2

I'm injecting a DLL into a target process to act as a helper while playing an MMORPG (currently functionality converts key press into mouse clicks, as the MMORPG requires the user to move their mouse for certain functionality, something I despise.)

Let's say I want to uninject my DLL for whatever reason, how would I go about it? Is this method clean?

bool running = true;
while (running) // This is the only thread I'm using, and it is running in "realtime"
{
    // Do keyboard handing stuff in switch statement
    case keys.EscapeKey: // If the escape key is pressed
        running = false; // Set the running bool to false, and break the loop
        break;
}

Is this clean? The thread ends, so does my dll "uninject" itself? Or does it still loiter and continue to consume the memory that I allocated when injecting?

Thanks Josh

XtrmJosh
  • 889
  • 2
  • 14
  • 33
  • How do you inject the DLL in the first place? – Erbureth Nov 12 '13 at 16:05
  • Using CreateRemoteThread – XtrmJosh Nov 12 '13 at 16:30
  • Hum... If you use the CreateRemoteThread "trick", that is: starting a thread with the LoadLibrary as start address, and then start a new thread for your code, I don't see HOW leaving that second thread will unload your DLL. You should check with Process Explorer... I guess the DLL will be here forever... – manuell Nov 12 '13 at 16:46
  • That's what I was thinking, although one might expect the main thread would exit similarly to how a simple Console application would, if it were using void not int for the main method. Shahriyar's post corresponds with my current expectation, I haven't had a chance to debug it yet, but hope to do so this evening. I'll confirm it then, in case you were interested. Thanks :) – XtrmJosh Nov 12 '13 at 16:49
  • I am interested, yes, but pretty sure the Shahriyar's answser is not the one you need. "detach from process when it's main thread ends" is nonsense to me. – manuell Nov 12 '13 at 17:02

2 Answers2

2

I assume that you used CreateRemoteThread with a start address set to LoadLibrary, and that you start a thread in the DllMain of the injected DLL.

First, in DllMain DLL_PROCESS_ATTACH save in a global variable the HMODULE of the DLL.

Second, pass this HMODULE to FreeLibraryAndExitThread when you want your thread to exit and unload the Dll.

Beware! you must NOT have "living code" left behind you, that is, no callback address passed to whatever API, if the callback is trigered after the unload, that will be immediate crash (or worse).

manuell
  • 7,528
  • 5
  • 31
  • 58
  • As this program uses hotkeys, I presume these will be included in "living code", correct? Thanks for your response, it seems more demonstrative than Shahriyar's, and far more realistic. I guess I was planning to find this out tonight, but had hopes that someone could help me out a bit with something to expect. I'll try both methods, hopefully all will go well! Thanks again :) – XtrmJosh Nov 12 '13 at 19:39
  • 1
    I don't know how Windows reacts when the HotKey is pressed and the thread has been terminated, but, yes, that's the kind of problem which may trigger a crash. – manuell Nov 12 '13 at 19:46
  • It looks like my targeted application is using some detailed exception handling which I need to debug. Currently nothing goes unhandled, but I suspect that the game client is sending the exception on to the server where it will be handled remotely. It's some pretty well managed software, I'm just trying to tinker in all honesty, make the game a bit easier for me personally... – XtrmJosh Nov 12 '13 at 22:38
1

Basically Dll will auto detach from process when it's main thread ends unless you send it to an infinite loop, so yes you do it right

You can put a MessageBox in DLL_PROCESS_DETACH event to see that if it get called or not

Shahriyar
  • 1,483
  • 4
  • 24
  • 37