| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Mon May 19, 2008 10:50 am Post subject: Unloading a DLL from self. |
 |
|
| How do you unlaod a dll that has been injected into this process. EX. I injected the module asd.dll into a exe. From this EXE is it possible to unlaod the asd.dll from its memory. So to delete it from its memory space.
|
|
| Back to top |
|
 |
Ferocious
Advanced Cheater
 Reputation: 0
Joined: 06 Feb 2008
Posts: 54
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Mon May 19, 2008 12:14 pm Post subject: |
|
|
| I am not trying to Create a space in the program. I am trying to delete.
|
|
| Back to top |
|
|
Overload
Master Cheater
 Reputation: 0
Joined: 08 Feb 2008
Posts: 293
|
| Posted: Mon May 19, 2008 12:23 pm Post subject: |
|
|
| I'm pretty sure he meant CreateRemoteThread and then inject the dll into that thread. Then use the freelibrary parameter to unload it.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Mon May 19, 2008 12:28 pm Post subject: |
|
|
What I was thinking was if you knew where the library's code is injected to, then maybe you can use VirtualFreeEx to free the memory and disabling the dll.
Edit: I made a dll unloader. Now i need to see if it works. So Can you give me something that gets all the modules from a exe that is running?
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Mon May 19, 2008 7:39 pm Post subject: |
|
|
FreeLibraryAndExitThread
http://msdn.microsoft.com/en-us/library/ms683153(VS.85).aspx
| dnsi0 wrote: | | Edit: I made a dll unloader. Now i need to see if it works. So Can you give me something that gets all the modules from a exe that is running? |
Use CreateToolhelp32Snapshot with Module32First/Module32Next.
_________________
- Retired. |
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Tue May 20, 2008 12:14 pm Post subject: |
|
|
| I made a hack for flyff a while ago, using dll injection, and I put the FreeLibraryAndExitThread under a hotkey, but as soon as my dll called that, the whole game shut down. Is that because gameguard or the game blocks it or something?
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Tue May 20, 2008 12:17 pm Post subject: |
|
|
| Did you hook anything? then if you don't remove the hook it will jump/call empty memory, so you will crash.
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Tue May 20, 2008 12:25 pm Post subject: |
|
|
| Nope, the only thing my dll did was (on command of a hotkey) edit some values in the game (player location etc).
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Wed May 21, 2008 5:08 am Post subject: |
|
|
| tombana wrote: | | Nope, the only thing my dll did was (on command of a hotkey) edit some values in the game (player location etc). |
Maybe you passed it the wrong module handle.
_________________
- Retired. |
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Wed May 21, 2008 10:44 am Post subject: |
|
|
| Wiccaan wrote: | | Maybe you passed it the wrong module handle. |
I saved the module module handle in the dllmain at DLL_PROCESS_ATTACH, and used that variable as a parameter to FreeLibraryAndExitThread, and used an exit code of 0 (that stands for success right?).
I guess it's gameguard or the game that disables it...
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
