- Code: Select all
LPVOID FP_ExitThread = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "ExitThread");
HMODULE hmod = GetModuleHandle(0);
jmp dword ptr [FreeLibrary]
Instead of a call, I push on a pointer to ExitThread as the return address of the function call and jump to FreeLibrary. I am pretty sure it isn't working just because FreeLibrary checks if the module you are freeing is the same as the current and doesn't go through with it. Anyone have any ideas how to force FreeLibrary to go through with it or maybe if that isn't the problem?