我可以从另一个进程中卸载DLL吗? (Win32的) [英] Can I unload a DLL from another process? (Win32)
问题描述
我想从另一个进程中卸载DLL。可能吗?
如果是,该怎么做? (我正在使用Win32 API)
I want to unload a DLL from another process. Is it possible? If yes, how to do that? (I'm using Win32 API)
非常感谢。
推荐答案
是的,这是可能的。它称为DLL弹出,并且某些DLL注入程序具有此功能。通常通过 LoadLibrary ,然后通过免费图书馆。 FreeLibrary 仅采用一个参数,该参数是要卸载的模块的句柄。如果首先注入了DLL,则应该可以很容易地找到它。否则,可以使用诸如 CreateToolHelp32Snapshot (带有 Module32First / Module32Next 。假设您已通过某种方式获得了句柄,则弹出DLL的步骤很简单:
Yes, this is possible. It is called DLL ejection and is featured by some DLL injectors. The way a DLL is usually loaded is via LoadLibrary and it is subsequently unloaded via FreeLibrary. FreeLibrary takes only one parameter which is a handle to the module to be unloaded. If you injected the DLL in the first place, you should be able to find this very easily. Otherwise there are ways of obtaining the handle such as CreateToolHelp32Snapshot with further enumeration with Module32First/Module32Next. Suppose you have obtained the handle through some means, then the steps to eject the DLL are simple:
- 获取地址
FreeLibrary和GetProcAddress。由于Windows的工作原理,该地址将与目标中相同功能的地址匹配。 - 致电 CreateRemoteThread 在目标进程上,将
lpStartAddress指定为FreeLibrary的地址,并使用lpParameter作为模块的句柄
- Get the address of
FreeLibrarywithGetProcAddress. This address will match the one for the same function in the target because of how Windows works. - Call CreateRemoteThread on the target process, specifying
lpStartAddressas the address ofFreeLibrary, and withlpParameteras the module's handle
DLL弹出有几个警告。
There are several caveats to DLL ejection.
- 您应该只弹出一个DLL,确定将来没有代码会再次使用。如果有任何动态链接的代码尝试在代码释放后对其进行调用,则很可能会触发某种形式的页面访问冲突。
- 您应确保没有线程在执行
通常应避免DLL弹出。
如果您需要一个代码示例,我我过去用C语言编写过一个喷射器,并将其作为喷射器的一部分。我可以对其进行搜索并找到它,但这是多年以前的事,并且代码质量不太好。
If you require a code example for this, I have written an ejector as part of an injector I wrote in the past in C. I can search it up and find it but it's from many years ago and the code quality is not likely to be good.
这篇关于我可以从另一个进程中卸载DLL吗? (Win32的)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
