Header Ads

DLL Relocation Finder

About

DLL Relocation Finder is the command-line Tool to detect and list Relocated DLLs in the Process.

Every DLL specifies a base address where it should be mapped during load time. However if that address is occupied by some other DLL then this DLL has to be relocated to new base address. This is called DLL Relocation or DLL Rebasing. This relocation process also happens for ASLR enabled modules.

In such cases, DLL Relocation Finder helps you to find these relocated DLLs and their new addresses. It also provides option to list only relocated or non-relocated or both type of DLLs.

Here are some of the practical observations w.r.t DLL Relocation

  • On pre-Vista systems (winxp, win2k3) very few DLLs are relocated
  • On post-Vista systems (vista, win7, win8) almost all the DLLs are relocated
  • Also majority of the system DLLs are relocated to same new address across different processes (may vary in certain cases).

Being a command-line tool makes it easy to automate through scripting. Also it can be useful tool for researchers & developers.

It is fully portable and contain separate versions for 32-bit and 64-bit systems.It works on all the platforms starting from Windows XP to Windows 8.
How to use?

DLL Relocation Finder is very easy to use tool. It is command-line/console based tool, hence you have to launch it from the command prompt (cmd.exe).

Here is the simple usage information
[For 32-bit Systems]
DLLRelocationFinder32.exe [-r | -n] <pid>
[For 64-bit Systems]
DLLRelocationFinder64.exe [-r | -n] <pid>
 
Examples of DLL Relocation Finder
//Show all the DLLs in the Process with pid 1151
DLLRelocationFinder.exe 1151
//Show only Relocated DLLs from Process 1151
DLLRelocationFinder.exe -r 1151
//Show only Non-Relocated DLLs from Process 1151
DLLRelocationFinder.exe -n 1151
//Show this help screen
DLLRelocationFinder.exe -h
Note that it includes both 32-bit (DLLRelocationFinder32.exe) and 64-bit version (DLLRelocationFinder64.exe). On 64-bit operating systems, you have to use the 64-bit version.
Screenshots
 
DLLRelocationFinder in Action

Download

FREE Download DLL Relocation Finder v1.0

License  : Freeware
Platform : Windows Vista, Windows 7, Windows 8

 
Powered by Blogger.