A list of all the DLLs export in C:\windows\system32\

The idea is to find some interesting export that can be used to evade some detection.

The list was extracted from the following builds:

Windows 10 Build 19043
Windows 11 Build 22000

DumpExport.c can be compiled and run locally. DumpExport.exe can be used to gather the information on your system.

PS> foreach($dll in gci -Path C:\windows\system32\ -Filter *.dll) { .\dumpexport.exe $($dll.Name) | out-file -FilePath .\$($dll.Name).txt -Encoding ASCII }

the exports.db is a sqlite3 database that contains the dll name and the export name in a table defined as following

table|exports|exports|2|CREATE TABLE exports (dllname text, exportname text)

The sqlite database can be imported into sqlite_web to query the database from a web interface.

pip3 install sqlite_web

Copy the exports.db and run sqlite_web using the following command

sqlite_web -H 0.0.0.0 -p 80 -r -x /opt/exports/exports.db

The sqlite_web interface can be queried as shown below

A json file is also available exports.json

Mr.Un1k0d3r RingZer0 Team