Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Where are DLLs Loaded?


  • Please log in to reply
4 replies to this topic

#1 ZiggyStardust

ZiggyStardust

    Wayfarer

  • Pip
  • 65 posts

Posted 27 May 2012 - 03:31 PM

This might be the dumest question in the universe but how can you tell which DLLs are loaded in to memory or are they?

I open a DLL with $DllHandle = DllOpen($Programdir & "\sdx.dll"). I was for some reason expecting to go in to task manager and see this dll as a process or something but all Task Manager displays are the exes.

The DLL is open and my calls work quite well but how can you tell what dlls are open on a computer?







#2 qsek

qsek

    Universalist

  • Active Members
  • PipPipPipPipPip
  • 256 posts

Posted 27 May 2012 - 03:43 PM

This MS Tool may help you:

Process Explorer
http://technet.microsoft.com/en-us/sysinternals/bb896653
Teamspeak 3 User Viewer - Quick and functional TS3 Query script, which shows online users.Cached Screenshot Deleter - Deletes older Fraps Screenshots if they exceed a specified limit.Unresolved Topics:Intercept and modify dragdrop text behaviour in scite

#3 Shaggi

Shaggi

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 309 posts

Posted 27 May 2012 - 04:29 PM

The dll's are loaded into a process own memory space, hence they dont represent seperate processes. There are various methods to show what modules are loaded, here's one: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682621(v=vs.85).aspx
Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

#4 ATR

ATR

    Wayfarer

  • Active Members
  • Pip
  • 66 posts

Posted 27 May 2012 - 04:33 PM

You can use DLL export viewer : http://www.nirsoft.net/utils/dll_export_viewer.html

#5 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,226 posts

Posted 28 May 2012 - 03:48 AM

I have this code by Smok_N, I've modified it slightly and forgot where the original comes from.
It will list loaded dlls in a process on 32bit systems.

AutoIt         
#include<array.au3> $R = _ListModules() _ArrayDisplay($R) ; #FUNCTION# ==================================================================================================================== ; Name ..........: _ProcessListModules ; Description ...: Returns loaded dlls in a process ; Syntax ........: _ProcessListModules($Process) ; Parameters ....: $dwPID              - Process ID. ; Return values .: Array with lots of info ; Author ........: Smoke_N ; Example .......: No ; =============================================================================================================================== Func _ListModules($Process = @AutoItPID)     $Process = ProcessExists($Process)     If Not ProcessExists($Process) Then Return SetError(1, 0, 0)     Local $modlist[99999][7]     Local $iAdd = 0     Local Const $TH32CS_SNAPMODULE = 0x08     Local $tagMODULEENTRY32 = DllStructCreate("dword;dword;dword;dword;dword;byte;dword;ptr;char[256];char[257]")     Local $aDLLCall = DllCall("KERNEL32", "ptr", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPMODULE, "dword", $Process)     Local $hModuleSnap = $aDLLCall[0]     DllStructSetData($tagMODULEENTRY32, 1, DllStructGetSize($tagMODULEENTRY32))     $aDLLCall = DllCall("KERNEL32", "int", "Module32First", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))     $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))       While 1           If Not $aDLLCall[0] Then ExitLoop         While 1 ;~       typedef struct tagMODULEENTRY32 {             ;$avArray[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 1)  ;~                DWORD   dwSize;             ;$avArray[$iAdd][1] = DllStructGetData($tagMODULEENTRY32, 2)  ;~                DWORD   th32ModuleID;             $modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 3)   ;~                DWORD   th32ProcessID;             ;$avArray[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 4)  ;~                DWORD   GlblcntUsage;             $modlist[$iAdd][4] = DllStructGetData($tagMODULEENTRY32, 5)   ;~                DWORD   ProccntUsage;             ;$avArray[$iAdd][5] = DllStructGetData($tagMODULEENTRY32, 6)  ;~                BYTE  * modBaseAddr;             ;$modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 7)  ;~                DWORD   modBaseSize;             $modlist[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 8)   ;~                HMODULE hModule;             $modlist[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 9)   ;~                char    szModule[MAX_MODULE_NAME32 + 1];             $modlist[$iAdd][1] = StringLower(DllStructGetData($tagMODULEENTRY32, 10));~  char   szExePath[MAX_PATH]; ;~       } MODULEENTRY32;             $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))             $iAdd += 1             If Not $aDLLCall[0] Then ExitLoop 2         WEnd     WEnd     ReDim $modlist[$iAdd][5]     DllCall("KERNEL32", "int", "CloseHandle", "ptr", $hModuleSnap)     Return $modlist EndFunc   ;==>_ListModules


Also, there is a link to a script I put together in my signature called "AutoIt Unlocker", it lists dlls and directories that are loaded in a process and gives the user an option to close those dll, directory handles individually.

Dlls are also only listed on 32bit systems but just recently thanks to yashied you can close directory handles on 64bit systems.

Edited by ApudAngelorum, 28 May 2012 - 03:51 AM.

Spoiler

Warning: Posts by this user are subject to change or may disappear without notice.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users