threadpool-legacy-l1-1-0.dll |
CreateTimerQueueTimer
DeleteTimerQueueTimer |
| api-ms-win-core-largeinteger-l1-1-0.dll |
MulDiv
|
| api-ms-win-core-debug-l1-1-1.dll |
CheckRemoteDebuggerPresent
|
| api-ms-win-core-registry-l1-1-1.dll |
RegSetKeyValueW
|
| api-ms-win-core-registry-l2-1-0.dll |
RegOpenKeyW
RegCreateKeyW RegDeleteKeyW RegEnumKeyW |
| api-ms-win-shcore-sysinfo-l1-1-0.dll |
IsOS
|
| api-ms-win-core-processenvironment-l1-1-0.dll |
ExpandEnvironmentStringsW
|
| api-ms-win-shcore-stream-winrt-l1-1-0.dll |
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream |
| api-ms-win-core-libraryloader-l1-2-1.dll |
LoadLibraryW
|
| api-ms-win-core-kernel32-legacy-l1-1-0.dll |
PulseEvent
|
| api-ms-win-security-base-l1-1-0.dll |
InitializeAcl
GetTokenInformation DuplicateTokenEx FreeSid CheckTokenMembership CopySid EqualSid GetLengthSid SetSecurityDescriptorDacl GetSecurityDescriptorDacl MakeAbsoluteSD CreateWellKnownSid |
| api-ms-win-security-trustee-l1-1-0.dll |
BuildTrusteeWithSidW
|
| api-ms-win-security-provider-l1-1-0.dll |
GetSecurityInfo
GetExplicitEntriesFromAclW SetSecurityInfo SetEntriesInAclW |
| api-ms-win-core-timezone-l1-1-0.dll |
FileTimeToSystemTime
SystemTimeToFileTime |
| api-ms-win-core-string-obsolete-l1-1-0.dll |
lstrlenW
|
| api-ms-win-core-quirks-l1-1-0.dll |
QuirkIsEnabledForPackage
|
| api-ms-win-core-string-l2-1-0.dll |
CharNextW
|
| api-ms-win-oobe-notification-l1-1-0.dll |
UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted OOBEComplete |
| api-ms-win-service-management-l1-1-0.dll |
CloseServiceHandle
OpenServiceW OpenSCManagerW |
| api-ms-win-service-management-l2-1-0.dll |
QueryServiceStatusEx
|
| api-ms-win-core-kernel32-legacy-l1-1-1.dll |
VerifyVersionInfoW
|
| api-ms-win-core-path-l1-1-0.dll |
PathAllocCombine
PathCchRemoveFileSpec PathCchAppend PathCchCombine PathCchRenameExtension |
| api-ms-win-shcore-registry-l1-1-0.dll |
SHSetValueW
SHRegGetValueW SHGetValueW |
| RPCRT4.dll |
UuidCreate
|
| CRYPT32.dll |
CertCloseStore
CryptMsgGetParam CertFindCertificateInStore CertGetNameStringW CryptMsgClose CertFreeCertificateContext CryptQueryObject |
| api-ms-win-security-cryptoapi-l1-1-0.dll |
CryptGetHashParam
CryptHashData CryptDestroyHash CryptReleaseContext CryptAcquireContextW CryptCreateHash |
| api-ms-win-core-com-private-l1-2-0.dll |
InternalGetWindowPropInterface2
|
| USERENV.dll |
GetProfileType
|
| wkscli.dll |
NetGetJoinInformation
|
| netutils.dll |
NetApiBufferFree
|
| api-ms-win-core-io-l1-1-0.dll |
CancelIoEx
|
| api-ms-win-core-file-l2-1-0.dll |
ReOpenFile
GetFileInformationByHandleEx ReadDirectoryChangesW |
| api-ms-win-security-lsalookup-l1-1-2.dll |
LsaLookupUserAccountType
|
| api-ms-win-core-version-l1-1-0.dll |
VerQueryValueW
GetFileVersionInfoExW GetFileVersionInfoSizeExW |
| api-ms-win-core-file-l1-2-0.dll |
GetTempPathW
|
| api-ms-win-rtcore-ntuser-private-l1-1-0.dll |
IsWindowInDestroy
CreateWindowInBandEx GetWindowBand CreateWindowInBand |
| api-ms-win-rtcore-ntuser-shell-l1-1-0.dll |
GetShellWindow
|
| api-ms-win-dx-d3dkmt-l1-1-0.dll |
D3DKMTCheckOcclusion
|
| api-ms-win-dwmapi-l1-1-0.dll |
DwmFlush
|
| PROPSYS.dll |
PSPropertyBag_WriteStr
InitVariantFromStringArray PropVariantToBoolean InitVariantFromDoubleArray PropVariantToUInt32 PSGetPropertyFromPropertyStorage PropVariantToStringAlloc PSCreateMemoryPropertyStore PropVariantToInt32 VariantToBuffer |
| api-ms-win-shell-namespace-l1-1-0.dll |
ILFindChild
ILCombine ILIsParent SHBindToFolderIDListParentEx ILIsEqual SHGetNameFromIDList SHBindToParent SHCreateItemFromIDList ILFindLastID SHCreateItemFromParsingName SHGetIDListFromObject ILClone SHParseDisplayName ILGetSize |
| api-ms-win-rtcore-ntuser-private-l1-1-4.dll |
#2597
|
| api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll |
