Jump to content

Need Help: Free/Unload Dll of Remote Process


Recommended Posts

Hi there,

hopefully someone could help to solve this problem:

- There is an Application with is attached via AppInit_Dlls Regkey unter HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows to every started process

- I want to unload this Dlls from any process, so i can delete it. Otherwise i have to remove this regkey and reboot to to delete this dll.

As far as I unterstood the problem this is possible:

- I must create a remote thread in every target process that loaded this Dll

- An then attempt to call FreeLibrary() in order to unload the target dll.

I´ve searched in this forum, but could not find a solution for this. _Injectdll etc... does Load a Libary, but not an unload of an Dll ..

I am a newbie wirting with autoit, so an help is welcome..

Greets

Badzox

Link to comment
Share on other sites

I thought it is possible to directly start a Remote Thread via CreateRemoteThread and then unload the attached Dll with FreeLibary ?? Is it only possible to unload a Dll that my own Process loaded ?

Link to comment
Share on other sites

I´ve just searched around google an found this:

-------------

Command Line dll Loader/Unloader v2.0

by r3L4x - r3L4x.com

This creates a remote thread in a target

process and attempts to call FreeLibrary()

in order to unload the target dll.

Or does the opposite and calls LoadLibrary()

This software is FREE and OPEN SOURCE

visit http://r3L4x.com for the C++ source!!

Usage:

Load.exe <Mode> <Target PID> <dll Name/Path>

Modes: -u to unload target dll

-l to load target dll

------------------

Unforunatly the Site is down, what means no tool is available. I could been nice to get the source Code to convert it to autoit. I think this could be an useful tool...

Hope the folks out there got enough knowlegde to rewrite this in Autoit Code... would be nice..

Edited by badzox
Link to comment
Share on other sites

You have found that dll injection example in AutoIt. So what exactly have you tried to make it do the opposite?

It's only a matter of changing 4 letters in API function name and one parameter...

"be smart, drink your wine"

Link to comment
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...