| View previous topic :: View next topic |
| Author |
Message |
justintcs
Cheater
![]() Reputation: 0
Joined: 11 Sep 2012
Posts: 30
Location: Malaysia
|
 Posted: Tue Sep 11, 2012 12:13 pm Post subject: Unload Module from a process |
 |
|
Did any one knows how to unload module like dll from a process by something else...... can anyone give me an example or what. Cause I need to make a dll by inject it into the process to unload some module. 
Last edited by justintcs on Thu Sep 13, 2012 6:05 am; edited 1 time in total |
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Sep 11, 2012 4:10 pm Post subject: |
|
|
For example you can use the following auto assembler script:
| Code: | [enable]
//places
alloc(Main,500)
label(Main_ContinueUnloading)
//data
label(ModuleName)
Main:
push ModuleName //lpModuleName
call GetModuleHandleA
test eax,eax //see if the module handle is valid
jne Main_ContinueUnloading //return if the module is unloaded
ret
Main_ContinueUnloading:
push eax //hLibModule
call FreeLibrary
jmp Main //loop until the module gets unloaded
ModuleName:
db 'ModuleToUnload.dll',0 //put the name of the module to unload here
createthread(Main) //run the main() function above !
[disable]
dealloc(Main) |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25860
Location: The netherlands
|
| Posted: Tue Sep 11, 2012 4:14 pm Post subject: |
|
|
If that dll does any kind of hook or has registered a callback, and it wasn't designed to be unloaded, then unloading it will crash the process
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
justintcs
Cheater
![]() Reputation: 0
Joined: 11 Sep 2012
Posts: 30
Location: Malaysia
|
| Posted: Wed Sep 12, 2012 1:00 am Post subject: |
|
|
| Gniarf wrote: | For example you can use the following auto assembler script:
| Code: | [enable]
//places
alloc(Main,500)
label(Main_ContinueUnloading)
//data
label(ModuleName)
Main:
push ModuleName //lpModuleName
call GetModuleHandleA
test eax,eax //see if the module handle is valid
jne Main_ContinueUnloading //return if the module is unloaded
ret
Main_ContinueUnloading:
push eax //hLibModule
call FreeLibrary
jmp Main //loop until the module gets unloaded
ModuleName:
db 'ModuleToUnload.dll',0 //put the name of the module to unload here
createthread(Main) //run the main() function above !
[disable]
dealloc(Main) |
|
Thx for your reply, is there any other ways ?? cause everytime when I run Cheat Engine, I need hide process only can continue using it. This is so tiring, so I decided to make a dll by inject into that process to unload the module. I code the dll with C++ language.
| Dark Byte wrote: | | If that dll does any kind of hook or has registered a callback, and it wasn't designed to be unloaded, then unloading it will crash the process |
Thx for your reply. I knew that already, so I tested with a software to unload the module. The module that I need to unload can be unload safely without crashing the process. 
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Sep 12, 2012 9:12 am Post subject: |
|
|
| justintcs wrote: | | everytime when I run Cheat Engine, I need hide process only can continue using it. This is so tiring, so... |
If you mean that alt+tabbing is annoying, then you can set a hotkey (right click->set/change hotkey) to the script I gave you. Additionally you can tell cheat engine to automatically target your process (settings->general->automatically attach to process)
| justintcs wrote: | | so I decided to make a dll by inject into that process to unload the module. I code the dll with C++ language. |
Err... Do you already have that dll or do you want someone to code it for you?
|
|
| Back to top |
|
|
justintcs
Cheater
![]() Reputation: 0
Joined: 11 Sep 2012
Posts: 30
Location: Malaysia
|
| Posted: Thu Sep 13, 2012 6:05 am Post subject: |
|
|
| Gniarf wrote: | | If you mean that alt+tabbing is annoying, then you can set a hotkey (right click->set/change hotkey) to the script I gave you. Additionally you can tell cheat engine to automatically target your process (settings->general->automatically attach to process) |
Not alt+tab , ermmm another type of hide process, to prevent anti-cheat to detect it , you know what i mean??
| Gniarf wrote: |
Err... Do you already have that dll or do you want someone to code it for you? |
The dll is currently still working on it, but I dunno how to make unload module function. It's better if someone code for me.....
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Sep 13, 2012 11:13 am Post subject: |
|
|
| justintcs wrote: | | Not alt+tab , ermmm another type of hide process, to prevent anti-cheat to detect it , you know what i mean?? |
Ah yes that's something else. If you make a trainer (save->extension .exe) does your game detect it?
| justintcs wrote: |
The dll is currently still working on it, but I dunno how to make unload module function. It's better if someone code for me..... |
| Code: | void UnloadModule(char* ModuleName)
{
HANDLE Module=GetModuleHandle((LPCSTR) ModuleName);
while(Module)
{
FreeLibrary(ModuleName);
Module=GetModuleHandle(ModuleName);
}
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved )
{
if (fdwReason==DLL_PROCESS_ATTACH)
{
UnloadModule("YourTarget.dll");
return true;
}
return true;
}
|
1-I didn't try to compile it, so you might have some minor fixing to do.
