¿Para qué sirve la dll dbghelp.dll?

Windows Image Helper

Dependencias de la dll dbghelp.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\dbghelp.dll

File Type: DLL

  Image has the following dependencies:

    api-ms-win-crt-string-l1-1-0.dll
    api-ms-win-crt-time-l1-1-0.dll
    api-ms-win-crt-locale-l1-1-0.dll
    api-ms-win-crt-runtime-l1-1-0.dll
    api-ms-win-crt-private-l1-1-0.dll
    api-ms-win-core-file-l1-1-0.dll
    api-ms-win-core-errorhandling-l1-1-0.dll
    api-ms-win-core-synch-l1-1-0.dll
    api-ms-win-core-misc-l1-1-0.dll
    api-ms-win-core-handle-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-0.dll
    api-ms-win-core-heap-l1-1-0.dll
    api-ms-win-core-sysinfo-l1-1-0.dll
    api-ms-win-core-libraryloader-l1-1-0.dll
    api-ms-win-core-processenvironment-l1-1-0.dll
    api-ms-win-security-base-l1-1-0.dll
    api-ms-win-core-string-l1-1-0.dll
    api-ms-win-core-memory-l1-1-0.dll
    api-ms-win-core-debug-l1-1-0.dll
    api-ms-win-core-localregistry-l1-1-0.dll
    api-ms-win-core-rtlsupport-l1-1-0.dll
    api-ms-win-core-profile-l1-1-0.dll
    api-ms-win-core-util-l1-1-0.dll
    api-ms-win-core-localization-l1-1-0.dll
    api-ms-win-core-interlocked-l1-1-0.dll
    api-ms-win-eventing-provider-l1-1-0.dll
    ntdll.dll
    api-ms-win-core-kernel32-legacy-l1-1-0.dll
    api-ms-win-core-synch-l1-2-0.dll
    api-ms-win-downlevel-kernel32-l2-1-0.dll
    api-ms-win-core-io-l1-1-0.dll
    api-ms-win-core-delayload-l1-1-0.dll

  Image has the following delay load dependencies:

    RPCRT4.dll

  Summary

       25000 .data
        1000 .didat
        3000 .mrdata
       12000 .pdata
       4C000 .rdata
        5000 .reloc
        1000 .rsrc
      156000 .text

Funciones que tiene la dll dbghelp.dll


1126    0 0012EB70 DbgHelpCreateUserDump
1127    1 0012EC70 DbgHelpCreateUserDumpW
1128    2 00127D40 EnumDirTree
1129    3 00127E70 EnumDirTreeW
1130    4 00121500 EnumerateLoadedModules
1131    5 00121500 EnumerateLoadedModules64
1132    6 00121560 EnumerateLoadedModulesEx
1133    7 001215C0 EnumerateLoadedModulesExW
1134    8 00121620 EnumerateLoadedModulesW64
1135    9 00116480 ExtensionApiVersion
1136    A 00127EC0 FindDebugInfoFile
1137    B 00127EE0 FindDebugInfoFileEx
1138    C 00127FB0 FindDebugInfoFileExW
1139    D 00128000 FindExecutableImage
1140    E 00128020 FindExecutableImageEx
1141    F 00128120 FindExecutableImageExW
1142   10 00128170 FindFileInPath
1143   11 001281C0 FindFileInSearchPath
1144   12 00121680 GetSymLoadError
1145   13 00118740 GetTimestampForLoadedLibrary
1146   14 001183C0 ImageDirectoryEntryToData
1147   15 001183E0 ImageDirectoryEntryToDataEx
1148   16 00118510 ImageNtHeader
1149   17 00118550 ImageRvaToSection
1150   18 001185C0 ImageRvaToVa
1151   19 00128210 ImagehlpApiVersion
1152   1A 00128220 ImagehlpApiVersionEx
1153   1B 00128260 MakeSureDirectoryPathExists
1154   1C          MiniDumpReadDumpStream (forwarded to dbgcore.MiniDumpReadDumpStream)
1155   1D          MiniDumpWriteDump (forwarded to dbgcore.MiniDumpWriteDump)
1156   1E 00140530 RangeMapAddPeImageSections
1157   1F 001405F0 RangeMapCreate
1158   20 00140650 RangeMapFree
1159   21 00140670 RangeMapRead
1160   22 001406D0 RangeMapRemove
1161   23 00140720 RangeMapWrite
1162   24 000184C0 RemoveInvalidModuleList
1163   25 00111970 ReportSymbolLoad

