I injected a DLL I wrote into another process using CreateRemoteThread function and it works great. but when I try to eject the DLL using the same method, it causes the process to terminate and I dont understands why.
Here is the function that I wrote to eject the DLL:
def EjectDLL(processId, dllPath):
hThread = None
hProcess = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD,
False, processId)
if hProcess == None:
CleanUp(hProcess, None, hThread)
return False
for module in EnumProcessModules(processId):
if module[0].lower() == dllPath.lower():
threadRtn = kernel32.GetProcAddress(kernel32.GetModuleHandleA("kernel32.dll"), "FreeLibraryA")
if threadRtn == None:
break
hThread = kernel32.CreateRemoteThread(hProcess, None, 0, threadRtn, module[1], 0, None)
if hThread == None:
break
kernel32.WaitForSingleObject(hThread, INFINITE) #wait for remote thread to finish
CleanUp(hProcess, None, hThread)
return True
CleanUp(hProcess, None, hThread)
return False
EnumProcessModules yields a tuple where the first index is the path of the module and the second index is HMODULE of the module. Is there anything wrong with my code?
