下面是.dll里面的内容
DWORD WINAPI ShowMainDlg(LPVOID pParam)
{
::MessageBoxA(NULL,"模块加载成功","11",0);
AssisMainDlg dlg;
dlg.DoModal();
return 0;
}
BOOL CAssistModelApp::InitInstance()
{
CWinApp::InitInstance();
::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ShowMainDlg, NULL, NULL,NULL);
return TRUE;
}
int CAssistModelApp::ExitInstance()
{
::MessageBox(NULL, TEXT("模块卸载成功"), TEXT("22"), 0);
return CWinApp::ExitInstance();
}
下面是加载程序,bo为false时,如果.dll里面没有AssisMainDlg dlg; dlg.DoModal();可以正常卸载dll,如果加上了这个界面,卸载时显示卸载成功,但是会导致被加载程序崩溃
void CInjectTestDlg::InjectAssist(DWORD pid,CString dllPath,bool bo)
{
HANDLE hprocess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
LPVOID lpBaseAddress = VirtualAllocEx(hprocess, NULL, strlen(dllPath)+1, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hprocess, lpBaseAddress, dllPath, strlen(dllPath) + 1, NULL);
HMODULE hmodue = GetModuleHandle("Kernel32.dll");
if (bo)
{
LPTHREAD_START_ROUTINE lpStartAddress = (LPTHREAD_START_ROUTINE)GetProcAddress(hmodue, "LoadLibraryA");
HANDLE hThread = CreateRemoteThread(hprocess, NULL, 0, lpStartAddress, lpBaseAddress, NULL, 0);
WaitForSingleObject(hprocess, 2000);
CloseHandle(hprocess);
CloseHandle(hThread);
}
else
{
LPTHREAD_START_ROUTINE lpStartAddress = (LPTHREAD_START_ROUTINE)GetProcAddress(hmodue, "GetModuleHandleA");
HANDLE hThread = CreateRemoteThread(hprocess, NULL, 0, lpStartAddress, lpBaseAddress, NULL, 0);
WaitForSingleObject(hThread, INFINITE);
DWORD dwRet = 0;
GetExitCodeThread(hThread, &dwRet);
//CloseHandle(hprocess);
//CloseHandle(hThread);
lpStartAddress = (LPTHREAD_START_ROUTINE)GetProcAddress(hmodue, "FreeLibraryAndExitThread");
hThread = CreateRemoteThread(hprocess, NULL, 0, lpStartAddress, (LPVOID)dwRet, NULL, 0);
WaitForSingleObject(hprocess, 2000);
CloseHandle(hprocess);
CloseHandle(hThread);
}
}
