SecurityXploded.com  
  
Remote DLL : Simple & Free Tool to Inject or Remove DLL from Remote Process | www.SecurityXploded.com
 
 
RemoteDLL
 
 
 
 
See Also
 
 
 
 
About
RemoteDLL is the simple tool to Inject DLL or Remove DLL from Remote Process. It is based on popular Dll Injection technique.
It supports following DLL Injection methods
  • CreateRemoteThread
  • NtCreateThread [Good for DLL Injection across sessions on Vista/Windows 7]
  • QueueUseAPC [Delayed Injection]

Removing DLL or Freeing DLL from Process is the unique feature of RemoteDLL. It can help you to instantly remove DLL from target process completely.


Now a days, many Malware & Spyware programs use the DLL Injection technique to hide themselves into legitimte system process. Once injected there is no way to remove such DLL other than killing the process itself.

In such situations, RemoteDLL can help you to remove these Malicious DLLs from the target process easily.


Current mega version supports Injecting DLL and Removing DLL from 64 bit process along with numerous improvements for Windows 8.


If you are looking for Command-line version of DLL Injection tool then check out our Remote DLL Injector and DLL Remover


It is fully portable and works on both 32-bit & 64-bit platforms starting from Windows XP (sp2) to latest operating system, Windows 8.

 
 
 
Features
  • Inject DLL into Remote Process even across Session boundaries

  • Support both 32-bit & 64-bit Process on all platforms.

  • Remove DLL from Remote Process completely.

  • Supports multiple Injection methods including CreateRemoteThread, NTCreateThread, QueueUserAPC

  • Works with ASLR (Address Space Layout Randomization) by dynamically calculating addresses.

  • Advanced Process List with detailed process information like PID, Session, ASLR, DEP, Username etc.

  • Drag & Drop feature to quickly drag DLL file for selection.

  • Save the DLL operation report to Text file

  • Easy to use, attractive GUI interface

  • Fully Portable version, you can directly run it without any installation.

 
 
Using RemoteDLL

RemoteDLL is very easy to use tool with simple GUI interface. You can use it either to Inject DLL into target process or remove malicious DLL from remote process.


For Injecting DLL or Removal of DLL from 32-bit Process (on 32-bit or 64-bit platform) use RemoteDll32.exe. For 64-bit Process use RemoteDll64.exe

Here are simple usage steps

 
Injecting DLL into Remote Process
  • Launch RemoteDll on your system after installation
  • By default 'Inject DLL' operation is selected.
  • Select the Injection Method, CreateRemoteThread is recommended.
  • Now select the target process by clicking on 'Process button'. This will show all running processes with detailed information.
  • After the process selection, you have to select DLL to be injected. You can just drag & drop the DLL file here.
  • Finally click on 'Inject DLL' button to start the operation.
  • You will see detailed status report. Click on 'Save' button to store the entire status to text file.
 
 
Removing DLL from Remote Process
  • Launch RemoteDll on your system after installation
  • Choose the 'Free DLL' operation.
  • Then select the Injection Method, CreateRemoteThread is recommended.
  • Now choose the target process by clicking on 'Process button'. This will show all running process with detailed information.
  • After the process selection, click on small 'DLL button' to select DLL to be removed from this process.
  • This will launch new dialog showing all DLLs loaded within selected process. Only dynamically loaded DLLs can be removed from the process.
  • Finally click on 'Free DLL' to start the operation.
  • You will see detailed status report. Click on 'Save' button to store the entire status to text file.
 
Note: Run RemoteDll as Administrator while Injecting or Removing DLL from high privilege or system processses.
 
 
 
Screenshots
Screenshot 1: RemoteDll Injecting DLL into Firefox process using 'NtCreateThread' Injection Method
 
RemoteDLL
 
 
Screenshot 2: Removing DLL from remote process using 'NtCreateThread' Injection Method
 
RemoteDLL
 
 
 
Supported platform

RemoteDLL is successfully tested on Windows XP (sp2)/Vista/Windows 7/Windows 8 systems.

For Injecting DLL/Removal of DLL from 64-bit Process, only CreateRemoteThread method is supported. However for 32-bit process, all three injection methods are supported.

 
 
History
 
Version 3.6: 14th Jun 2014
Improvement GUI with glowing icon effects. Also added quick download link.
 
Version 3.5: 20th May 2013
Now supports NtCreateThreadEx method on 64-bit allowing you to Inject & Remove DLL across Sessions
 
Version 3.0: 24th Feb 2013
This mega version supports DLL Injection & Removal of DLL from 64-bit process. Fix for Reference count on Windows 8 along with other numerous improvements.
 
Version 2.0

Brand new attractive & simple user interface. Support for Multiple Dll Injection Methods including CreateRemoteThread, NtCreateThread, QueueUseAPC.

Dynamic address calculation to handle ASLR. Advanced Process selection dialog with detailed information on PID, Session, ASLR, DEP, Username etc. Drag & Drop feature for quick selection of DLL file. Detailed status report of DLL Operation.

 
Version 1.2
Improved "Free DLL" functionality by adding code to find the reference count of DLL.New improved user interface to make it easy to use RemoteDLL.
 
Version 1.0
First release of RemoteDLL.
 
 
 
Download
FREE Download RemoteDLL v3.6
    
License  : Freeware
Platform : Windows XP (sp2), 2003, Vista, Windows 7, Windows 8

Download
 
 
 
References
  
 
 
See Also