内容纲要

如果不知道 exe 所依赖的 dll,可能是动态加载的 dll,可通过 ollydbg 调试 exe,查看加载的模块;也可以通过 listdlls.exe 来列出依赖的 dll,单纯的使用 depends.exe 是不能看出动态加载的 dll。

Download Sysinternals Suite.
Run command line tool(cmd) with administrative privileges.
To scan all running processes for using unverified DLLs, execute:
x:\path\to\sysinternals_suite\listdlls.exe -u

-u Only list unsigned DLLs.

To scan a specific process for using unverified DLLs, execute:
x:\path\to\sysinternals_suite\listdlls.exe -u process_name

or
x:\path\to\sysinternals_suite\listdlls.exe -u process_id

To search for processes that have loaded a specific DLL, execute:
x:\path\to\sysinternals_suite\listdlls.exe -d dll_name

for ex.
x:\path\to\sysinternals_suite\listdlls.exe -d kernel32

Options:

usage: listdlls [-r] [-v | -u] [processname|pid]
usage: listdlls [-r] [-v] [-d dllname]
  processname   Dump DLLs loaded by process (partial name accepted)
  pid           Dump DLLs associated with the specified process id
  dllname       Show only processes that have loaded the specified DLL.
  -r            Flag DLLs that relocated because they are not loaded at
                their base address.
  -u            Only list unsigned DLLs.
  -v            Show DLL version information.

发表评论

电子邮件地址不会被公开。 必填项已用*标注