Información avanzada sobre funciones que tiene la dll dbghelp.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\dbghelp.dll

File Type: DLL

  Section contains the following exports for dbghelp.dll

    00000000 characteristics
    92E0F435 time date stamp
        0.00 version
        1101 ordinal base
         257 number of functions
         242 number of names

    ordinal hint RVA      name

       1126    0 0012EB70 DbgHelpCreateUserDump
       1127    1 0012EC70 DbgHelpCreateUserDumpW
       1128    2 00127D40 EnumDirTree
       1129    3 00127E70 EnumDirTreeW
       1130    4 00121500 EnumerateLoadedModules
       1131    5 00121500 EnumerateLoadedModules64
       1132    6 00121560 EnumerateLoadedModulesEx
       1133    7 001215C0 EnumerateLoadedModulesExW
       1134    8 00121620 EnumerateLoadedModulesW64
       1135    9 00116480 ExtensionApiVersion
       1136    A 00127EC0 FindDebugInfoFile
       1137    B 00127EE0 FindDebugInfoFileEx
       1138    C 00127FB0 FindDebugInfoFileExW
       1139    D 00128000 FindExecutableImage
       1140    E 00128020 FindExecutableImageEx
       1141    F 00128120 FindExecutableImageExW
       1142   10 00128170 FindFileInPath
       1143   11 001281C0 FindFileInSearchPath
       1144   12 00121680 GetSymLoadError
       1145   13 00118740 GetTimestampForLoadedLibrary
       1146   14 001183C0 ImageDirectoryEntryToData
       1147   15 001183E0 ImageDirectoryEntryToDataEx
       1148   16 00118510 ImageNtHeader
       1149   17 00118550 ImageRvaToSection
       1150   18 001185C0 ImageRvaToVa
       1151   19 00128210 ImagehlpApiVersion
       1152   1A 00128220 ImagehlpApiVersionEx
       1153   1B 00128260 MakeSureDirectoryPathExists
       1154   1C          MiniDumpReadDumpStream (forwarded to dbgcore.MiniDumpReadDumpStream)
       1155   1D          MiniDumpWriteDump (forwarded to dbgcore.MiniDumpWriteDump)
       1156   1E 00140530 RangeMapAddPeImageSections
       1157   1F 001405F0 RangeMapCreate
       1158   20 00140650 RangeMapFree
       1159   21 00140670 RangeMapRead
       1160   22 001406D0 RangeMapRemove
       1161   23 00140720 RangeMapWrite
       1162   24 000184C0 RemoveInvalidModuleList
       1163   25 00111970 ReportSymbolLoadSummary
       1164   26 001283F0 SearchTreeForFile
       1165   27 00128420 SearchTreeForFileW
       1166   28 000184C0 SetCheckUserInterruptShared
       1167   29 00121690 SetSymLoadError
       1168   2A 0000DBF0 StackWalk
       1169   2B 0000DBF0 StackWalk64
       1170   2C 0000DD70 StackWalkEx
       1171   2D 001216A0 SymAddSourceStream
       1172   2E 001216B0 SymAddSourceStreamA
       1173   2F 00121720 SymAddSourceStreamW
       1174   30 001218C0 SymAddSymbol
       1175   31 00121940 SymAddSymbolW
       1176   32 00121A50 SymAddrIncludeInlineTrace
       1111   33 0011FAC0 SymAllocDiaString
       1177   34 0000DBA0 SymCleanup
       1178   35 00121BD0 SymCompareInlineTrace
       1179   36 00122120 SymDeleteSymbol
       1180   37 00122190 SymDeleteSymbolW
       1181   38 00122280 SymEnumLines
       1182   39 00122350 SymEnumLinesW
       1183   3A 001223C0 SymEnumProcesses
       1184   3B 00122460 SymEnumSourceFileTokens
       1185   3C 00122510 SymEnumSourceFiles
       1186   3D 00122540 SymEnumSourceFilesW
       1187   3E 00122570 SymEnumSourceLines
       1188   3F 001225C0 SymEnumSourceLinesW
       1189   40 00122610 SymEnumSym
       1190   41 00122640 SymEnumSymbols
       1191   42 00122670 SymEnumSymbolsEx
       1192   43 00122710 SymEnumSymbolsExW
       1193   44 00122780 SymEnumSymbolsForAddr
       1194   45 001228B0 SymEnumSymbolsForAddrW
       1195   46 001229F0 SymEnumSymbolsW
       1196   47 00122A20 SymEnumTypes
       1197   48 00122A70 SymEnumTypesByName
       1198   49 00122B40 SymEnumTypesByNameW
       1199   4A 00122BA0 SymEnumTypesW
       1200   4B 00122BF0 SymEnumerateModules
