Sign in to follow this  
Followers 0

Where are DLLs Loaded?

5 posts in this topic

Posted

This might be the dumest question in the universe but how can you tell which DLLs are loaded in to memory or are they?

I open a DLL with $DllHandle = DllOpen($Programdir & "\sdx.dll"). I was for some reason expecting to go in to task manager and see this dll as a process or something but all Task Manager displays are the exes.

The DLL is open and my calls work quite well but how can you tell what dlls are open on a computer?

Share this post


Link to post
Share on other sites



Posted

This MS Tool may help you:

Process Explorer

http://technet.microsoft.com/en-us/sysinternals/bb896653

Share this post


Link to post
Share on other sites

Posted

You can use DLL export viewer : http://www.nirsoft.net/utils/dll_export_viewer.html

Share this post


Link to post
Share on other sites

Posted (edited)

I have this code by Smok_N, I've modified it slightly and forgot where the original comes from.

It will list loaded dlls in a process on 32bit systems.

#include<array.au3>
$R = _ListModules()
_ArrayDisplay($R)
; #FUNCTION# ====================================================================================================================
; Name ..........: _ProcessListModules
; Description ...: Returns loaded dlls in a process
; Syntax ........: _ProcessListModules($Process)
; Parameters ....: $dwPID              - Process ID.
; Return values .: Array with lots of info
; Author ........: Smoke_N
; Example .......: No
; ===============================================================================================================================
Func _ListModules($Process = @AutoItPID)
    $Process = ProcessExists($Process)
    If Not ProcessExists($Process) Then Return SetError(1, 0, 0)
    Local $modlist[99999][7]
    Local $iAdd = 0
    Local Const $TH32CS_SNAPMODULE = 0x08
    Local $tagMODULEENTRY32 = DllStructCreate("dword;dword;dword;dword;dword;byte;dword;ptr;char[256];char[257]")

    Local $aDLLCall = DllCall("KERNEL32", "ptr", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPMODULE, "dword", $Process)
    Local $hModuleSnap = $aDLLCall[0]
    DllStructSetData($tagMODULEENTRY32, 1, DllStructGetSize($tagMODULEENTRY32))
    $aDLLCall = DllCall("KERNEL32", "int", "Module32First", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))
    $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))
  
    While 1  
        If Not $aDLLCall[0] Then ExitLoop
        While 1
;~       typedef struct tagMODULEENTRY32 {
            ;$avArray[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 1)  ;~                DWORD   dwSize;
            ;$avArray[$iAdd][1] = DllStructGetData($tagMODULEENTRY32, 2)  ;~                DWORD   th32ModuleID;
            $modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 3)   ;~                DWORD   th32ProcessID;
            ;$avArray[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 4)  ;~                DWORD   GlblcntUsage;
            $modlist[$iAdd][4] = DllStructGetData($tagMODULEENTRY32, 5)   ;~                DWORD   ProccntUsage;
            ;$avArray[$iAdd][5] = DllStructGetData($tagMODULEENTRY32, 6)  ;~                BYTE  * modBaseAddr;
            ;$modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 7)  ;~                DWORD   modBaseSize;
            $modlist[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 8)   ;~                HMODULE hModule;
            $modlist[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 9)   ;~                char    szModule[MAX_MODULE_NAME32 + 1];
            $modlist[$iAdd][1] = StringLower(DllStructGetData($tagMODULEENTRY32, 10));~  char   szExePath[MAX_PATH];
;~       } MODULEENTRY32;
            $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))
            $iAdd += 1
            If Not $aDLLCall[0] Then ExitLoop 2
        WEnd
    WEnd
    ReDim $modlist[$iAdd][5]
    DllCall("KERNEL32", "int", "CloseHandle", "ptr", $hModuleSnap)
    Return $modlist
EndFunc   ;==>_ListModules

Also, there is a link to a script I put together in my signature called "AutoIt Unlocker", it lists dlls and directories that are loaded in a process and gives the user an option to close those dll, directory handles individually.

Dlls are also only listed on 32bit systems but just recently thanks to yashied you can close directory handles on 64bit systems.

Edited by ApudAngelorum

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0