ZiggyStardust Posted May 27, 2012 Share Posted May 27, 2012 This might be the dumest question in the universe but how can you tell which DLLs are loaded in to memory or are they? I open a DLL with $DllHandle = DllOpen($Programdir & "\sdx.dll"). I was for some reason expecting to go in to task manager and see this dll as a process or something but all Task Manager displays are the exes. The DLL is open and my calls work quite well but how can you tell what dlls are open on a computer? Link to comment Share on other sites More sharing options...
qsek Posted May 27, 2012 Share Posted May 27, 2012 This MS Tool may help you:Process Explorerhttp://technet.microsoft.com/en-us/sysinternals/bb896653 Teamspeak 3 User Viewer - Quick and functional TS3 Query script, which shows online users.Cached Screenshot Deleter - Deletes older Fraps Screenshots if they exceed a specified limit.Unresolved Topics:Intercept and modify dragdrop text behaviour in scite Link to comment Share on other sites More sharing options...
Shaggi Posted May 27, 2012 Share Posted May 27, 2012 The dll's are loaded into a process own memory space, hence they dont represent seperate processes. There are various methods to show what modules are loaded, here's one: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682621(v=vs.85).aspx Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG Link to comment Share on other sites More sharing options...
ATR Posted May 27, 2012 Share Posted May 27, 2012 You can use DLL export viewer : http://www.nirsoft.net/utils/dll_export_viewer.html Link to comment Share on other sites More sharing options...
Skitty Posted May 28, 2012 Share Posted May 28, 2012 (edited) I have this code by Smok_N, I've modified it slightly and forgot where the original comes from. It will list loaded dlls in a process on 32bit systems. expandcollapse popup#include<array.au3> $R = _ListModules() _ArrayDisplay($R) ; #FUNCTION# ==================================================================================================================== ; Name ..........: _ProcessListModules ; Description ...: Returns loaded dlls in a process ; Syntax ........: _ProcessListModules($Process) ; Parameters ....: $dwPID - Process ID. ; Return values .: Array with lots of info ; Author ........: Smoke_N ; Example .......: No ; =============================================================================================================================== Func _ListModules($Process = @AutoItPID) $Process = ProcessExists($Process) If Not ProcessExists($Process) Then Return SetError(1, 0, 0) Local $modlist[99999][7] Local $iAdd = 0 Local Const $TH32CS_SNAPMODULE = 0x08 Local $tagMODULEENTRY32 = DllStructCreate("dword;dword;dword;dword;dword;byte;dword;ptr;char[256];char[257]") Local $aDLLCall = DllCall("KERNEL32", "ptr", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPMODULE, "dword", $Process) Local $hModuleSnap = $aDLLCall[0] DllStructSetData($tagMODULEENTRY32, 1, DllStructGetSize($tagMODULEENTRY32)) $aDLLCall = DllCall("KERNEL32", "int", "Module32First", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32)) $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32)) While 1 If Not $aDLLCall[0] Then ExitLoop While 1 ;~ typedef struct tagMODULEENTRY32 { ;$avArray[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 1) ;~ DWORD dwSize; ;$avArray[$iAdd][1] = DllStructGetData($tagMODULEENTRY32, 2) ;~ DWORD th32ModuleID; $modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 3) ;~ DWORD th32ProcessID; ;$avArray[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 4) ;~ DWORD GlblcntUsage; $modlist[$iAdd][4] = DllStructGetData($tagMODULEENTRY32, 5) ;~ DWORD ProccntUsage; ;$avArray[$iAdd][5] = DllStructGetData($tagMODULEENTRY32, 6) ;~ BYTE * modBaseAddr; ;$modlist[$iAdd][2] = DllStructGetData($tagMODULEENTRY32, 7) ;~ DWORD modBaseSize; $modlist[$iAdd][3] = DllStructGetData($tagMODULEENTRY32, 8) ;~ HMODULE hModule; $modlist[$iAdd][0] = DllStructGetData($tagMODULEENTRY32, 9) ;~ char szModule[MAX_MODULE_NAME32 + 1]; $modlist[$iAdd][1] = StringLower(DllStructGetData($tagMODULEENTRY32, 10));~ char szExePath[MAX_PATH]; ;~ } MODULEENTRY32; $aDLLCall = DllCall("KERNEL32", "int", "Module32Next", "ptr", $hModuleSnap, "long", DllStructGetPtr($tagMODULEENTRY32)) $iAdd += 1 If Not $aDLLCall[0] Then ExitLoop 2 WEnd WEnd ReDim $modlist[$iAdd][5] DllCall("KERNEL32", "int", "CloseHandle", "ptr", $hModuleSnap) Return $modlist EndFunc ;==>_ListModules Also, there is a link to a script I put together in my signature called "AutoIt Unlocker", it lists dlls and directories that are loaded in a process and gives the user an option to close those dll, directory handles individually. Dlls are also only listed on 32bit systems but just recently thanks to yashied you can close directory handles on 64bit systems. Edited May 28, 2012 by ApudAngelorum Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now