Jump to content
Sign in to follow this  

Where are DLLs Loaded?

Recommended Posts


This might be the dumest question in the universe but how can you tell which DLLs are loaded in to memory or are they?

I open a DLL with $DllHandle = DllOpen($Programdir & "\sdx.dll"). I was for some reason expecting to go in to task manager and see this dll as a process or something but all Task Manager displays are the exes.

The DLL is open and my calls work quite well but how can you tell what dlls are open on a computer?

Share this post

Link to post
Share on other sites

The dll's are loaded into a process own memory space, hence they dont represent seperate processes. There are various methods to show what modules are loaded, here's one: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682621(v=vs.85).aspx

Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Share this post

Link to post
Share on other sites

You can use DLL export viewer : http://www.nirsoft.net/utils/dll_export_viewer.html

Share this post

Link to post
Share on other sites

I have this code by Smok_N, I've modified it slightly and forgot where the original comes from.

It will list loaded dlls in a process on 32bit systems.

$R = _ListModules()
; #FUNCTION# ====================================================================================================================
; Name ..........: _ProcessListModules
; Description ...: Returns loaded dlls in a process
; Syntax ........: _ProcessListModules($Process)
; Parameters ....: $dwPID              - Process ID.
; Return values .: Array with lots of info
; Author ........: Smoke_N
; Example .......: No
; ===============================================================================================================================
Func _ListModules($Process = @AutoItPID)
    $Process = ProcessExists($Process)
    If Not ProcessExists($Process) Then Return SetError(1, 0, 0)
    Local $modlist[99999][7]
    Local $iAdd = 0
    Local Const $TH32CS_SNAPMODULE = 0x08
    Local $tagMODULEENTRY32 = DllStructCreate("dword;dword;dword;dword;dword;byte;dword;ptr;char[256];char[257]")

    Local $aDLLCall = DllCall("KERNEL32", "ptr", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPMODULE, "dword", $Process)
    Local $hModuleSnap = $aDLLCall[0]
    DllStructSetData($tagMODULEENTRY32, 1, DllStructGetSize($tagMODULEENTRY32))
    $aDLLCall = DllCall("KERNEL32", "int", "Module32First", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))
    $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))
    While 1  
        If Not $aDLLCall[0] Then ExitLoop
        While 1
;~       typedef struct tagMODULEENTRY32 {
            ;$avArray[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 1)  ;~                DWORD   dwSize;
            ;$avArray[$iAdd][1] = DllStructGetData($tagMODULEENTRY32, 2)  ;~                DWORD   th32ModuleID;
            $modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 3)   ;~                DWORD   th32ProcessID;
            ;$avArray[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 4)  ;~                DWORD   GlblcntUsage;
            $modlist[$iAdd][4] = DllStructGetData($tagMODULEENTRY32, 5)   ;~                DWORD   ProccntUsage;
            ;$avArray[$iAdd][5] = DllStructGetData($tagMODULEENTRY32, 6)  ;~                BYTE  * modBaseAddr;
            ;$modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 7)  ;~                DWORD   modBaseSize;
            $modlist[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 8)   ;~                HMODULE hModule;
            $modlist[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 9)   ;~                char    szModule[MAX_MODULE_NAME32 + 1];
            $modlist[$iAdd][1] = StringLower(DllStructGetData($tagMODULEENTRY32, 10));~  char   szExePath[MAX_PATH];
;~       } MODULEENTRY32;
            $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32))
            $iAdd += 1
            If Not $aDLLCall[0] Then ExitLoop 2
    ReDim $modlist[$iAdd][5]
    DllCall("KERNEL32", "int", "CloseHandle", "ptr", $hModuleSnap)
    Return $modlist
EndFunc   ;==>_ListModules

Also, there is a link to a script I put together in my signature called "AutoIt Unlocker", it lists dlls and directories that are loaded in a process and gives the user an option to close those dll, directory handles individually.

Dlls are also only listed on 32bit systems but just recently thanks to yashied you can close directory handles on 64bit systems.

Edited by ApudAngelorum

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this