¿Para qué sirve la dll tdh.dll?
Biblioteca auxiliar de seguimiento de eventosDependencias de la dll tdh.dll
Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file C:\Windows\System32\tdh.dll
File Type: DLL
Image has the following dependencies:
msvcp_win.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-private-l1-1-0.dll
ntdll.dll
api-ms-win-eventing-classicprovider-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-synch-l1-1-0.dll
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-core-registry-l1-1-0.dll
api-ms-win-core-processenvironment-l1-1-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-debug-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-1.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-interlocked-l1-1-0.dll
api-ms-win-core-memory-l1-1-0.dll
api-ms-win-core-handle-l1-1-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-eventing-consumer-l1-1-0.dll
api-ms-win-eventing-controller-l1-1-0.dll
api-ms-win-security-lsalookup-l1-1-0.dll
api-ms-win-core-timezone-l1-1-0.dll
api-ms-win-core-datetime-l1-1-0.dll
api-ms-win-security-base-l1-1-0.dll
api-ms-win-core-delayload-l1-1-1.dll
api-ms-win-core-delayload-l1-1-0.dll
SECHOST.dll
api-ms-win-crt-math-l1-1-0.dll
Image has the following delay load dependencies:
OLEAUT32.dll
api-ms-win-core-com-l1-1-0.dll
dbghelp.dll
api-ms-win-security-sddl-l1-1-0.dll
WS2_32.dll
Summary
37000 .data
1000 .didat
4000 .pdata
82000 .rdata
7000 .reloc
1000 .rsrc
54000 .text
Funciones que tiene la dll tdh.dll
1 0 00012340 DllCanUnloadNow
2 1 00012360 DllGetClassObject
3 2 00012510 TdhAggregatePayloadFilters
4 3 0001A6A0 TdhApplyPayloadFilter
5 4 00012560 TdhCleanupPayloadEventFilterDescriptor
6 5 0001FE20 TdhCloseDecodingHandle
7 6 000125D0 TdhCreatePayloadFilter
8 7 00012610 TdhDeletePayloadFilter
9 8 00012F40 TdhEnumerateManifestProviderEvents
10 9 00012F70 TdhEnumerateProviderFieldInformation
11 A 00012680 TdhEnumerateProviderFilters
12 B 0000B190 TdhEnumerateProviders
13 C 0001EE30 TdhEnumerateRemoteWBEMProviderFieldInformation
14 D 0001EF30 TdhEnumerateRemoteWBEMProviders
15 E 00013070 TdhFormatProperty
16 F 000126E0 TdhGetAllEventsInformation
17 10 0001FE40 TdhGetDecodingParameter
18 11 00004AD0 TdhGetEventInformation
19 12 00013270 TdhGetEventMapInformation
20 13 00013300 TdhGetManifestEventInformation
21 14 000044C0 TdhGetProperty
22 15 00012770 TdhGetPropertyOffsetAndSize
23 16 00003ED0 TdhGetPropertySize
24 17 0001FEB0 TdhGetWppMessage
25 18 0001FEE0 TdhGetWppProperty
26 19 00013360 TdhLoadManifest
27 1A 00012820 TdhLoadManifestFromBinary
28 1B 000133B0 TdhLoadManifestFromMemory
29 1C 0001FFA0 TdhOpenDecodingHandle
30 1D 0000B0E0 TdhQueryProviderFieldInformation
31 1E 0001F0C0 TdhQueryRemoteWBEMProviderFieldInformation
32 1F 00020050 TdhSetDecodingParameter
33 20 000133D0 TdhUnloadManifest
34 21 00013420 TdhUnloadManifestFromMemory
35 22 0001AF80 TdhValidatePayloadFilter
Información avanzada sobre funciones que tiene la dll tdh.dll
Microsoft (R) COFF/PE Dumper Version 14.16.27034.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file C:\Windows\System32\tdh.dll
File Type: DLL
