While working on the .NET Loader and now in Bing where I am right now working on some features around module loading I frequently need to know and filter on the list of modules (dll/exe) loaded in a process or on the whole system. There are many ways to do that like use GUI tools like Process Explorer (https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) or even attach a debugger and get the list of loaded modules. But those to me seems either cumbersome (GUI) or intrusive (debugger). So I have written a small command line tool. It’s native and less than 100kb in size. You can get the source on GitHub at https://github.com/bonggeek/Samples/tree/master/ListModule or the binary at http://1drv.ms/1NAzkvy.
The usage is simple. To see the modules loaded in all processes with the name note in it. You just use the following
F:\GitHub\Samples\ListModule>listmodule note
Searching for note in 150 processes
\Device\HarddiskVolume2\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (8896)
========================================================
(0x00DB0000) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(0xCBEF0000) C:\windows\SYSTEM32\ntdll.dll
(0x776D0000) C:\windows\SYSTEM32\wow64.dll
...
\Device\HarddiskVolume2\Program Files\Microsoft Office 15\root\office15\onenote.exe (12192)
========================================================
(0x01340000) C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
(0xCBEF0000) C:\windows\SYSTEM32\ntdll.dll
...
\Device\HarddiskVolume2\Windows\System32\notepad.exe (19680)
========================================================
(0xF64A0000) C:\windows\system32\notepad.exe
(0xCBEF0000) C:\windows\SYSTEM32\ntdll.dll
(0xCB7D0000) C:\windows\system32\KERNEL32.DLL
...
The code uses Win32 APIs to get the info. This is a quick tool I wrote, so if you find any bugs, send it my way.
No comments:
Post a Comment