Share via

List of Modules loaded

While working on the .NET Loader and now in Bing where I am right now working on some features around module loading I frequently need to know and filter on the list of modules (dll/exe) loaded in a process or on the whole system. There are many ways to do that like use GUI tools like Process Explorer (https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) or even attach a debugger and get the list of loaded modules. But those to me seems either cumbersome (GUI) or intrusive (debugger). So I have written a small command line tool. It’s native and less than 100kb in size. You can get the source on GitHub at https://github.com/bonggeek/Samples/tree/master/ListModule or the binary at https://1drv.ms/1NAzkvy.

The usage is simple. To see the modules loaded in all processes with the name note in it. You just use the following

 F:\GitHub\Samples\ListModule>listmodule note
Searching for note in 150 processes

\Device\HarddiskVolume2\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (8896)
========================================================
        (0x00DB0000)    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
        (0xCBEF0000)    C:\windows\SYSTEM32\ntdll.dll
        (0x776D0000)    C:\windows\SYSTEM32\wow64.dll
...

\Device\HarddiskVolume2\Program Files\Microsoft Office 15\root\office15\onenote.exe (12192)
========================================================
        (0x01340000)    C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
        (0xCBEF0000)    C:\windows\SYSTEM32\ntdll.dll
...

\Device\HarddiskVolume2\Windows\System32\notepad.exe (19680)
========================================================
        (0xF64A0000)    C:\windows\system32\notepad.exe
        (0xCBEF0000)    C:\windows\SYSTEM32\ntdll.dll
        (0xCB7D0000)    C:\windows\system32\KERNEL32.DLL
...

The code uses Win32 APIs to get the info. This is a quick tool I wrote, so if you find any bugs, send it my way.

Comments