Hi Carv- Is this of any use? To unload DLLs that have been left in memory, developers must exit and then restart Windows, which can be very inconvenient. DLL UNLOADER is a sample Windows-based application that lets developers select a DLL, show information about it, and unload it from the system if desired; this eliminates the need to restart Windows. Unloader.exe (http://download.microsoft.com/download/platformsdk/sample80/3.1/W31/EN-US/U NLOADER.EXE) -----Original Message----- From: H C [mailto:keydet89at_private] Sent: Friday, October 19, 2001 5:31 PM To: forensicsat_private; focus-msat_private Subject: Flushing DLLs from memory I've been looking into 'live' forensics issues on NT/2K, and one thing I'm not having any luck with is how to flush DLLs from memory. Looking at Rob Lee's page, he's working on statically-linked binaries for the *nix platforms. This is an interesting issue, but perhaps not as simple for NT/2K. I know how to check for which DLLs a particular program depends on, and I know that the program and it's DLLs can be loaded onto a CD...the program can be run from a command prompt after supplying 'PATH="."'. However, how does one flush the currently loaded DLLs from memory such that only the 'known good' DLLs from the CD are used? Thanks, Carv __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com [This inbound message was scanned for viruses by the McAfee E500] ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 23 2001 - 03:39:33 PDT