Unloaded Module Viewer (UMV) is a standalone GUI tool designed to enumerate and list Portable Executable (PE) modules (.DLL, .CPL, .EXE etc.) that have been dynamically unloaded throughout the life of a process. When a module is unloaded by the Windows PE loader (with APIs such as FreeLibrary/LdrUnloadDll) certain module information is cached as a snapshot by NTDLL inside the respective process address space which can be useful come investigation time. This internal and private cache consists of the last 64 modules that have been
unloaded and it provides relevant information such as the module name, load address,
module size, timestamp and checksum.
For Windows Vista, 7, 8, 10 (32\64-bit)
The information provided by this tool does not require an active debugging session on any target process, unlike the WinDbg -LM (list loaded and unloaded modules) command. Unloaded Module Viewer can be especially useful to developers, security researchers and reverse engineers looking to analyze run-time module
unloading behavior inside a process of interest. For example, some malware use DLL injection in order to enter the address space of a process and modify some memory then after these changes occur it may self-unload its own DLL so that it doesn't stand out in an active loaded module list. Unloaded modules are no longer
resident in memory and are invisible in active loaded module lists (such as PSAPI, ToolHelp,
VirtualQueryEx etc.) but with this tool you are able to obtain the full picture of
once loaded modules which are no longer loaded.
Smart tool to analyze run-time module unloading behavior inside a process.
Easily export the list of all unloaded modules for the selected process to a .log file.
Select the process and wait for the textarea to be populated with unloaded modules.
The software application uses only a few MBs of memory, you will not even notice it.
The program is free from spyware, adware or other pests, nothing extra is installed.
This software is completely free to use for anyone, at home and at work.
|Last Updated||June 4, 2018|
|Operating System||For Windows Vista, 7, 8, 10 (32\64-bit)|
|Category||Malware Analysis Tools|
|File Size||1.6 MB|