Debug DllUnInject, it works now

Author: michaelchen1996

APIHOOK/DllUnInject/DllUnInject.cpp

@@ -96,18 +96,20 @@ void DoSearchModule(DWORD dwProcessId)
 	CloseHandle(hModuleSnap);
 
 	//do DllUnInject
-	if (hEasyHook64 || hHookDll)
+	if (hHookDll)
 	{
-		DoDllUnInject(dwProcessId, hEasyHook64, hHookDll);
+		OutputDebugString(L"HookDll.dll UnInject START\n");
+		DoDllUnInject(dwProcessId, hHookDll);
+	}
+	if (hEasyHook64)
+	{
+		OutputDebugString(L"EasyHook64.dll UnInject START\n");
+		DoDllUnInject(dwProcessId, hEasyHook64);
 	}
-
 }
 
-void DoDllUnInject(DWORD dwProcessId, HMODULE hEasyHook64, HMODULE hHookDll)
+void DoDllUnInject(DWORD dwProcessId, HMODULE hModule)
 {
-	SIZE_T stBufSize = sizeof(HMODULE);
-	SIZE_T stWriteSize = 0;
-	LPVOID pRemoteBuf = NULL;
 	HMODULE hKernel32 = NULL;
 	PTHREAD_START_ROUTINE pThreadProc = NULL;
 	HANDLE hThread = NULL;
@@ -117,57 +119,15 @@ void DoDllUnInject(DWORD dwProcessId, HMODULE hEasyHook64, HMODULE hHookDll)
 	hKernel32 = GetModuleHandle(L"kernel32.dll");
 	pThreadProc = (PTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "FreeLibrary");
 
-	//alloc in the target process
-	pRemoteBuf = VirtualAllocEx(hProcess, NULL, stBufSize, MEM_COMMIT, PAGE_READWRITE);
-	if (!pRemoteBuf)
-	{
-		OutputDebugString(L"VirtualAllocEx ERROR\n");
-		return;
-	}
-
-	//do UnInject to HookDll.dll
-	if (hHookDll)
-	{
-		OutputDebugString(L"HookDll.dll UnInject START\n");
-		WriteProcessMemory(hProcess, pRemoteBuf, (LPVOID)&hHookDll, stBufSize, &stWriteSize);
-		if (stBufSize != stWriteSize)
-		{
-			OutputDebugString(L"WriteProcessMemory ERROR\n");
-			return;
-		}
-		hThread = CreateRemoteThread(hProcess,
-			NULL,
-			0,
-			(LPTHREAD_START_ROUTINE)pThreadProc,
-			pRemoteBuf,
-			0,
-			NULL);
-		if (hThread)
-		{
-			WaitForSingleObject(hThread, INFINITE);
-			CloseHandle(hThread);
-		}
-		else
-		{
-			OutputDebugString(L"CreateRemoteThread ERROR\n");
-		}
-	}
-
-	//do UnInject to EasyHook64.dll
-	if (hEasyHook64)
+	//do UnInject
+	if (hModule)
 	{
-		OutputDebugString(L"EasyHook64.dll UnInject START\n");
-		WriteProcessMemory(hProcess, pRemoteBuf, (LPVOID)&hEasyHook64, stBufSize, &stWriteSize);
-		if (stBufSize != stWriteSize)
-		{
-			OutputDebugString(L"WriteProcessMemory ERROR\n");
-			return;
-		}
+		
 		hThread = CreateRemoteThread(hProcess,
 			NULL,
 			0,
 			(LPTHREAD_START_ROUTINE)pThreadProc,
-			pRemoteBuf,
+			hModule,
 			0,
 			NULL);
 		if (hThread)
@@ -180,8 +140,6 @@ void DoDllUnInject(DWORD dwProcessId, HMODULE hEasyHook64, HMODULE hHookDll)
 			OutputDebugString(L"CreateRemoteThread ERROR\n");
 		}
 	}
-
-	VirtualFreeEx(hProcess, pRemoteBuf, stBufSize, MEM_RELEASE);
 }
 
 void DoReleaseSemaphoreStatus()

APIHOOK/DllUnInject/DllUnInject.h

@@ -4,6 +4,6 @@
 
 void DoSearchProcess(LPCWCHAR dwProcesName);
 void DoSearchModule(DWORD dwProcessId);
-void DoDllUnInject(DWORD dwProcessId, HMODULE hEasyHook64, HMODULE hHookDll);
+void DoDllUnInject(DWORD dwProcessId, HMODULE hModule);
 void DoReleaseSemaphoreStatus();
 BOOL SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnablePrivilege);

APIHOOK/HookDll/dllmain.cpp

@@ -11,18 +11,22 @@ BOOL APIENTRY DllMain( HMODULE hModule,
     case DLL_PROCESS_ATTACH:
 	{
 		OutputDebugString(L"DllMain: DLL_PROCESS_ATTACH\n");
+		printf("%s", "DllMain: DLL_PROCESS_ATTACH\n");
 	}
     case DLL_THREAD_ATTACH:
 	{
 		OutputDebugString(L"DllMain: DLL_THREAD_ATTACH\n");
+		printf("%s", "DllMain: DLL_THREAD_ATTACH\n");
 	}
     case DLL_THREAD_DETACH:
 	{
 		OutputDebugString(L"DllMain: DLL_THREAD_DETACH\n");
+		printf("%s", "DllMain: DLL_THREAD_DETACH\n");
 	}
     case DLL_PROCESS_DETACH:
 	{
 		OutputDebugString(L"DllMain: DLL_PROCESS_DETACH\n");
+		printf("%s", "DllMain: DLL_PROCESS_DETACH\n");
 	}
         break;
     }

APIHOOK/HookDll/stdafx.h

@@ -10,6 +10,7 @@
 #define WIN32_LEAN_AND_MEAN             // 从 Windows 头中排除极少使用的资料
 // Windows 头文件: 
 #include <windows.h>
+#include <stdio.h>