This is a C# application that is be able to extract DLL information from running processes and conduct limited reporting on that data for analysis. This app could be used for both Blue team and Red teaming.
./DllComparer.exe ?
Commands Menu:
-h
Show Help Menu
-d
Dump all the DLL's seen with the count of how many times each was seen.
-s
Dump all process and show their Dll's
-e
Show errors
-f {SearchTerm}
Search for Process name, PID, or DLL name
-j {FileName}
Write a JSON with all findings to disk
- View DLL information for running processes for analysis.
You will have to run as admin to see every process info (that the way windows is built).
Get-Process * | select -ExpandProperty modules | select -Unique | Where-Object {!$_.FileName.ToLower().Contains('c:\windows\') -and !$_.FileName.ToLower().Contains('c:\program files\windowsapps\')} | convertto-json | out-file "$Env:HOMEPATH\Downloads\json.json"
- Fork and submit pull request
- Help with DLL gathering: https://stackoverflow.com/questions/36431220/getting-a-list-of-dlls-currently-loaded-in-a-process-c-sharp
Use at your own risk. For educational purposes only.