Section contains the following exports for tdh.dll
00000000 characteristics
C69EBF73 time date stamp
0.00 version
1 ordinal base
35 number of functions
35 number of names
ordinal hint RVA name
1 0 00012340 DllCanUnloadNow
2 1 00012360 DllGetClassObject
3 2 00012510 TdhAggregatePayloadFilters
4 3 0001A6A0 TdhApplyPayloadFilter
5 4 00012560 TdhCleanupPayloadEventFilterDescriptor
6 5 0001FE20 TdhCloseDecodingHandle
7 6 000125D0 TdhCreatePayloadFilter
8 7 00012610 TdhDeletePayloadFilter
9 8 00012F40 TdhEnumerateManifestProviderEvents
10 9 00012F70 TdhEnumerateProviderFieldInformation
11 A 00012680 TdhEnumerateProviderFilters
12 B 0000B190 TdhEnumerateProviders
13 C 0001EE30 TdhEnumerateRemoteWBEMProviderFieldInformation
14 D 0001EF30 TdhEnumerateRemoteWBEMProviders
15 E 00013070 TdhFormatProperty
16 F 000126E0 TdhGetAllEventsInformation
17 10 0001FE40 TdhGetDecodingParameter
18 11 00004AD0 TdhGetEventInformation
19 12 00013270 TdhGetEventMapInformation
20 13 00013300 TdhGetManifestEventInformation
21 14 000044C0 TdhGetProperty
22 15 00012770 TdhGetPropertyOffsetAndSize
23 16 00003ED0 TdhGetPropertySize
24 17 0001FEB0 TdhGetWppMessage
25 18 0001FEE0 TdhGetWppProperty
26 19 00013360 TdhLoadManifest
27 1A 00012820 TdhLoadManifestFromBinary
28 1B 000133B0 TdhLoadManifestFromMemory
29 1C 0001FFA0 TdhOpenDecodingHandle
30 1D 0000B0E0 TdhQueryProviderFieldInformation
31 1E 0001F0C0 TdhQueryRemoteWBEMProviderFieldInformation
32 1F 00020050 TdhSetDecodingParameter
33 20 000133D0 TdhUnloadManifest
34 21 00013420 TdhUnloadManifestFromMemory
35 22 0001AF80 TdhValidatePayloadFilter
Summary
37000 .data
1000 .didat
4000 .pdata
82000 .rdata
7000 .reloc
1000 .rsrc
54000 .text
Integridad de la dll tdh.dll
Algorithm Hash Path
--------- ---- ----
SHA256 530AA67338AE18FF2783F75D51E43656B8A4BA58B52EAF46EAF776C61DCB153C C:\Windows\System32\tdh.dll
Detalles sobre el fichero dll tdh.dll
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\tdh.dll
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32
PSChildName : tdh.dll
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
Mode : -a----
VersionInfo : File: C:\Windows\System32\tdh.dll
InternalName: tdh.dll
OriginalFilename: tdh.dll.mui
FileVersion: 10.0.19041.561 (WinBuild.160101.0800)
FileDescription: Biblioteca auxiliar de seguimiento de eventos
Product: Sistema operativo Microsoft® Windows®
ProductVersion: 10.0.19041.561
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language: Español (España, internacional)
BaseName : tdh
Target : {C:\Windows\WinSxS\amd64_microsoft-windows-c..tem-tracedatahelper_31bf3856ad364e35_10.0.19041.546_none_d3048ce16
a41d3f5\tdh.dll}
LinkType : HardLink
Name : tdh.dll
Length : 1125888
DirectoryName : C:\Windows\System32
Directory : C:\Windows\System32
IsReadOnly : False
Exists : True
FullName : C:\Windows\System32\tdh.dll
Extension : .dll
CreationTime : 21/11/2020 8:44:47
CreationTimeUtc : 21/11/2020 7:44:47
LastAccessTime : 03/12/2020 15:45:27
LastAccessTimeUtc : 03/12/2020 14:45:27
LastWriteTime : 21/11/2020 8:44:47
LastWriteTimeUtc : 21/11/2020 7:44:47
Attributes : Archive
Procesos que utilizan la dll tdh.dll
explorer