psapi – InfoDLL

¿Para qué sirve la dll psapi.dll?

Process Status Helper

Dependencias de la dll psapi.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\psapi.dll

File Type: DLL

  Image has the following dependencies:

    ntdll.dll
    api-ms-win-core-psapi-l1-1-0.dll
    api-ms-win-core-libraryloader-l1-2-0.dll
    api-ms-win-core-profile-l1-1-0.dll
    api-ms-win-core-processthreads-l1-1-0.dll
    api-ms-win-core-sysinfo-l1-1-0.dll
    api-ms-win-core-errorhandling-l1-1-0.dll
    api-ms-win-core-psapi-obsolete-l1-1-0.dll
    api-ms-win-core-psapi-ansi-l1-1-0.dll

  Summary

        1000 .data
        1000 .pdata
        2000 .rdata
        1000 .reloc
        1000 .rsrc
        1000 .text

Funciones que tiene la dll psapi.dll


1    0 000013C0 EmptyWorkingSet
2    1 00001090 EnumDeviceDrivers
3    2 000013E0 EnumPageFilesA
4    3 00001400 EnumPageFilesW
5    4 00001010 EnumProcessModules
6    5 00001420 EnumProcessModulesEx
7    6 00001030 EnumProcesses
8    7 00001440 GetDeviceDriverBaseNameA
9    8 000010B0 GetDeviceDriverBaseNameW
10    9 00001460 GetDeviceDriverFileNameA
11    A 00001480 GetDeviceDriverFileNameW
12    B 000014A0 GetMappedFileNameA
13    C 000014C0 GetMappedFileNameW
14    D 000014E0 GetModuleBaseNameA
15    E 000010D0 GetModuleBaseNameW
16    F 00001500 GetModuleFileNameExA
17   10 00001050 GetModuleFileNameExW
18   11 000010F0 GetModuleInformation
19   12 00001520 GetPerformanceInfo
20   13 00001540 GetProcessImageFileNameA
21   14 00001070 GetProcessImageFileNameW
22   15 00001560 GetProcessMemoryInfo
23   16 000015A0 GetWsChanges
24   17 00001580 GetWsChangesEx
25   18 000015C0 InitializeProcessForWsWatch
26   19 00001600 QueryWorkingSet
27   1A 000015E0 QueryWorkingSetEx

Información avanzada sobre funciones que tiene la dll psapi.dll


Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Windows\System32\psapi.dll

File Type: DLL

  Section contains the following exports for PSAPI.DLL

    00000000 characteristics
     F828C32 time date stamp
        0.00 version
           1 ordinal base
          27 number of functions
          27 number of names

    ordinal hint RVA      name

          1    0 000013C0 EmptyWorkingSet
          2    1 00001090 EnumDeviceDrivers
          3    2 000013E0 EnumPageFilesA
          4    3 00001400 EnumPageFilesW
          5    4 00001010 EnumProcessModules
          6    5 00001420 EnumProcessModulesEx
          7    6 00001030 EnumProcesses
          8    7 00001440 GetDeviceDriverBaseNameA
          9    8 000010B0 GetDeviceDriverBaseNameW
         10    9 00001460 GetDeviceDriverFileNameA
         11    A 00001480 GetDeviceDriverFileNameW
         12    B 000014A0 GetMappedFileNameA
         13    C 000014C0 GetMappedFileNameW
         14    D 000014E0 GetModuleBaseNameA
         15    E 000010D0 GetModuleBaseNameW
         16    F 00001500 GetModuleFileNameExA
         17   10 00001050 GetModuleFileNameExW
         18   11 000010F0 GetModuleInformation
         19   12 00001520 GetPerformanceInfo
         20   13 00001540 GetProcessImageFileNameA
         21   14 00001070 GetProcessImageFileNameW
         22   15 00001560 GetProcessMemoryInfo
         23   16 000015A0 GetWsChanges
         24   17 00001580 GetWsChangesEx
         25   18 000015C0 InitializeProcessForWsWatch
         26   19 00001600 QueryWorkingSet
         27   1A 000015E0 QueryWorkingSetEx

  Summary

        1000 .data
        1000 .pdata
        2000 .rdata
        1000 .reloc
        1000 .rsrc
        1000 .text

Integridad de la dll psapi.dll



Algorithm       Hash                                                                   Path                                         
---------       ----                                                                   ----                                         
SHA256          4BF259EE8BC11A51FB6FFC7C5D77B8FAB9D092D6892789B92D145083607FB314       C:\Windows\System32\psapi.dll

Detalles sobre el fichero dll psapi.dll




PSPath            : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\psapi.dll
PSParentPath      : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName       : psapi.dll
PSDrive           : C
PSProvider        : Microsoft.PowerShell.Core\FileSystem
PSIsContainer     : False
Mode              : -a----
VersionInfo       : File:             C:\Windows\System32\psapi.dll
                    InternalName:     PSAPI
                    OriginalFilename: PSAPI
                    FileVersion:      10.0.19041.546 (WinBuild.160101.0800)
                    FileDescription:  Process Status Helper
                    Product:          Microsoft® Windows® Operating System
                    ProductVersion:   10.0.19041.546
                    Debug:            False
                    Patched:          False
                    PreRelease:       False
                    PrivateBuild:     False
                    SpecialBuild:     False
                    Language:         Inglés (Estados Unidos)
                    
BaseName          : psapi
Target            : {C:\Windows\WinSxS\amd64_microsoft-windows-basedependencies_31bf3856ad364e35_10.0.19041.546_none_e09b38c4879eb2b
                    7\psapi.dll}
LinkType          : HardLink
Name              : psapi.dll
Length            : 19144
DirectoryName     : C:\Windows\System32
Directory         : C:\Windows\System32
IsReadOnly        : False
Exists            : True
FullName          : C:\Windows\System32\psapi.dll
Extension         : .dll
CreationTime      : 21/11/2020 8:43:58
CreationTimeUtc   : 21/11/2020 7:43:58
LastAccessTime    : 03/12/2020 14:23:58
LastAccessTimeUtc : 03/12/2020 13:23:58
LastWriteTime     : 21/11/2020 8:43:58
LastWriteTimeUtc  : 21/11/2020 7:43:58
Attributes        : Archive

Procesos que utilizan la dll psapi.dll


powershell_ise
powershell_ise
powershell_ise