GetPointerType
GetPointerInfo GetCurrentInputMessageSource GetPointerDeviceRects GetPointerDevices |
| api-ms-win-appmodel-runtime-l1-1-1.dll |
FindPackagesByPackageFamily
|
| api-ms-win-rtcore-ntuser-private-l1-1-5.dll |
#2616
|
| api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll |
UnhookWinEvent
SetWinEventHook NotifyWinEvent |
| api-ms-win-gdi-dpiinfo-l1-1-0.dll |
GetCurrentDpiInfo
|
| DWrite.dll |
DWriteCreateFactory
|
| api-ms-win-rtcore-ntuser-private-l1-1-10.dll |
#2546
|
| api-ms-win-appmodel-runtime-l1-1-0.dll |
GetApplicationUserModelId
GetPackagesByPackageFamily |
| api-ms-win-storage-exports-internal-l1-1-0.dll |
SHGetKnownFolderIDList
SHGetSpecialFolderLocation DetermineFolderDestinationParentAppID |
| SHELL32.dll |
SHGetPathFromIDListW
SHFileOperationW SHGetPropertyStoreForWindow #727 ShellExecuteW SHSetLocalizedName SHChangeNotify ShellExecuteExW #901 #723 SHGetStockIconInfo DragQueryFileW #524 SHRemoveLocalizedName #75 #28 SHGetPathFromIDListEx SHCreateItemInKnownFolder #905 SHGetLocalizedName #155 SHAppBarMessage SHCreateItemWithParent #19 SHBindToFolderIDListParent #941 #894 |
| combase.dll |
#167
|
| api-ms-win-shlwapi-ie-l1-1-0.dll |
SHRegGetBoolValueFromHKCUHKLM
GUIDFromStringW |
| UxTheme.dll |
#126
|
| SHCORE.dll |
#247
#192 #213 #193 #191 #249 #270 #102 #240 #246 #248 #190 |
| dcomp.dll |
DCompositionCreateDevice2
#1046 |
| wincorlib.DLL |
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z ?__abi_WinRTraiseOutOfBoundsException@@YAXXZ ?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z ?Allocate@Heap@Details@Platform@@SAPEAX_K@Z ??0Delegate@Platform@@QE$AAA@XZ ?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ ?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z ?Free@Heap@Details@Platform@@SAXPEAX@Z ??0Object@Platform@@QE$AAA@XZ ?__abi_WinRTraiseObjectDisposedException@@YAXXZ ?__abi_WinRTraiseInvalidCastException@@YAXXZ ?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z ?__abi_WinRTraiseNotImplementedException@@YAXXZ ?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z ?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z ?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z ?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z ?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z ?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ ?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z ?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z ?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z ??0DisconnectedException@Platform@@QE$AAA@XZ ?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z ?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z ?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z ??0NotImplementedException@Platform@@QE$AAA@XZ ?__abi_WinRTraiseChangedStateException@@YAXXZ ?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z ??0OutOfBoundsException@Platform@@QE$AAA@XZ ??0ChangedStateException@Platform@@QE$AAA@XZ ?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z ??0FailureException@Platform@@QE$AAA@XZ ??0OutOfMemoryException@Platform@@QE$AAA@XZ ?__abi_WinRTraiseNullReferenceException@@YAXXZ ?__abi_WinRTraiseDisconnectedException@@YAXXZ ?__abi_WinRTraiseCOMException@@YAXJ@Z ?__abi_WinRTraiseFailureException@@YAXXZ ?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ ?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z ?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ ?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z ?UninitializeData@Details@Platform@@YAXH@Z ?__abi_WinRTraiseOperationCanceledException@@YAXXZ ?__abi_FailFast@@YAXXZ ?__abi_WinRTraiseInvalidArgumentException@@YAXXZ ?__abi_WinRTraiseWrongThreadException@@YAXXZ ?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z ?__abi_WinRTraiseAccessDeniedException@@YAXXZ ?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z ?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z ?InitializeData@Details@Platform@@YAJH@Z |
