Jump to content
Sign in to follow this  
badzox

Need Help: Free/Unload Dll of Remote Process

Recommended Posts

badzox

Hi there,

hopefully someone could help to solve this problem:

- There is an Application with is attached via AppInit_Dlls Regkey unter HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows to every started process

- I want to unload this Dlls from any process, so i can delete it. Otherwise i have to remove this regkey and reboot to to delete this dll.

As far as I unterstood the problem this is possible:

- I must create a remote thread in every target process that loaded this Dll

- An then attempt to call FreeLibrary() in order to unload the target dll.

I´ve searched in this forum, but could not find a solution for this. _Injectdll etc... does Load a Libary, but not an unload of an Dll ..

I am a newbie wirting with autoit, so an help is welcome..

Greets

Badzox

Share this post


Link to post
Share on other sites
FreeFry

I think you might need a DLL to do this. Hmm

Create a dll that unloads the specified dll, then unloads itself hmm?

Share this post


Link to post
Share on other sites
badzox

I thought it is possible to directly start a Remote Thread via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Is it only possible to unload a Dll that my own Process loaded ?

Share this post


Link to post
Share on other sites
badzox

I´ve just searched around google an found this:

-------------

Command Line dll Loader/Unloader v2.0

by r3L4x - r3L4x.com

This creates a remote thread in a target

process and attempts to call FreeLibrary()

in order to unload the target dll.

Or does the opposite and calls LoadLibrary()

This software is FREE and OPEN SOURCE

visit http://r3L4x.com for the C++ source!!

Usage:

Load.exe <Mode> <Target PID> <dll Name/Path>

Modes: -u to unload target dll

-l to load target dll

------------------

Unforunatly the Site is down, what means no tool is available. I could been nice to get the source Code to convert it to autoit. I think this could be an useful tool...

Hope the folks out there got enough knowlegde to rewrite this in Autoit Code... would be nice..

Edited by badzox

Share this post


Link to post
Share on other sites
Siao

You have found that dll injection example in AutoIt. So what exactly have you tried to make it do the opposite?

It's only a matter of changing 4 letters in API function name and one parameter...


"be smart, drink your wine"

Share this post


Link to post
Share on other sites
badzox

Perhaps you are right. i will take a second look at the example... Or can you give an example ???

Share this post


Link to post
Share on other sites
badzox

It's only a matter of changing 4 letters in API function name and one parameter...

Can someone please give me an expample HOWTO unload an Dll in an Remotethread..

Share this post


Link to post
Share on other sites
badzox

Someone Out There who can give an expamle ? Would bei helpful.

Share this post


Link to post
Share on other sites
badzox

Still want to know how to unload al Dll via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Can anyone give an example ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×