 |
||
| Copyright © 1997 Mark Russinovich | ||
| Last
Updated September 1,1997, Version 2.0 |
||
| Introduction | A
question that I often get asked is "Do you know of a utility that
will show me which DLLs are loaded on NT?". The answer I gave up
until recently was "no", until I discovered a tool in the
Windows NT Resource Kit called tlist that does show this
information. I decided to write a free-ware version, ListDLLs.
Note: Version 2.0 shows loaded modules for Win32 services and full pathnames of all loaded modules.
You can also get a GUI-based version of this program, HandleEx, here at NTInternals. |
|
| Installation | Just
copy ListDLLs onto your executable path, and type "listdlls". ListDLLs has been tested on NT 3.51 and NT 4.0. |
|
| Usage | The
default behavior of ListDLLs is to show all the DLLs that are
currently loaded, dividing the display into processes. The information
listed for each DLL includes the address at which it is loaded in a
process, its size, and its version number if it has one. A process name
can also be specified as a command-line argument to only list the DLLs
loaded by that process. usage: listdlls [-p process] |
|
| -p process | Instead
of listing all the loaded DLLs in the system, this parameter narrows
ListDLLs' scan to those processes that begin with the name process.
Thus: listdlls -p exp would dump the loaded DLLs for all processes that start with "exp", which would include Explorer. |
|
| How it Works | ListDLLs is actually quite simple. It uses NtQuerySystemInformation to ask NT to return a buffer filled with information about every process in the system. This information includes process names and process IDs. Then it calls an undocumented functions in NTDLL.DLL to enumerate the modules loaded for each process. The information returned includes the loaded address, size, and full path name of the modules. The undocumented Image Help library (imagehlp.dll) function EnumerateLoadedModules routine comes close to providing this same information, but does not return full path names. For every loaded moduled, ListDLLs calls GetFileVersionInfo to obtain the module's version number. | |
| More Information | You can find documentation for other Image Help functions in MSDN. | |
Download ListDLLs (27KB) |
||
 |
||