Windows Tutorials - Herong's Tutorial Examples - v5.62, by Dr. Herong Yang
Finding All Processes Using NETAPI32.DLL
This section provides a tutorial example on how to use command 'tasklist' to find all processes that are using a specific a DLL module file with the module option '/M'.
The module option "/M" of the "tasklist" command also takes a search parameter to allow you to find out all processes that are using a specific DLL module file.
One usage of this search parameter is to find out what processes that using "NETAPI32.DLL". I want to know this, because "NETAPI32.DLL" provides Windows NET API to access Microsoft network. Any processes that are using "NETAPI32.DLL" need to be reviewed to preventing spyware activities.
To get a list of all processes using "NETAPI32.DLL" you can run the "tasklist" command with the module option "/M NETAPI*". An example result is included below:
C:\herong>tasklist /M NETAPI* Image Name PID Modules ========================= ====== ============ winlogon.exe 592 NETAPI32.dll services.exe 636 NETAPI32.dll lsass.exe 648 NETAPI32.dll svchost.exe 808 NETAPI32.dll svchost.exe 960 NETAPI32.dll spoolsv.exe 1328 netapi32.dll msdtc.exe 1528 NETAPI32.dll FrameworkService.exe 1620 NETAPI32.dll Mcshield.exe 1648 NETAPI32.dll VsTskMgr.exe 1672 NETAPI32.dll hpqwmiex.exe 1832 NETAPI32.dll explorer.exe 1244 NETAPI32.dll QLBCTRL.exe 760 netapi32.dll CLI.exe 1944 NETAPI32.dll GoogleToolbarNotifier.exe 404 NETAPI32.dll wmiprvse.exe 1000 NETAPI32.dll CLI.exe 2792 NetApi32.Dll firefox.exe 448 NETAPI32.dll rundll32.exe 3984 NETAPI32.dll YahooMessenger.exe 764 NETAPI32.dll MDM.EXE 3936 netapi32.dll wmiprvse.exe 2600 NETAPI32.dll tasklist.exe 3656 NETAPI32.dll
The result looks fine to me, because I know and trust all processes in the list.
Table of Contents
Introduction to Microsoft Windows
Introduction to Windows Explorer
Introduction to Internet Explorer
"Paint" Program and Computer Graphics
GIMP - GNU Image Manipulation Program
JPEG Image File Format Quality and Size
GIF Image File Format and Transparent Background
"WinZip" - ZIP File Compression Tool
"WinRAR" - RAR and ZIP File Compression Tool
FTP Server, Client and Commands
"FileZilla" - Free FTP Client and Server
Web Server Log Files and Analysis Tool - "Analog"
Spyware Adware Detection and Removal
IE Addon Program Listing and Removal
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
Spybot - Spyware Blocker, Detection and Removal
Setting Up and Using Crossover Cable Network
Home Network Gateway - DSL Modem/Wireless Router
Windows Task Manager - The System Performance Tool
►"tasklist" Command Line Tool to List Process Information
Showing Detailed Information on Processes
Showing Services under Each Process
Showing All DLL Files Used by Each Process
►Finding All Processes Using NETAPI32.DLL
"msconfig" - System Configuration Tool
Configuring and Managing System Services
Windows Registry Key and Value Management Tools