knowndlls#
$ target-query <path/to/target> -f knowndlls
Module |
|
Output |
|
Module documentation
Generic Windows plugin.
Provides some plugins that don’t fit in a separate plugin.
Function documentation
Return all available KnownDLLs registry key values.
The KnownDLLs registry key values are used to cache frequently used system DLLs. Initially, it was added to accelerate application loading, but also it can be considered as a security mechanism, as it prevents malware from putting Trojan versions of system DLLs to the application folders (as all main DLLs belong to KnownDLLs, the version from the application folder will be ignored). However, these registry keys can still be leveraged to perform DLL injection.