| WININET.dll |
HttpQueryInfoW
InternetOpenW InternetCrackUrlW InternetOpenUrlW InternetReadFile InternetCloseHandle |
| cdp.dll |
CDPGetUserActivitySettings
CDPInitialize CDPShutdown |
| api-ms-win-core-apiquery-l1-1-0.dll |
ApiSetQueryApiSetPresence
|
| api-ms-win-core-errorhandling-l1-1-2.dll |
RaiseFailFastException
|
| api-ms-win-security-capability-l1-1-0.dll |
CapabilityCheck
|
| api-ms-win-shcore-unicodeansi-l1-1-0.dll |
SHUnicodeToAnsi
SHAnsiToUnicode |
| api-ms-win-core-heap-obsolete-l1-1-0.dll |
GlobalUnlock
GlobalLock |
| api-ms-win-stateseparation-helpers-l1-1-0.dll |
GetPersistedRegistryLocationW
|
| api-ms-win-core-delayload-l1-1-1.dll |
ResolveDelayLoadedAPI
|
| api-ms-win-core-delayload-l1-1-0.dll |
DelayLoadFailureHook
|
| api-ms-win-appmodel-runtime-l1-1-3.dll |
GetStagedPackagePathByFullName2
|
| api-ms-win-rtcore-ntuser-clipboard-l1-1-0.dll |
RegisterClipboardFormatW
|
| api-ms-win-crt-math-l1-1-0.dll |
ceilf
floorf |
| api-ms-win-shcore-comhelpers-l1-1-0.dll (delay-loaded) |
IUnknown_GetSite
IUnknown_SetSite IUnknown_QueryService IUnknown_Set |
| Attributes | 0x1 |
|---|---|
| Name | api-ms-win-shcore-comhelpers-l1-1-0.dll |
| ModuleHandle | 0x64f648 |
| DelayImportAddressTable | 0x69d460 |
| DelayImportNameTable | 0x63a778 |
| BoundDelayImportTable | 0x63c2d0 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
| Ordinal | 1 |
|---|---|
| Address | 0x87230 |
| Ordinal | 2 |
|---|---|
| Address | 0x1ad7a0 |
| Ordinal | 3 |
|---|---|
| Address | 0x1ad7e0 |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 10.0.19041.7058 |
| ProductVersion | 10.0.19041.7058 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_DLL
|
| Language | English - United States |
| CompanyName | Microsoft Corporation |
| FileDescription | Twinui.PCShell |
| FileVersion (#2) | 10.0.19041.7058 (WinBuild.160101.0800) |
| InternalName | Twinui.PCShell.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | Twinui.PCShell.dll |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion (#2) | 10.0.19041.7058 |
| Resource LangID | English - United States |
|---|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2090-Jul-25 04:10:42 |
| Version | 0.0 |
| SizeofData | 43 |
| AddressOfRawData | 0x5cdf50 |
| PointerToRawData | 0x5ccf50 |
| Referenced File | twinui.pcshell.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2090-Jul-25 04:10:42 |
| Version | 0.0 |
| SizeofData | 1760 |
| AddressOfRawData | 0x5cdf7c |
| PointerToRawData | 0x5ccf7c |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2090-Jul-25 04:10:42 |
| Version | 0.0 |
| SizeofData | 36 |
| AddressOfRawData | 0x5ce65c |
| PointerToRawData | 0x5cd65c |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2090-Jul-25 04:10:42 |
| Version | 0.0 |
| SizeofData | 4 |
| AddressOfRawData | 0x5ce680 |
| PointerToRawData | 0x5cd680 |
| StartAddressOfRawData | 0x1805ce6a8 |
|---|---|
| EndAddressOfRawData | 0x1805ce6b4 |
| AddressOfIndex | 0x18064f640 |
| AddressOfCallbacks | 0x1805431a8 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x118 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x18064ea40 |
| GuardCFCheckFunctionPointer | 6447968240 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
| XOR Key | 0x892b1b0e |
|---|---|
| Unmarked objects | 0 |
| Imports (VS2008 SP1 build 30729) | 225 |
| C objects (27412) | 27 |
| ASM objects (27412) | 3 |
| Total imports | 2255 |
| Imports (27412) | 22 |
| Exports (27412) | 1 |
| C objects (POGO O) (27412) | 575 |
| C++ objects (27412) | 37 |
| 253 (27412) | 11 |
| Resource objects (27412) | 1 |
| Linker (27412) | 1 |
No comments yet.