Skip to content
/ logdlls Public

A utility to track DLLs loaded by a Windows process and log them to a file

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

1tgr/logdlls

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
Program.fs
Program.fs
 
 
README.md
README.md
 
 
appveyor.yml
appveyor.yml
 
 
logdlls.fsproj
logdlls.fsproj
 
 
logdlls.sln
logdlls.sln
 
 

Repository files navigation

logdlls

A utility to track DLLs loaded by a Windows process and log them to a file.

Usage

logdlls dlls.txt app.exe arg1 arg2 [...]

Latest build

win32:

Release: logdlls.exe

Debug: logdlls.exe

How it works

logdlls acts as a debugger; it starts the process (and any child processes) using CreateProcess with the DEBUG_PROCESS flag, then calls WaitForDebugEvent. For events of type LOAD_DLL_DEBUG_EVENT, logdlls accepts a file handle to the DLL, passes it to a background thread, and allows the process to continue.

The background thread obtains the name of the DLL from its file handle: it calls CreateFileMapping, MapViewOfFile, then GetMappedFileName. Note that strings returned from GetMappedFileName use Windows kernel syntax; logdlls uses GetLogicalDriveStrings to find all the drive letters in the system, then QueryDosDevice to find which the letter of the drive on which the DLL is located.

About

A utility to track DLLs loaded by a Windows process and log them to a file

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages