vmsavedstatedumpprovider.dll
- File Path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\vmsavedstatedumpprovider.dll
- Description: VM Saved State Dump Provider
Hashes
| Type |
Hash |
| MD5 |
D5B9879B1747E215D9A0076B12A5ADD3 |
| SHA1 |
3E445178350D3099A27C9C6CAC441A1C01C4722C |
| SHA256 |
8C25048AE75FAEAE73E54F5F08E8965ED32732C06B9B7A70CEE8BA7045E9DC56 |
| SHA384 |
121A06CA049DE80A3B5BBD5B5BC412D01F6EAEABD0A47810C551C94F275F22224D9960EAA81143F29AF1D59BAFFBDB62 |
| SHA512 |
70FBA47258D95C8C5B235380CE74C0D0329DB9046016B30AE2A3358C000ABFF2516FB40B27125455A6EA120E7F805EFE391888E4E62FCB30FD023A3B34A51D25 |
| SSDEEP |
12288:rKKrVGfNZ4vQnN4fottTK4nf0sSJEoGeobyE:mJfNZ4InNh7+U9oEoGe |
| IMP |
AA25CCB530D34E4B8C956C683E08D11B |
| PESHA1 |
7825118102C2C9A4F1DA5E745BDD40BC49FF9822 |
| PE256 |
7B7B9CEABE6CB632EAE828E2F912BEBE9BC494B1B3AC63D5AC3081E9F06C1D08 |
DLL Exports:
| Function Name |
Ordinal |
Type |
LoadSavedStateFile |
16 |
Exported Function |
LoadSavedStateFiles |
17 |
Exported Function |
InKernelSpace |
15 |
Exported Function |
GuestPhysicalAddressToRawSavedMemoryOffset |
13 |
Exported Function |
GuestVirtualAddressToPhysicalAddress |
14 |
Exported Function |
LocateSavedStateFiles |
18 |
Exported Function |
SetMemoryBlockCacheLimit |
22 |
Exported Function |
WriteWindowsCrashDumpFile |
23 |
Exported Function |
ReleaseSavedStateFiles |
21 |
Exported Function |
ReadGuestPhysicalAddress |
19 |
Exported Function |
ReadGuestRawSavedMemory |
20 |
Exported Function |
GetWindowsCrashDumpHeader |
12 |
Exported Function |
ForcePagingMode |
4 |
Exported Function |
GetArchitecture |
5 |
Exported Function |
ForceArchitecture |
3 |
Exported Function |
ApplyGuestMemoryFix |
1 |
Exported Function |
ApplyPendingSavedStateFileReplayLog |
2 |
Exported Function |
GetGuestPhysicalMemoryChunks |
6 |
Exported Function |
GetRegisterValue |
10 |
Exported Function |
GetVpCount |
11 |
Exported Function |
GetPagingMode |
9 |
Exported Function |
GetGuestRawSavedMemorySize |
7 |
Exported Function |
GetMemoryBlockCacheLimit |
8 |
Exported Function |
Signature
- Status: Signature verified.
- Serial:
33000002CF6D2CC57CAA65A6D80000000002CF
- Thumbprint:
1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
- Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: VmSavedStateDumpProvider.dll
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: Unknown
MIT License. Copyright (c) 2020-2021 Strontic.