Sign in to follow this  
Followers 0
badzox

Need Help: Free/Unload Dll of Remote Process

9 posts in this topic

Hi there,

hopefully someone could help to solve this problem:

- There is an Application with is attached via AppInit_Dlls Regkey unter HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows to every started process

- I want to unload this Dlls from any process, so i can delete it. Otherwise i have to remove this regkey and reboot to to delete this dll.

As far as I unterstood the problem this is possible:

- I must create a remote thread in every target process that loaded this Dll

- An then attempt to call FreeLibrary() in order to unload the target dll.

I´ve searched in this forum, but could not find a solution for this. _Injectdll etc... does Load a Libary, but not an unload of an Dll ..

I am a newbie wirting with autoit, so an help is welcome..

Greets

Badzox

Share this post


Link to post
Share on other sites



I think you might need a DLL to do this. Hmm

Create a dll that unloads the specified dll, then unloads itself hmm?

Share this post


Link to post
Share on other sites

I thought it is possible to directly start a Remote Thread via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Is it only possible to unload a Dll that my own Process loaded ?

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

I´ve just searched around google an found this:

-------------

Command Line dll Loader/Unloader v2.0

by r3L4x - r3L4x.com

This creates a remote thread in a target

process and attempts to call FreeLibrary()

in order to unload the target dll.

Or does the opposite and calls LoadLibrary()

This software is FREE and OPEN SOURCE

visit http://r3L4x.com for the C++ source!!

Usage:

Load.exe <Mode> <Target PID> <dll Name/Path>

Modes: -u to unload target dll

-l to load target dll

------------------

Unforunatly the Site is down, what means no tool is available. I could been nice to get the source Code to convert it to autoit. I think this could be an useful tool...

Hope the folks out there got enough knowlegde to rewrite this in Autoit Code... would be nice..

Edited by badzox

Share this post


Link to post
Share on other sites

You have found that dll injection example in AutoIt. So what exactly have you tried to make it do the opposite?

It's only a matter of changing 4 letters in API function name and one parameter...


"be smart, drink your wine"

Share this post


Link to post
Share on other sites

Perhaps you are right. i will take a second look at the example... Or can you give an example ???

Share this post


Link to post
Share on other sites

It's only a matter of changing 4 letters in API function name and one parameter...

Can someone please give me an expample HOWTO unload an Dll in an Remotethread..

Share this post


Link to post
Share on other sites

Someone Out There who can give an expamle ? Would bei helpful.

Share this post


Link to post
Share on other sites

Still want to know how to unload al Dll via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Can anyone give an example ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0