2-That code will unload YourTarget.dll once. If YourTarget.dll can be reloaded at any time (like each time you load a map) you'll need to:
2.1-create a thread in DllMain.
2.2-have it call UnloadModule in a loop with a WaitForSingleObject() (not Sleep() ) timer.
2.3-kill that thread in DllMain if fdwReason==DLL_PROCESS_DETACH.
|
|
| Back to top |
|
|
justintcs
Cheater
![]() Reputation: 0
Joined: 11 Sep 2012
Posts: 30
Location: Malaysia
|
| Posted: Thu Sep 13, 2012 12:03 pm Post subject: |
|
|
| Gniarf wrote: |
| Code: | void UnloadModule(char* ModuleName)
{
HANDLE Module=GetModuleHandle((LPCSTR) ModuleName);
while(Module)
{
FreeLibrary(ModuleName);
Module=GetModuleHandle(ModuleName);
}
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved )
{
if (fdwReason==DLL_PROCESS_ATTACH)
{
UnloadModule("YourTarget.dll");
return true;
}
return true;
}
|
1-I didn't try to compile it, so you might have some minor fixing to do.
2-That code will unload YourTarget.dll once. If YourTarget.dll can be reloaded at any time (like each time you load a map) you'll need to:
2.1-create a thread in DllMain.
2.2-have it call UnloadModule in a loop with a WaitForSingleObject() (not Sleep() ) timer.
2.3-kill that thread in DllMain if fdwReason==DLL_PROCESS_DETACH. |
Thx for the fast reply, I fixed some error, but there's one error that I can't get rid on it
| Code: | Error 1 error C2664: 'FreeLibrary' : cannot convert parameter 1 from 'char *' to 'HMODULE'
|
Here's the fixed code | Code: | #include "stdafx.h"
#include <Windows.h>
void UnloadModule(char* ModuleName)
{
HANDLE Module=GetModuleHandleA((LPCSTR) ModuleName);
while(Module)
{
FreeLibrary(ModuleName);
Module=GetModuleHandleA(ModuleName);
}
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved )
{
if (fdwReason==DLL_PROCESS_ATTACH)
{
UnloadModule("YourTarget.dll");
return true;
}
return true;
} |
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Sep 13, 2012 12:36 pm Post subject: |
|
|
Oops my bad it's FreeLibrary(Module); not FreeLibrary(ModuleName);
and module is a HMODULE not HANDLE.
|
|
| Back to top |
|
|
justintcs
Cheater
![]() Reputation: 0
Joined: 11 Sep 2012
Posts: 30
Location: Malaysia
|
| Posted: Thu Sep 13, 2012 11:31 pm Post subject: |
|
|
Thx Gniarf , it's working. I make game hacks (newbie) , anyway , i will put your credit +rep too 
so, how about the loop?
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Fri Sep 14, 2012 4:03 am Post subject: |
|
|
Something like that:
| Code: |
HANDLE WorkerThread;
HANDLE StopEvent;
bool ContinueWorking;
DWORD WINAPI DllUnloader(LPVOID lpParameter)
{
while(ContinueWorking)
{
//TODO: unload the dll here...
WaitForSingleEvent(StopEvent,500); //500 means try to unload the dll every 500 ms
}
return 1; //HANDLE WorkerThread goes into signaled state after this
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved )
{
if (fdwReason==DLL_PROCESS_ATTACH)
{
StopEvent=CreateEvent(NULL,true,false,NULL);
ContinueWorking=true;
WorkerThread=CreateThread(NULL,0,DllUnloader,NULL,0,NULL);
return true;
}
else if (fdwReason==DLL_PROCESS_DETACH)
{
ContinueWorking=false;
SetEvent(StopEvent); //tell WorkerThread to stop working
WaitForSingleObject(WorkerThread,INFINITE); //wait until the worker thread has left DllUnloader before detaching
CloseHandle(StopEvent); //StopEvent no longer needed
CloseHandle(WorkerThread);
return true;
}
return true;
} |
|
|
| Back to top |
|
|
justintcs
Cheater
![]() Reputation: 0
Joined: 11 Sep 2012
Posts: 30
Location: Malaysia
|
| Posted: Fri Sep 14, 2012 5:47 am Post subject: |
|
|
| Thank you so much....^^
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
