I am writing a DLL that gets injected into a game in order to play around with some reverse engineering. For a while I was able to successfully inject, eject and reinject as I made changes to the program. I'm using FreeLibraryAndExitThread to unload.
After adding XInput to the program so I could catch user input, the game crashes with an access violation when I call FreeLibraryAndExitThread. Going from this post, I'm guessing that using XInput is leaving something 'live' in the program when I go to unload, and that's what's causing the crash. I'm honestly at a loss as to how to fix this.
Here's the code that's crashing the program on exit:
XINPUT_STATE state;
ZeroMemory(&state, sizeof(XINPUT_STATE));
//The problematic line of code
bool gamepad = XInputGetState(0, &state) == ERROR_SUCCESS;
WORD buttonsHeld = state.Gamepad.wButtons;
WORD buttonsPressed = (~previousButtonState) & state.Gamepad.wButtons;
WORD buttonsReleased = previousButtonState & (~state.Gamepad.wButtons);
When I remove the call to XInputGetState, everything works just fine and I'm able to unload the DLL without crashing.
And here's how I'm calling for the program to unload and exit
FreeLibraryAndExitThread(hDLL, 0);
Where hDLL is the argument hinstDLL from DllMain. I've also tried GetModuleHandleEx instead of using hinstDLL.
My guess is either:
Using
XInputGetStatemakes my program load a second DLL forXInput, orXInputGetStateis creating some sort of reference to my DLL when called and when I remove my DLL, it's trying to access memory that's no longer there.
EDIT: I did a bit of digging and the problem seems to be that adding the call to XInputGetState causes my DLL to load XINPUT1_4.dll. I tried using FreeLibrary to unload it but that isn't working.
EDIT: I narrowed it down some more - it turns out that the access violation is being caused by some thread within the game trying to return to part of XINPUT1_4.dll's code, which is unloaded, making it crash. And I have no clue how to fix that.
Final Edit: It was a simple fix, I had to call LoadLibrary(L"XINPUT1_4.dll") for the DLL that was causing the issue.
Here's the solution:
The problem was that invoking XInputGetState caused my DLL to automatically load XINPUT1_4.dll, and when I called FreeLibraryAndExitThread, my DLL unloading forced the XInput DLL to unload as well. Code within the program (probably from a thread in XInput 1.4) attempted to execute code that was no longer there, causing an access violation.
So the solution was simply to call LoadLibrary(L'XINPUT1_4.dll') after I initialize my DLL's thread so that when my DLL is unloaded, the XInput DLL stays in memory because the LoadLibrary increases the reference count.
(When a DLL's reference count reaches 0, it unloads. It is initialized as 1 when you first load it, LoadLibrary increments it by 1, and calling FreeLibraryAndExitThread decrements it by 1. So when all is said and done, its reference count is above 0 and it remains in memory as my DLL is unloaded)
来源:https://stackoverflow.com/questions/39780590/freelibraryandexitthread-crashes-program-when-unloading-injected-dll