Didier Stevens

Thursday 20 December 2012

ListModules V0.0.0.1

Filed under: My Software — Didier Stevens @ 0:00

ListModules is a new tool to analyze PE files, like my AnalyzePESig tool. In stead of analyzing all files you point it to, it takes a snapshot of all processes, and analyses the modules (.exe, .dll, …) loaded in these processes. The output is very similar to AnalyzePESig’s output.

Sysinternal’s tool ListDLLs is a similar tool, but ListModules provides more info and is open source.

It helped me a couple of times to find malicious DLLs loaded inside processes that the AV would not catch.

ListModules_V0_0_0_1.zip (https)
MD5: 56D6BD9479915E6FF1C29A9D9F8F7950
SHA256: 43DFAD3F18C2F317E283BCDD453311BB17F6216C6748C25D102778DF63021069

1 Comment »

  1. Process Explorer also can display info about loaded DLLs, but it’s nowhere near yours.

    Comment by Grzechooo — Thursday 20 December 2012 @ 14:29


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.