APIVoid: Threat Analysis APIs for Threat Detection & Prevention

Unloaded Module Viewer v1.0

Unloaded Module Viewer (UMV) is a standalone GUI tool designed to enumerate and list Portable Executable (PE) modules (.DLL, .CPL, .EXE etc.) that have been dynamically unloaded throughout the life of a process. When a module is unloaded by the Windows PE loader (with APIs such as FreeLibrary/LdrUnloadDll) certain module information is cached as a snapshot by NTDLL inside the respective process address space which can be useful come investigation time. This internal and private cache consists of the last 64 modules that have been
unloaded and it provides relevant information such as the module name, load address,
module size, timestamp and checksum.

For Windows Vista, 7, 8, 10 (32\64-bit)

app screenshot

View Unloaded Modules

The information provided by this tool does not require an active debugging session on any target process, unlike the WinDbg -LM (list loaded and unloaded modules) command. Unloaded Module Viewer can be especially useful to developers, security researchers and reverse engineers looking to analyze run-time module
unloading behavior inside a process of interest. For example, some malware use DLL injection in order to enter the address space of a process and modify some memory then after these changes occur it may self-unload its own DLL so that it doesn't stand out in an active loaded module list. Unloaded modules are no longer
resident in memory and are invisible in active loaded module lists (such as PSAPI, ToolHelp,
VirtualQueryEx etc.) but with this tool you are able to obtain the full picture of
once loaded modules which are no longer loaded.

Catch Unloaded Modules

Smart tool to analyze run-time module unloading behavior inside a process.

Save Data to File

Easily export the list of all unloaded modules for the selected process to a .log file.

Simple to Use

Select the process and wait for the textarea to be populated with unloaded modules.

Very Lightweight

The software application uses only a few MBs of memory, you will not even notice it.

No Spyware/Adware

The program is free from spyware, adware or other pests, nothing extra is installed.

Free to Use

This software is completely free to use for anyone, at home and at work.

Application Screenshots

Here there are some screenshots of the application.

app screen

Product Details

Version 1.0
Last Updated June 4, 2018
Operating System For Windows Vista, 7, 8, 10 (32\64-bit)
Category Malware Analysis Tools
License Type Freeware
File Size 1.6 MB