怎么卸载远程DLL
一些进程管理软件都有枚举某个进程用到的DLL,并且可以卸载其中某个DLL。
我的程序也想实现这么一个功能。
除了远程注入的方法(CreateRemoteThread)之外,还有什么办法可以卸载远程进程中的某个DLL?
[解决办法]
- C/C++ code
BOOL WINAPI FreeDllW(DWORD dwPid, LPCWSTR lpName){ BOOL bRet = FALSE; size_t dwSize = 0; DWORD dwWritten = 0; DWORD dwHandle = 0; LPVOID lpBuf = NULL; HANDLE hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwPid); if (hProcess == NULL) { return FALSE; } dwSize = (_tcslen(lpName) + 1) * 2; lpBuf = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE); if (!WriteProcessMemory(hProcess, lpBuf, (LPVOID)lpName, dwSize, &dwWritten)) { goto Cleanup; } LPVOID pFun = GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "GetModuleHandleW"); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFun, lpBuf, 0, NULL); if (hThread == NULL) { goto Cleanup; } WaitForSingleObject(hThread, INFINITE); GetExitCodeThread(hThread, &dwHandle); CloseHandle(hThread); pFun = GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "FreeLibraryAndExitThread"); hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFun, (LPVOID)dwHandle, 0, NULL); WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); bRet = TRUE;Cleanup: if (lpBuf != NULL) { VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT); lpBuf = NULL; } CloseHandle(hProcess); return bRet;}