How to find DLL's loaded into a process and it's location, etc

Question

I've used Process Explorer, but I'm forgetting of another utility that lets you see where a process is loaded from (image file), and it's dll's in memory and where they got loaded from.

Process Explorer for me is only working for managed assemblies.

Anything that does native as well?

Answer 1

Process Explorer should show you both native and managed modules. Trying running it elevated.

Otherwise, there are a few ways:

1. Use tlist.exe, part of the Debugging Tools for Windows package (e.g. tlist cmd.exe)
2. Attach the VS debugger and look in the modules window (Ctrl+Alt+U) or attach WinDbg and use the lm command
3. Use CreateToolhelp32Snapshot, Module32First, and Module32Next to roll your own solution :)