       1201   4C 00122BF0 SymEnumerateModules64
       1202   4D 00122C30 SymEnumerateModulesW64
       1203   4E 00122C70 SymEnumerateSymbols
       1204   4F 00122C70 SymEnumerateSymbols64
       1205   50 00122CC0 SymEnumerateSymbolsW
       1206   51 00122CC0 SymEnumerateSymbolsW64
       1207   52 00128450 SymFindDebugInfoFile
       1208   53 00128540 SymFindDebugInfoFileW
       1209   54 001285D0 SymFindExecutableImage
       1210   55 001286D0 SymFindExecutableImageW
       1211   56 00128760 SymFindFileInPath
       1212   57 001288A0 SymFindFileInPathW
       1112   58 0011FD80 SymFreeDiaString
       1213   59 00122D10 SymFromAddr
       1214   5A 00122D40 SymFromAddrW
       1215   5B 00122D70 SymFromIndex
       1216   5C 00122DE0 SymFromIndexW
       1217   5D 00122EE0 SymFromInlineContext
       1218   5E 00122F40 SymFromInlineContextW
       1219   5F 00018900 SymFromName
       1220   60 00122FA0 SymFromNameW
       1221   61 00122FD0 SymFromToken
       1222   62 00123080 SymFromTokenW
       1223   63 0000E6E0 SymFunctionTableAccess
       1224   64 0000E6E0 SymFunctionTableAccess64
       1225   65 0000E700 SymFunctionTableAccess64AccessRoutines
       1113   66 0011FD90 SymGetDiaSession
       1226   67 00123190 SymGetExtendedOption
       1227   68 0011AAA0 SymGetFileLineOffsets64
       1228   69 001231B0 SymGetHomeDirectory
       1229   6A 00123230 SymGetHomeDirectoryW
       1230   6B 001232F0 SymGetLineFromAddr
       1231   6C 001232F0 SymGetLineFromAddr64
       1114   6D 0011FE40 SymGetLineFromAddrEx
       1232   6E 00123320 SymGetLineFromAddrW64
       1233   6F 00123350 SymGetLineFromInlineContext
       1234   70 00123390 SymGetLineFromInlineContextW
       1235   71 001233D0 SymGetLineFromName
       1236   72 001233D0 SymGetLineFromName64
       1120   73 00120130 SymGetLineFromNameEx
       1237   74 00123400 SymGetLineFromNameW64
       1238   75 00123430 SymGetLineNext
       1239   76 00123430 SymGetLineNext64
       1121   77 00120860 SymGetLineNextEx
       1240   78 00123440 SymGetLineNextW64
       1241   79 00123460 SymGetLinePrev
       1242   7A 00123460 SymGetLinePrev64
       1122   7B 00120900 SymGetLinePrevEx
       1243   7C 00123470 SymGetLinePrevW64
       1244   7D 0000F480 SymGetModuleBase
       1245   7E 0000F480 SymGetModuleBase64
       1246   7F 00123490 SymGetModuleInfo
       1247   80 00123490 SymGetModuleInfo64
       1248   81 000104E0 SymGetModuleInfoW
       1249   82 000104E0 SymGetModuleInfoW64
       1123   83 00120990 SymGetOmapBlockBase
       1250   84 00123520 SymGetOmaps
       1251   85 00018310 SymGetOptions
       1252   86 00123610 SymGetScope
       1253   87 00123690 SymGetScopeW
       1254   88 001237C0 SymGetSearchPath
       1255   89 00123850 SymGetSearchPathW
       1256   8A 001238C0 SymGetSourceFile
       1257   8B 00123940 SymGetSourceFileChecksum
       1258   8C 001239D0 SymGetSourceFileChecksumW
       1259   8D 00123B00 SymGetSourceFileFromToken
       1260   8E 00123BB0 SymGetSourceFileFromTokenW
       1261   8F 00123C30 SymGetSourceFileToken
       1262   90 00123CA0 SymGetSourceFileTokenW
       1263   91 00123D70 SymGetSourceFileW
       1264   92 00123DF0 SymGetSourceVarFromToken
       1265   93 00123EC0 SymGetSourceVarFromTokenW
       1266   94 00123F70 SymGetSymFromAddr
       1267   95 00123F70 SymGetSymFromAddr64
       1268   96 00123FB0 SymGetSymFromName
       1269   97 00123FB0 SymGetSymFromName64
       1270   98 00124020 SymGetSymNext
       1271   99 00124020 SymGetSymNext64
       1272   9A 00124040 SymGetSymPrev
       1273   9B 00124040 SymGetSymPrev64
       1274   9C 0012D4E0 SymGetSymbolFile
       1275   9D 0012D610 SymGetSymbolFileW
       1276   9E 00124050 SymGetTypeFromName
       1277   9F 00124100 SymGetTypeFromNameW
       1278   A0 00124270 SymGetTypeInfo
       1279   A1 001242B0 SymGetTypeInfoEx
