Application Security Testing: An Integral Part of DevOps
Environment: VC6 SP3, NT4 SP4, Windows 95/98Have you ever experienced an error while loading a DLL when you start an application? Invalid DLL version? Entry point @XXXX not found?
On you LAN, there may be thousands of versions of a DLL! Which version are you using? Which DLL has effectively been loaded by your application? You must check the PATH, the current working directory of your process, etc...
This small application, called "DisplayLoadedModules", connects to a running process, gets the list of DLLs loaded by the process, and display the following information for every DLL:
- Module File Path (e.g. "C:\WINNT4\System32\WS2_32.dll")
- Module Description (e.g. "Windows Socket 2.0 32-Bit DLL")
- Module File Version (e.g. "4.00")
- Associated Product Name (e.g. "Microsoft(R) Windows NT(TM) Operating System")
- Associated Product Version (e.g. "4.00")
- Module File Size (e.g. "59664 bytes")
- Module Creation Date (e.g. "October 14, 1996 03:38:00")
You can also click on the "Who's Locking?" button to find which process has loaded (and thus locked) a DLL. Usefull when you want to delete/move/upgrade a DLL and you get an access denied error (you find the process which locks the DLL and stop it instead of rebooting your computer).
The application can also save the output to a text file. If your application runs on a machine "A" and not on a machine "B", you can compare (using 'diff' or 'windiff') the output of the program on both machines. If you're experiencing a DLL versioning problem, you'll figure out very easily...
On Windows NT, the executable uses one additional DLL: PSAPI.DLL For more on these APIs, please refer to MSDN Platform SDK:
- Process Status Helper (PSAPI)
On Windows 98, the executable uses the ToolHelp32 library. For more on this APIs, please refer to MSDN Platform SDK:
- ToolHelp Library
- Taking a Snapshot and Viewing Processes
- Traversing the Module List
What's new in version 1.10
Regarding to previous version posted in Codeguru (v1.4), this new release provides the following new features:
- Who's Locking Button: find which process is locking a DLL.
- Resizable window
- Runs on Windows NT, Windows 98 and Windows 95 with one executable
- Cleaner Source Code: one reusable C++ class to browse through running processes/modules.
- Three kits: Source Code only, small kit (executable plus documentation only), full kit (with MFC 42 version 6.0 DLL, for plain systems without VC++ 6.0 installed).
The version info is fetched via the CFileVersion class by Manuel Laflamme (posted in www.codeguru.com).
This tool is also available on my web site:
DownloadsDownload runtime - 112 Kb
Download source - 91 Kb