It is currently Sat Dec 07, 2019 5:28 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: DLL question
PostPosted: Sat May 19, 2007 8:20 pm 
Offline
PureBasic Fanatic
PureBasic Fanatic

Joined: Fri Dec 09, 2005 12:15 pm
Posts: 2236
Location: Elbonia
I have a DLL that is injected in a program and I'd like to make it unload itself when i send some data to it on the network. However, I have no idea how to make it uninject itself... Anybody knows how to do this?

_________________
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 8:29 pm 
Offline
Always Here
Always Here

Joined: Mon Sep 22, 2003 6:45 pm
Posts: 7439
Location: Norway
FreeLibrary_(Handle)?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 8:35 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
@trond: i think he would like to uninject the dll from another process


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 8:37 pm 
Offline
PureBasic Fanatic
PureBasic Fanatic

Joined: Fri Dec 09, 2005 12:15 pm
Posts: 2236
Location: Elbonia
Yes, the dll has to uninject itself when i send a command to it...

[edit]
The only code I found was this:
Code:
//Prototype
void __declspec(noreturn) UninjectSelf(HMODULE);
//Function
void __declspec(naked) __declspec(noreturn) UninjectSelf(HMODULE Module)
{
   __asm
   {
      push -2
      push 0
      push Module
      mov eax, TerminateThread
      push eax
      mov eax, FreeLibrary
      jmp eax
   }
}

_________________
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 8:39 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
i meant that you need to make the process it is injected to call the freelibrary command.

oh i meant that you mean this: the DLL should have an uninject procedure that it can call. So when its loaded into a process it should be able to remove itself again


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 8:43 pm 
Offline
PureBasic Fanatic
PureBasic Fanatic

Joined: Fri Dec 09, 2005 12:15 pm
Posts: 2236
Location: Elbonia
Well it works like this (pseudocode)

Code:
;The main code:
InjectToHost("ProgramName")

;The Dll
Repeat
 Do stuff here
Until ReceivedQuitSignal()
;Remove hooks and clean all stuff
UninjectSelf()

_________________
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 9:28 pm 
Offline
Always Here
Always Here

Joined: Mon Sep 22, 2003 6:45 pm
Posts: 7439
Location: Norway
Inf0Byt3 wrote:
The only code I found was this:
Which, sure enough, calls FreeLibrary_() with a handle.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 9:37 pm 
Offline
PureBasic Fanatic
PureBasic Fanatic

Joined: Fri Dec 09, 2005 12:15 pm
Posts: 2236
Location: Elbonia
I have no idea why, but when I see assembler code, I inhibate... It works now, you were right, that are simple calls... I wonder why did they put them is ASM?

Here's what i've done:

Code:
Global Mod.l
Declare Bla(a.l)

ProcedureDLL AttachProcess(Hmodule.l)
 
  Mod = Hmodule
 
  OpenConsole()
  CreateThread(@bla(),0)
 
EndProcedure

ProcedureDLL DetachProcess(Hmodule.l)
 
 ;This never gets executed :/
 MessageRequester("Exiting","Haha")
 
EndProcedure

Procedure bla(a.l)
 
 For x  = 1 To 5
  PrintN("Running!")
  Delay(1000)
 Next
 CloseConsole()
 
 TerminateThread_(GetCurrentThread_(),0)
 FreeLibrary_(Mod)

EndProcedure


Thanks!

_________________
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 9:39 pm 
Offline
Always Here
Always Here
User avatar

Joined: Sat Aug 30, 2003 5:58 pm
Posts: 5883
Location: Denmark
Trond wrote:
Inf0Byt3 wrote:
The only code I found was this:
Which, sure enough, calls FreeLibrary_() with a handle.


yep
We did try that but we forgot the terminate thread :D


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat May 19, 2007 10:43 pm 
Offline
PureBasic Fanatic
PureBasic Fanatic

Joined: Fri Dec 09, 2005 12:15 pm
Posts: 2236
Location: Elbonia
Well that works but does not release the dll... But as allways, I found the cure hehe. Micro$oft is not that stupid afterall, they made my life easyer: Kernel32.dll exports "FreeLibraryAndExitThread" so I just called that and it works. Here is the final dll:

Code:
Global Mod.l
Global mythread.l
Declare Bla(a.l)

ProcedureDLL AttachProcess(Hmodule.l)
 
  Mod = Hmodule
 
  OpenConsole()
  mythread = CreateThread(@bla(),0)
 
EndProcedure

ProcedureDLL DetachProcess(Hmodule.l)
 
 MessageRequester("Exiting","Haha")
 
EndProcedure

Procedure bla(a.l)
 
 For t  = 1 To 5
  PrintN("Running!")
  Delay(1000)
 Next
 FreeLibraryAndExitThread_(Mod,0)

EndProcedure

_________________
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye