Data Acquisition listdlls Lab

[toggle_content title="Transcript"] Hey, Leo Dregier here. I want to talk about a program called List the DLLS – l-i-s-t-d-l-l: List the Dynamic Link Libraries. Uh, as you just hit Enter, uh, you, as you can see, it’ll just produce a lot of information right away, very overwhelming. Going to power through this screen so that’s not really going to be helpful. What I recommend you doing is check out the help options first. So, listdlls, listdlls and space forward slash question mark. You can basically find the DLLs that are associated with a process name or a process ID. And you could, any way you can find the process ID is fair game, whether it be something like PS list, uh, or there’re several programs that can do it, or the, the process name if you just want to go to Task Manager and look at the name of the process, that’s easy enough to do as well. So, what I recommend you doing is running this against an application or a specific process. I just happened to have Chrome open, so let’s do a listdlls, uh, chrome, all right? And as you can see, a bunch of information goes to the screen, so let’s uh, output the information to a file so we can evaluate it on our terms. Um, so let’s call it chrome.txt. Then open that up with Notepad, okay. And now we can look at this a little easier. It’s kind of the way you have to do things in Windows. So again, this is just, it’s just internal in Tools. It’s been around for some time. Uh, it pulls the name of the application that we ask, that we asked it for. Uh, it also tells us, and it correlates that to the specific process ID and then ties into the application which is actually running. So, then definitely in the, uh, hacking world, uh, we correlate process ID, or owner ID, uh, to the executable, or to the registry setting, or wherever. Uh, you have the base memory location, the size, and the specific path to the DLL that it’s using. And it’ll just go through these and call every single reference. So, as you can see, something as simple as Chrome quite a, quite, [02:28] I mean, there’s a lot right here. Uh, everything from, you know, bcrypt.dll, [02:36] looks like shadow, something there, right? And so you can evaluate these names if you’re coming at this from the programming point of view, it may just be an easy way to map it, uh, but from a, if you’re coming from a networking point of view, it’s, certainly mapping it, something like, you know, uh, proxying, or the ability to proxy to a particular application. So, it, it discloses to you the analyzer, you know, how this, this application and process, and connection, and DLL relationship actually works. Um, so I’ll see you guys in the chat dialog boxes. Uh, make sure that you message and communicate. My name’s Leo Dregier, and thank you for checking us out on Facebook, LinkedIn, YouTube, and Twitter. [/toggle_content] Dlls are dynamic link libraries.  The listdll, is a handy little utility that list the dlls files currently loaded but it does so in a number or way. You’ll learn the best way to utilize the tool, and what information you gain when looking at dll info from all your processes, from a specific process, or for specific processes that have specific dlls loaded into them. This utility also provides you with specific information on the dll file itself such as its version, whether or not it has a digital signature, its mapping address, etc.  We’ll also discuss why it’s important to review the listdll help system first in order to better target your forensic investigation.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?