Unloaded Module Viewer (UMV) is a standalone GUI tool designed to enumerate
and list Portable Executable (PE) modules (.DLL, .CPL, .EXE etc.) that have been dynamically unloaded throughout the life of a process. When a module is unloaded by the Windows PE loader (with APIs such as FreeLibrary/LdrUnloadDll) certain module information is cached as a snapshot by NTDLL inside the respective process address space which can be useful come investigation time. This internal and private cache consists of the last 64 modules that have been unloaded and it provides relevant information such as the module name, load address,
module size, timestamp and checksum.
For Windows 7 SP1, 8, 8.1, 10, 11 (32/64-bit)
This tool can be especially useful to developers, security researchers and reverse
engineers looking to analyze run-time module unloading behavior inside a process of interest. For example, some malware use DLL injection in order to enter the address space of a process and modify some memory then after these changes occur it may self-unload its own DLL
so that it doesn't stand out in an active loaded module list. Unloaded modules are no longer resident in memory and are invisible in active loaded module lists (such as PSAPI, ToolHelp, VirtualQueryEx etc.) but with this tool you are able to obtain the full picture of
once loaded modules which are no longer loaded.
Smart tool to analyze run-time module unloading behavior inside a process.
Easily export the list of all unloaded modules for the selected process to a .log file.
Select the process and wait for the text area to be populated with unloaded modules.
Here you can find what we have changed and updated.
We constantly improve our products with bugs fixes, improvements and new features.
Subscribe to newsletter to receive news on your email.
[15-May-2022] - v188.8.131.52 + Improved support for Windows 11 + Application is no longer signed with SHA1 code signing certificate + Added ASLR + DEP support + By default the program runs in 30-days trial mode + Automate product activation via setup.exe command-line /LICENSEKEY= + Integrated NoVirusThanks License Manager + Improved installer/uninstaller script + Changed End User License Agreement (EULA) + Minor fixes and optimizations
|Last Updated||May 15, 2022|
|Operating System||Windows 7 SP1, 8, 8.1, 10, 11 (32/64-bit)|
|Setup File Size||44.5 MB|
|Install Size||1.4 MB|