badzox Posted June 22, 2008 Posted June 22, 2008 Hi there, hopefully someone could help to solve this problem: - There is an Application with is attached via AppInit_Dlls Regkey unter HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows to every started process - I want to unload this Dlls from any process, so i can delete it. Otherwise i have to remove this regkey and reboot to to delete this dll. As far as I unterstood the problem this is possible: - I must create a remote thread in every target process that loaded this Dll - An then attempt to call FreeLibrary() in order to unload the target dll. I´ve searched in this forum, but could not find a solution for this. _Injectdll etc... does Load a Libary, but not an unload of an Dll .. I am a newbie wirting with autoit, so an help is welcome.. Greets Badzox
FreeFry Posted June 22, 2008 Posted June 22, 2008 I think you might need a DLL to do this. Hmm Create a dll that unloads the specified dll, then unloads itself hmm?
badzox Posted June 22, 2008 Author Posted June 22, 2008 I thought it is possible to directly start a Remote Thread via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Is it only possible to unload a Dll that my own Process loaded ?
badzox Posted June 22, 2008 Author Posted June 22, 2008 (edited) I´ve just searched around google an found this:-------------Command Line dll Loader/Unloader v2.0by r3L4x - r3L4x.comThis creates a remote thread in a targetprocess and attempts to call FreeLibrary()in order to unload the target dll.Or does the opposite and calls LoadLibrary()This software is FREE and OPEN SOURCEvisit http://r3L4x.com for the C++ source!!Usage:Load.exe <Mode> <Target PID> <dll Name/Path>Modes: -u to unload target dll-l to load target dll------------------Unforunatly the Site is down, what means no tool is available. I could been nice to get the source Code to convert it to autoit. I think this could be an useful tool...Hope the folks out there got enough knowlegde to rewrite this in Autoit Code... would be nice.. Edited June 22, 2008 by badzox
Siao Posted June 22, 2008 Posted June 22, 2008 You have found that dll injection example in AutoIt. So what exactly have you tried to make it do the opposite? It's only a matter of changing 4 letters in API function name and one parameter... "be smart, drink your wine"
badzox Posted June 22, 2008 Author Posted June 22, 2008 Perhaps you are right. i will take a second look at the example... Or can you give an example ???
badzox Posted July 4, 2008 Author Posted July 4, 2008 It's only a matter of changing 4 letters in API function name and one parameter...Can someone please give me an expample HOWTO unload an Dll in an Remotethread..
badzox Posted July 31, 2008 Author Posted July 31, 2008 Someone Out There who can give an expamle ? Would bei helpful.
badzox Posted November 5, 2008 Author Posted November 5, 2008 Still want to know how to unload al Dll via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Can anyone give an example ?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now