Let DLL unload itself--freelibraryandexitthread ()

Practical questions:

DLL is an MFC DLL, I created a dialog window in the initialization function of this DLL, how to operate in the DLL to implement the current thread of the end DLL and release the DLL. For example, the window (modal dialog) closed after the end of the thread, release the DLL.

There's a function in Kernel32.dll called Freelibraryandexitthread, which is specifically for you to do this kind of thing:

Normally you call FreeLibrary to release the DLL that is currently executing the code that will cause FreeLibrary to return the code after the execution cannot continue (the DLL has been freed) and this function ends the current thread after FreeLibrary. The code for this operation is in Kernel32.dll, so there is no such problem

The question today is: Is it possible to have a DLL uninstall itself?

The problem can be divided into two parts:
1. Unload a DLL.
2. The code to unload the DLL should be placed in a DLL.

Of course, this code is not difficult to write if you don't consider the consequences, as follows:

  #include <Windows.h>  
      
    HMODULE g_hDll = NULL;  
      
    DWORD WINAPI UnloadProc(PVOID param)  
    {  
        MessageBox(NULL, TEXT("Press ok to unload me."),  
            TEXT("MsgBox in dll"), MB_OK);  
        FreeLibrary(g_hDll);  
        // oops!  
        return 0;  
    }  
      
    BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, PVOID lpvReserved)  
    {  
        if (DLL_PROCESS_ATTACH == fdwReason)  
        {  
            g_hDll = (HMODULE)hinstDLL;  
            HANDLE hThread = CreateThread(NULL, 0, UnloadProc, NULL, 0, NULL);  
            CloseHandle(hThread);  
        }  
        return TRUE;  
    }  

Briefly: Save the instance handle of the DLL (that is, the module handle) at DllMain initialization for FreeLibrary invocation, then open a thread and call FreeLibrary at the appropriate time to destroy the DLL.

However, if the actual operation, we will encounter a very practical problem: after FreeLibrary, the DLL's address space is no longer usable, but then the EIP pointer will still point to the following sentence of FreeLibrary, then the program crashes.

Fortunately, Win32 provides another api--freelibraryandexitthread, which can call ExitThread directly after the DLL is destroyed, so the EIP pointer does not point to an illegal address. So, we just need to replace the freelibrary sentence with:

Freelibraryandexitthread (G_hdll, 0);  

That's all you can do.

Actually testing, after the DLL is loaded, July's module view shows the loaded DLL.

Checking the contents of a module handle in memory view proves that the DLL is indeed loaded.

After the freelibraryandexitthread is called, the memory that the module handle points to is no longer available, and the destroy succeeds.

Reference:

http://blog.csdn.net/titilima/article/details/4103495

Reference 2:

Http://www.clxp.net.cn/article/994.html

Let DLL unload itself--freelibraryandexitthread ()