How to unload a DLL from a target Process?

Question

I am working at an Injector but when I'm trying to Uninject / Unload the target Process, it's closing directly and I dont know why it's so.

Here is the Code how I'm Injecting / Loading a DLL into a target Proces. The executionId is the target Process it's PID. At the end I'm waiting for the Finish of the LoadLibraryA function.

HANDLE proc;
HANDLE thread;
LPVOID remoteString, loadLib;

proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, executionId);

loadLib = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
remoteString = (LPVOID)VirtualAllocEx(proc, NULL, strlen(library.c_str()), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(proc, (LPVOID)remoteString, library.c_str(), strlen(library.c_str()), NULL);
thread = CreateRemoteThread(proc, NULL, NULL, (LPTHREAD_START_ROUTINE)loadLib, (LPVOID)remoteString, NULL, NULL);

std::cout << "Finished" << std::endl;
WaitForSingleObject(thread, INFINITE);

VirtualFreeEx(proc, remoteString, strlen(library.c_str()) + 1, MEM_RELEASE);
CloseHandle(thread);
CloseHandle(proc);

Now I'm trying to Uninject / Unload the DLL inside the Process. I'm doing this here inside the DLL:

FreeLibrary(hModule, 0);

This Code is closing my target Process wherein the DLL is. Any ideas or solutions?

Answer 1

It is crashing because there is still code to run after the FreeLibrary call (the epilogue code that returns to the windows thread starting code) but that code is gone after the FreeLibrary call.

Use FreeLibraryAndExitThread instead of FreeLibrary and you should be good.