Jump to content
Tuts 4 You

force unload modules of a process

sr3330

By sr3330
in Programming and Coding

Recommended Posts

sr3330

sr3330

Posted
Posted

I want to unload some module in a process . I use this function :    bool UnInjectDll(const TCHAR* ptszDllFile, DWORD dwProcessId)    
    {    
    if (NULL == ptszDllFile || 0 == ::_tcslen(ptszDllFile))    
    {    
    return false;    
    }    
    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;    
    HANDLE hProcess = NULL;    
    HANDLE hThread = NULL;    
    hModuleSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);    
    if (INVALID_HANDLE_VALUE == hModuleSnap)    
    {    
    return false;    
    }    
    MODULEENTRY32 me32;    
    memset(&me32, 0, sizeof(MODULEENTRY32));    
    me32.dwSize = sizeof(MODULEENTRY32);    
    if(FALSE == ::Module32First(hModuleSnap, &me32))    
    {    
    ::CloseHandle(hModuleSnap);    
    return false;    
    }    
    bool isFound = false;    
    do    
    {    
    isFound = (0 == ::_tcsicmp(me32.szModule, ptszDllFile) || 0 == ::_tcsicmp(me32.szExePath, ptszDllFile));    
    if (isFound)   
    {    
    break;    
    }    
    } while (TRUE == ::Module32Next(hModuleSnap, &me32));    
    ::CloseHandle(hModuleSnap);    
    if (false == isFound)    
    {    
    return false;    
    }    
    hProcess = ::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION, FALSE, dwProcessId);    
    if (NULL == hProcess)    
    {    
    return false;    
    }    
    LPTHREAD_START_ROUTINE lpThreadFun = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "FreeLibrary");    
    if (NULL == lpThreadFun)    
    {    
    ::CloseHandle(hProcess);    
    return false;    
    }    
    hThread = ::CreateRemoteThread(hProcess, NULL, 0, lpThreadFun, me32.modBaseAddr , 0, NULL);    
    if (NULL == hThread)    
    {    
    ::CloseHandle(hProcess);    
    return false;    
    }    
    ::WaitForSingleObject(hThread, INFINITE);    
    ::CloseHandle(hThread);    
    ::CloseHandle(hProcess);    
    return true;    
    }  but when I use this code it can not special module that I want to unload from project , I also use "process detective" tool for doing this but this tool can not do this also.
now I want a function that I sure can unload a special module from a process i want.
    

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...