In this post, I'd like to explore Loader Data which is part of Process Environment Block ( PEB ). This structure tells us what are the dlls are loaded by the process. To start with, I've loaded my sample program through WinDbg and all symbol paths are set. Then I've executed following command: !peb and received following output. (I've trimmed the output) for readability purpose. If we look at the PEB structure below, the highlighted one is important to us. This is basically a NT structure known as _PEB_LDR_DATA . PEB at 7efde000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: Yes ImageBaseAddress: 00400000 Ldr 775f0200 <=========_PEB_LDR _DATA at 775f0200 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 00593288 . 00594308 Ldr.InLoadOrderModuleList: 005931e8 . 00594018 Ldr.InMemoryOrderModuleList: 005931f0 . 0