Windows Tutorials - Herong's Tutorial Examples

"tasklist" Command Line Tool to List Process Information

Finding All Processes Using NETAPI32.DLL

This section provides a tutorial example on how to use command 'tasklist' to find all processes that are using a specific a DLL module file with the module option '/M'.

The module option "/M" of the "tasklist" command also takes a search parameter to allow you to find out all processes that are using a specific DLL module file.

One usage of this search parameter is to find out what processes that using "NETAPI32.DLL". I want to know this, because "NETAPI32.DLL" provides Windows NET API to access Microsoft network. Any processes that are using "NETAPI32.DLL" need to be reviewed to preventing spyware activities.

To get a list of all processes using "NETAPI32.DLL" you can run the "tasklist" command with the module option "/M NETAPI*". An example result is included below: 

C:\herong>tasklist /M NETAPI*

Image Name                   PID Modules
========================= ====== ============
winlogon.exe                 592 NETAPI32.dll
services.exe                 636 NETAPI32.dll
lsass.exe                    648 NETAPI32.dll
svchost.exe                  808 NETAPI32.dll
svchost.exe                  960 NETAPI32.dll
spoolsv.exe                 1328 netapi32.dll
msdtc.exe                   1528 NETAPI32.dll
FrameworkService.exe        1620 NETAPI32.dll
Mcshield.exe                1648 NETAPI32.dll
VsTskMgr.exe                1672 NETAPI32.dll
hpqwmiex.exe                1832 NETAPI32.dll
explorer.exe                1244 NETAPI32.dll
QLBCTRL.exe                  760 netapi32.dll
CLI.exe                     1944 NETAPI32.dll
GoogleToolbarNotifier.exe    404 NETAPI32.dll
wmiprvse.exe                1000 NETAPI32.dll
CLI.exe                     2792 NetApi32.Dll
firefox.exe                  448 NETAPI32.dll
rundll32.exe                3984 NETAPI32.dll
YahooMessenger.exe           764 NETAPI32.dll
MDM.EXE                     3936 netapi32.dll
wmiprvse.exe                2600 NETAPI32.dll
tasklist.exe                3656 NETAPI32.dll

The result looks fine to me, because I know and trust all processes in the list.

Table of Contents

 About This Book

 Introduction to Microsoft Windows

 Introduction to Windows Explorer

 Introduction to Internet Explorer

 "Paint" Program and Computer Graphics

 GIMP - GNU Image Manipulation Program

 JPEG Image File Format Quality and Size

 GIF Image File Format and Transparent Background

 "WinZip" - ZIP File Compression Tool

 "WinRAR" - RAR and ZIP File Compression Tool

 FTP Server, Client and Commands

 "FileZilla" - Free FTP Client and Server

 Web Server Log Files and Analysis Tool - "Analog"

 Spyware Adware Detection and Removal

 IE Addon Program Listing and Removal

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 Spybot - Spyware Blocker, Detection and Removal

 Setting Up and Using Crossover Cable Network

 Home Network Gateway - DSL Modem/Wireless Router

 Windows Task Manager - The System Performance Tool

"tasklist" Command Line Tool to List Process Information

 What Is "tasklist"

 Listing All Running Processes

 Showing Detailed Information on Processes

 Showing Services under Each Process

 Showing All DLL Files Used by Each Process

Finding All Processes Using NETAPI32.DLL

 "msconfig" - System Configuration Tool

 Configuring and Managing System Services

 Windows Registry Key and Value Management Tools

 Startup Programs Removal for Better System Performance

 Winsock - Windows Sockets API

 Java on Windows

 Glossary of Terms

 Outdated Tutorials

 References

 Full Version in PDF/ePUB