       1280   A2 001242E0 SymGetUnwindInfo
       1281   A3 000115E0 SymInitialize
       1282   A4 00016D80 SymInitializeW
       1283   A5 00019ED0 SymLoadModule
       1284   A6 00019ED0 SymLoadModule64
       1285   A7 00019F10 SymLoadModuleEx
       1286   A8 00124470 SymLoadModuleExW
       1287   A9 001244D0 SymMatchFileName
       1288   AA 001245E0 SymMatchFileNameW
       1289   AB 001246D0 SymMatchString
       1290   AC 00124710 SymMatchStringA
       1291   AD 00124720 SymMatchStringW
       1292   AE 00124760 SymNext
       1293   AF 00124800 SymNextW
       1294   B0 00124820 SymPrev
       1295   B1 001248C0 SymPrevW
       1296   B2 001248D0 SymQueryInlineTrace
       1297   B3 00124BE0 SymRefreshModuleList
       1298   B4 00124C60 SymRegisterCallback
       1299   B5 00124C60 SymRegisterCallback64
       1300   B6 00124CE0 SymRegisterCallbackW64
       1301   B7 00124D70 SymRegisterFunctionEntryCallback
       1302   B8 00124D70 SymRegisterFunctionEntryCallback64
       1303   B9 00124DF0 SymSearch
       1304   BA 00124EB0 SymSearchW
       1305   BB 00124F30 SymSetContext
       1124   BC 00120A10 SymSetDiaSession
       1306   BD 00124FF0 SymSetExtendedOption
       1307   BE 00125020 SymSetHomeDirectory
       1308   BF 001250C0 SymSetHomeDirectoryW
       1309   C0 00017210 SymSetOptions
       1310   C1 00125140 SymSetParentWindow
       1311   C2 00125170 SymSetScopeFromAddr
       1312   C3 00125180 SymSetScopeFromIndex
       1313   C4 00125240 SymSetScopeFromInlineContext
       1314   C5 00125300 SymSetSearchPath
       1315   C6 00016A20 SymSetSearchPathW
       1316   C7 0012DAC0 SymSrvDeltaName
       1317   C8 0012DB90 SymSrvDeltaNameW
       1318   C9 0012DD30 SymSrvGetFileIndexInfo
       1319   CA 0012DE10 SymSrvGetFileIndexInfoW
       1320   CB 0012DF50 SymSrvGetFileIndexString
       1321   CC 0012E010 SymSrvGetFileIndexStringW
       1322   CD 0012E0E0 SymSrvGetFileIndexes
       1323   CE 0012E150 SymSrvGetFileIndexesW
       1324   CF 0012E210 SymSrvGetSupplement
       1325   D0 0012E2D0 SymSrvGetSupplementW
       1326   D1 0012E3F0 SymSrvIsStore
       1327   D2 0012E440 SymSrvIsStoreW
       1328   D3 0012E580 SymSrvStoreFile
       1329   D4 0012E620 SymSrvStoreFileW
       1330   D5 0012E6E0 SymSrvStoreSupplement
       1331   D6 0012E7B0 SymSrvStoreSupplementW
       1332   D7 00125350 SymUnDName
       1333   D8 00125350 SymUnDName64
       1334   D9 001253B0 SymUnloadModule
       1335   DA 001253B0 SymUnloadModule64
       1336   DB 00008380 UnDecorateSymbolName
       1337   DC 001254A0 UnDecorateSymbolNameW
       1338   DD 00116570 WinDbgExtensionDllInit
       1125   DE 001120D0 _EFN_DumpImage
       1339   DF 001165C0 block
       1340   E0 00116790 chksym
       1341   E1 001255E0 dbghelp
       1342   E2 00116980 dh
       1343   E3 00116990 fptr
       1344   E4 00116A20 homedir
       1345   E5 00116B50 inlinedbg
       1346   E6 00116BC0 itoldyouso
       1347   E7 00116DB0 lmi
       1348   E8 001170D0 lminfo
       1349   E9 001172F0 omap
       1350   EA 00117510 optdbgdump
       1351   EB 00117660 optdbgdumpaddr
       1352   EC 001177B0 srcfiles
       1353   ED 001178E0 stack_force_ebp
       1354   EE 00117A50 stackdbg
       1355   EF 00117C20 sym
       1356   F0 00117D70 symsrv
       1357   F1 00117DC0 vc7fpo
       1101      0011FC00 [NONAME]
       1102      0011FCF0 [NONAME]
       1103      0011FE80 [NONAME]
       1104      00120200 [NONAME]
       1105      001208E0 [NONAME]
       1106      00120970 [NONAME]
       1107      0011FE40 [NONAME]
       1108      00120130 [NONAME]
       1109      00120860 [NONAME]
       1110      00120900 [NONAME]
       1115      0011FEC0 [NONAME]
       1116      0011FF90 [NONAME]
       1117      0011FAE0 [NONAME]
       1118      0011FB90 [NONAME]
       1119      000F7880 [NONAME]

