All programs that can be run in Windows have a main executable file. This file normally has a name that ends with ".exe" (it can have a few other file extensions too though). This main executable file normally contains the central parts of the executable code for a program. To be able to share code between several programs among other things, something called "DLL files" or "Dynamic Link Library files" were created. These files can be loaded by a program when it needs them, and the executable code in these DLL files will then be merged with the main executable code of the program, so that it "becomes one" with the program, so to speak. Hence, as you may understand, a manipulated DLL file can practically take over a program and do whatever it likes inside it, if it is just loaded by the program somehow.

One such example is to take over a program like Internet Explorer, which is allowed by the personal firewall to communicate with the internet, and then communicate freely with a malicious server on the internet, sending off your credit card numbers or whatnot. But then you say, what program would be stupid enough to load such a malicious DLL file in the first place? Well, unfortunately there are several different techniques that hackers can use to force a program to do this, and to do it completely silently and undetected too. It is indeed a very common technique for spyware and viruses to infect computers.

The DLL Tracker tool continuously monitors and authenticates all loaded DLL files in all running processes (programs), and warns the user immediately if there is any unknown DLL file loaded in any process, or even if any of the known DLL files have been manipulated or modified in any way.

Previous tool   Next tool   Back to index

Example alert screenshots for this tool: