DLL View

DLLs (Dynamic Link Libraries) are shared pieces of compiled code that are stored in a separate file and can be shared among multiple applications. For instance, instead of having every application write their own File/Open or File/Save dialogs, all applications can simply use the common dialog code provided by Windows in the comdlg32.dll file.

The DLL View shows the image file, DLLs, and data files mapped into the address space of the selected process. You can open it in the lower pane by pressing the Ctrl + d shortcut (to close it, use Ctrl + l):

The DLL View behaves similar to the Procexp main window – values are updated at the automatic refresh interval, newly loaded DLLs are highlighted in green and newly unloaded DLLs are highlighted in red, columns can be reordered, resized, and sorted, etc.

Here is a list of the columns present in the DLL view:

Name – the file name of the DLL or mapped file (e.g. cryptbase.dll).
Description – a short description of the resource (e.g. Base cryptographic API DLL)
Company name – the name of the company (e.g. Microsoft Corporation)
Path – the full path to the DLL or mapped file (e.g. C:\Windows\System32\cryptbase.dll).

You can right-click the DLL in the DLL view to get three additional options:

Properties – displays a Properties dialog box for the selected DLL
Search Online – launches a search for the selected DLL using your default browser.
Check VirusTotal – submits DLL hashes to Virus Total

Geek University 2022