PureBasic Forum
https://www.purebasic.fr/english/

DLL question
https://www.purebasic.fr/english/viewtopic.php?f=13&t=27135
Page 1 of 1

Author:  Inf0Byt3 [ Sat May 19, 2007 8:20 pm ]
Post subject:  DLL question

I have a DLL that is injected in a program and I'd like to make it unload itself when i send some data to it on the network. However, I have no idea how to make it uninject itself... Anybody knows how to do this?

Author:  Trond [ Sat May 19, 2007 8:29 pm ]
Post subject: 

FreeLibrary_(Handle)?

Author:  thefool [ Sat May 19, 2007 8:35 pm ]
Post subject: 

@trond: i think he would like to uninject the dll from another process

Author:  Inf0Byt3 [ Sat May 19, 2007 8:37 pm ]
Post subject: 

Yes, the dll has to uninject itself when i send a command to it...

[edit]
The only code I found was this:
Code:
//Prototype
void __declspec(noreturn) UninjectSelf(HMODULE);
//Function
void __declspec(naked) __declspec(noreturn) UninjectSelf(HMODULE Module)
{
   __asm
   {
      push -2
      push 0
      push Module
      mov eax, TerminateThread
      push eax
      mov eax, FreeLibrary
      jmp eax
   }
}

Author:  thefool [ Sat May 19, 2007 8:39 pm ]
Post subject: 

i meant that you need to make the process it is injected to call the freelibrary command.

oh i meant that you mean this: the DLL should have an uninject procedure that it can call. So when its loaded into a process it should be able to remove itself again

Author:  Inf0Byt3 [ Sat May 19, 2007 8:43 pm ]
Post subject: 

Well it works like this (pseudocode)

Code:
;The main code:
InjectToHost("ProgramName")

;The Dll
Repeat
 Do stuff here
Until ReceivedQuitSignal()
;Remove hooks and clean all stuff
UninjectSelf()

Author:  Trond [ Sat May 19, 2007 9:28 pm ]
Post subject: 

Inf0Byt3 wrote:
The only code I found was this:
Which, sure enough, calls FreeLibrary_() with a handle.

Author:  Inf0Byt3 [ Sat May 19, 2007 9:37 pm ]
Post subject: 

I have no idea why, but when I see assembler code, I inhibate... It works now, you were right, that are simple calls... I wonder why did they put them is ASM?

Here's what i've done:

Code:
Global Mod.l
Declare Bla(a.l)

ProcedureDLL AttachProcess(Hmodule.l)
 
  Mod = Hmodule
 
  OpenConsole()
  CreateThread(@bla(),0)
 
EndProcedure

ProcedureDLL DetachProcess(Hmodule.l)
 
 ;This never gets executed :/
 MessageRequester("Exiting","Haha")
 
EndProcedure

Procedure bla(a.l)
 
 For x  = 1 To 5
  PrintN("Running!")
  Delay(1000)
 Next
 CloseConsole()
 
 TerminateThread_(GetCurrentThread_(),0)
 FreeLibrary_(Mod)

EndProcedure


Thanks!

Author:  thefool [ Sat May 19, 2007 9:39 pm ]
Post subject: 

Trond wrote:
Inf0Byt3 wrote:
The only code I found was this:
Which, sure enough, calls FreeLibrary_() with a handle.


yep
We did try that but we forgot the terminate thread :D

Author:  Inf0Byt3 [ Sat May 19, 2007 10:43 pm ]
Post subject: 

Well that works but does not release the dll... But as allways, I found the cure hehe. Micro$oft is not that stupid afterall, they made my life easyer: Kernel32.dll exports "FreeLibraryAndExitThread" so I just called that and it works. Here is the final dll:

Code:
Global Mod.l
Global mythread.l
Declare Bla(a.l)

ProcedureDLL AttachProcess(Hmodule.l)
 
  Mod = Hmodule
 
  OpenConsole()
  mythread = CreateThread(@bla(),0)
 
EndProcedure

ProcedureDLL DetachProcess(Hmodule.l)
 
 MessageRequester("Exiting","Haha")
 
EndProcedure

Procedure bla(a.l)
 
 For t  = 1 To 5
  PrintN("Running!")
  Delay(1000)
 Next
 FreeLibraryAndExitThread_(Mod,0)

EndProcedure

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/