如果不知道 exe 所依赖的 dll,可能是动态加载的 dll,可通过 ollydbg 调试 exe,查看加载的模块;也可以通过 listdlls.exe 来列出依赖的 dll,单纯的使用 depends.exe 是不能看出动态加载的 dll。
Download Sysinternals Suite.
Run command line tool(cmd) with administrative privileges.
To scan all running processes for using unverified DLLs, execute:
x:\path\to\sysinternals_suite\listdlls.exe -u
-u Only list unsigned DLLs.
To scan a specific process for using unverified DLLs, execute:
x:\path\to\sysinternals_suite\listdlls.exe -u process_name
or
x:\path\to\sysinternals_suite\listdlls.exe -u process_id
To search for processes that have loaded a specific DLL, execute:
x:\path\to\sysinternals_suite\listdlls.exe -d dll_name
for ex.
x:\path\to\sysinternals_suite\listdlls.exe -d kernel32
Options:
usage: listdlls [-r] [-v | -u] [processname|pid]
usage: listdlls [-r] [-v] [-d dllname]
processname Dump DLLs loaded by process (partial name accepted)
pid Dump DLLs associated with the specified process id
dllname Show only processes that have loaded the specified DLL.
-r Flag DLLs that relocated because they are not loaded at
their base address.
-u Only list unsigned DLLs.
-v Show DLL version information.
网友评论