  Summary

       25000 .data
        1000 .didat
        3000 .mrdata
       12000 .pdata
       4C000 .rdata
        5000 .reloc
        1000 .rsrc
      156000 .text

Integridad de la dll dbghelp.dll



Algorithm       Hash                                                                   Path                                         
---------       ----                                                                   ----                                         
SHA256          735D07693CFBC08330E322675815ED1DE7B53F4E8FD970DBAAA9FD842E7E68C3       C:\Windows\System32\dbghelp.dll              


Detalles sobre el fichero dll dbghelp.dll




PSPath            : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\dbghelp.dll
PSParentPath      : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName       : dbghelp.dll
PSDrive           : C
PSProvider        : Microsoft.PowerShell.Core\FileSystem
PSIsContainer     : False
Mode              : -a----
VersionInfo       : File:             C:\Windows\System32\dbghelp.dll
                    InternalName:     DBGHELP.DLL
                    OriginalFilename: DBGHELP.DLL
                    FileVersion:      10.0.19041.488 (WinBuild.160101.0800)
                    FileDescription:  Windows Image Helper
                    Product:          Microsoft® Windows® Operating System
                    ProductVersion:   10.0.19041.488
                    Debug:            False
                    Patched:          False
                    PreRelease:       False
                    PrivateBuild:     False
                    SpecialBuild:     False
                    Language:         Inglés (Estados Unidos)
                    
BaseName          : dbghelp
Target            : {C:\Windows\WinSxS\amd64_microsoft-windows-debughelp_31bf3856ad364e35_10.0.19041.488_none_d61c9e14acf975da\dbghe
                    lp.dll}
LinkType          : HardLink
Name              : dbghelp.dll
Length            : 1866240
DirectoryName     : C:\Windows\System32
Directory         : C:\Windows\System32
IsReadOnly        : False
Exists            : True
FullName          : C:\Windows\System32\dbghelp.dll
Extension         : .dll
CreationTime      : 20/09/2020 15:03:07
CreationTimeUtc   : 20/09/2020 13:03:07
LastAccessTime    : 03/12/2020 9:41:15
LastAccessTimeUtc : 03/12/2020 8:41:15
LastWriteTime     : 20/09/2020 15:03:07
LastWriteTimeUtc  : 20/09/2020 13:03:07
Attributes        : Archive



Procesos que utilizan la dll dbghelp.dll


chrome
chrome
chrome
chrome
chrome
chrome
chrome
explorer
svchost
UserOOBEBroker