Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / DFI / MEMORY / DUMP / VOLATILITY / Modules

dlllist

Walks PEB loader list (userland module list)

Misses

  • Unlinked DLLs
  • Manual mapped DLLs

Commands

# List loaded DLLs for process (Vol2)  
vol.py -f <mem> --profile=<profile> dlllist -p <PID>  
  
# List loaded DLLs (Vol3)  
python3 vol.py -f <mem> windows.dlllist --pid <PID>