SecurityXploded.com
DLL Relocation Finder : command-line Tool to detect and list Relocated DLLs in the Process
 
 
DLL Relocation Finder
 
 
 
See Also
 
 
Contents
 
 
 
About
DLL Relocation Finder is the command-line Tool to detect and list Relocated DLLs in the Process.

Every DLL specifies a base address where it should be mapped during load time. However if that address is occupied by some other DLL then this DLL has to be relocated to new base address. This is called DLL Relocation or DLL Rebasing. This relocation process also happens for ASLR enabled modules.

In such cases, DLL Relocation Finder helps you to find these relocated DLLs and their new addresses. It also provides option to list only relocated or non-relocated or both type of DLLs.


Here are some of the practical observations w.r.t DLL Relocation

  • On pre-Vista systems (winxp, win2k3) very few DLLs are relocated
  • On post-Vista systems (vista, win7, win8) almost all the DLLs are relocated
  • Also majority of the system DLLs are relocated to same new address across different processes (may vary in certain cases).

Being a command-line tool makes it easy to automate through scripting. Also it can be useful tool for researchers & developers.


It is fully portable and contain separate versions for 32-bit and 64-bit systems.It works on all the platforms starting from Windows XP to Windows 8.

 
 
 
How to use?
DLL Relocation Finder is very easy to use tool. It is command-line/console based tool, hence you have to launch it from the command prompt (cmd.exe).

Here is the simple usage information
[For 32-bit Systems]
DLLRelocationFinder32.exe [-r | -n] [<pid> | <process_name>]
 
[For 64-bit Systems]
DLLRelocationFinder64.exe [-r | -n] [<pid> | <process_name>]
 

Examples of DLL Relocation Finder

//Show all the DLLs in the Process with pid 1151
DLLRelocationFinder.exe 1151
 
//Show all the DLLs in the Process 'chrome.exe'
DLLRelocationFinder.exe chrome.exe
 
//Show only Relocated DLLs from Process 1151
DLLRelocationFinder.exe -r 1151
 
//Show only Relocated DLLs from Process 'chrome.exe'
DLLRelocationFinder.exe -r chrome.exe
 
//Show only Non-Relocated DLLs from Process 1151
DLLRelocationFinder.exe -n 1151
 
//Show only Non-Relocated DLLs from Process 'chrome.exe'
DLLRelocationFinder.exe -n chrome.exe
 
//Show this help screen
DLLRelocationFinder.exe -h
 
 
Note that it includes both 32-bit (DLLRelocationFinder32.exe) and 64-bit version (DLLRelocationFinder64.exe). On 64-bit operating systems, you have to use the 64-bit version.
 
 
 
Screenshots
 
DLLRelocationFinder in Action
 
 
 
Release History
 
Version 1.5: 18th Jun 2013
Now you can enter 'Process name' directly in addition to Process ID for all operations. Also detects and alerts user on accidental running of 32-bit version on 64-bit system.
 
Version 1.0: 30th Apr 2013
First public release of DLL Relocation Finder.
 
 
 
Download
FREE Download DLL Relocation Finder v1.5

License  : Freeware
Platform : Windows XP, Vista, Windows 7, Windows 8

Download
 
 
 
 
See Also
Our Free Gift for You »»
Get Your FREE Gift (worth $49.95)
All-In-One Key Finder Pro
Download Now
Popular Software »»
Asterisk Password Recovery Pro
Download Now
Top 10 Free Downloads »»
Top 10 Pro Softwares »»
How to Recover Passwords »»
Latest Releases »»
Top Research Articles »»
Our Enterprise Company
www.XenArmor.com
Testimonials »»
"I have found 'SecurityXploded' tools to be an invaluable asset..."

James Cadden, East Lansdowne Police, Pennsylvania, USA

Awards »»
Awards for our softwares from leading Download Sites
About SX
Security Tools
Resources
Our Security Group

SecurityXploded - SAFE & SECURE Site Certification

McAfee Site Advisor - SAFE Rating                                     Comodo Secure Seal
SecurityXploded © 2007-2024, All rights reserved. Division of XenArmor Security Pvt Ltd. Sponsored Post  |  Advertise  |  Privacy  |  Terms  |  About  |  Contact