Unloading third party hooked DLL from a Remote process
-
Hey, A third party spyware has hooked onto some of the processes in my system. Is there a way I can unhook the dll without crashing the process. Windows allows creation and deletion of hooks using SetWindowsHook and UnhookWindowsHookEx method. Hence a programmer can create a thread in any process by hooking onto it using one of these functions and then have that thread run....do whatever he wants and then later Unhook. In my case there is a DLL which has been loaded into a remote processes address space by a third party. I donot want that DLL there so I am trying to go into that processes address space and use FreeLibrary (Kernel32 call) to free that library and have the DLL unload. I can see the DLL unloading but for some reason the process crashes after a while. The process currently hooked is Winlogon and thus crashing it crashes my entire system....... In short, having no handle what so ever to the hooked process (being a third party hook) is there a way I can unload that DLL without crashing the remote program ? Is there a way using FreeLibrary or any other way ??? :)