Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

force unload modules of a process

sr3330
sr3330
in Programming and Coding

Featured Replies

Posted

I want to unload some module in a process . I use this function :    bool UnInjectDll(const TCHAR* ptszDllFile, DWORD dwProcessId)    
    {    
    if (NULL == ptszDllFile || 0 == ::_tcslen(ptszDllFile))    
    {    
    return false;    
    }    
    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;    
    HANDLE hProcess = NULL;    
    HANDLE hThread = NULL;    
    hModuleSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);    
    if (INVALID_HANDLE_VALUE == hModuleSnap)    
    {    
    return false;    
    }    
    MODULEENTRY32 me32;    
    memset(&me32, 0, sizeof(MODULEENTRY32));    
    me32.dwSize = sizeof(MODULEENTRY32);    
    if(FALSE == ::Module32First(hModuleSnap, &me32))    
    {    
    ::CloseHandle(hModuleSnap);    
    return false;    
    }    
    bool isFound = false;    
    do    
    {    
    isFound = (0 == ::_tcsicmp(me32.szModule, ptszDllFile) || 0 == ::_tcsicmp(me32.szExePath, ptszDllFile));    
    if (isFound)   
    {    
    break;    
    }    
    } while (TRUE == ::Module32Next(hModuleSnap, &me32));    
    ::CloseHandle(hModuleSnap);    
    if (false == isFound)    
    {    
    return false;    
    }    
    hProcess = ::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION, FALSE, dwProcessId);    
    if (NULL == hProcess)    
    {    
    return false;    
    }    
    LPTHREAD_START_ROUTINE lpThreadFun = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "FreeLibrary");    
    if (NULL == lpThreadFun)    
    {    
    ::CloseHandle(hProcess);    
    return false;    
    }    
    hThread = ::CreateRemoteThread(hProcess, NULL, 0, lpThreadFun, me32.modBaseAddr , 0, NULL);    
    if (NULL == hThread)    
    {    
    ::CloseHandle(hProcess);    
    return false;    
    }    
    ::WaitForSingleObject(hThread, INFINITE);    
    ::CloseHandle(hThread);    
    ::CloseHandle(hProcess);    
    return true;    
    }  but when I use this code it can not special module that I want to unload from project , I also use "process detective" tool for doing this but this tool can not do this also.
now I want a function that I sure can unload a special module from a process i want.
    

1) As Aguila said - check the return codes.


2) Only dynamically loaded DLLs can be removed from the process. If DLL is referenced in main exe import table, you won't be able to unload it. See: http://www.securityxploded.com/dllrefcount.php


Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.