Results 1 to 7 of 7

Thread: [RESOLVED] How to detect loaded dll

  1. #1

    Thread Starter
    Junior Member
    Join Date
    May 2017
    Posts
    17

    Resolved [RESOLVED] How to detect loaded dll

    Hello everybody, i was looking for similar problem like mine, but i still cannot find solution.

    It's about how I can detect loaded dll, and therefore to exit the process.
    For example
    I am using program, which everytime, when i run, Avast cyber capture is activated.

    I found that avast uses snxhk.dll(which is located in C:\Program Files\Avast Software\Avast) is responsible for cyber capture.

    My question is, is there any variant to check memory regions for exactly this dll, and when Avast cyber capture is activated, just exit the process, or just terminate.
    Last edited by Shaggy Hiker; Oct 23rd, 2021 at 02:58 PM.

  2. #2
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Location
    Sofia, Bulgaria
    Posts
    5,120

    Re: How to detect loaded dll

    Here is an API declare that can be useful

    Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long


    Just use GetModuleHandle("snxhk.dll") to probe -- it returns NULL when the module/DLL is not loaded in current process.

    Beware that snxhk.dll might hook GetModuleHandle API and return NULL to hide its presense.

    cheers,
    </wqw>

  3. #3
    Frenzied Member
    Join Date
    Jun 2015
    Posts
    1,056

    Re: How to detect loaded dll

    sounds legit

  4. #4
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    38,989

    Re: How to detect loaded dll

    I'm going to ask again: What are you doing?

    You have three threads on this forum. In one you pretty much stated that you were making malware, then in the other two, you are trying to circumvent anti-virus. For that reason, I'm closing this thread. If you are doing something legitimate, send a PM to one of the mods explaining what you are doing.
    My usual boring signature: Nothing

  5. #5
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    38,989

    Re: How to detect loaded dll

    After talking to the OP, this sounds like nothing more than an AV popping up a false positive. Those can be annoying. Going after the AV is not the best solution to the problem, though. Since these threads show up fairly often, I expect people can talk about that more usefully.
    My usual boring signature: Nothing

  6. #6

  7. #7
    The Idiot
    Join Date
    Dec 2014
    Posts
    2,721

    Re: How to detect loaded dll

    theres a few solutions:
    - allow your program to run in some settings in AV (I dont have avast, but most antivirus allow u to do that)
    - uninstall avast and install a better AV that allows you to run your program.
    - check virustotal, here u can see the antiviruses that "react" to your program.
    - use different compilation methods, my knowledge is that antivirus reach different depending how u compile your project.

    if its about "people" running your program:
    - include a readme.txt with information about false-positive.
    - try to remove API that would make antivirus react. like memory scanning or checking registry files etc.
    - its about time, show the community that you are legit. keep sharing your program until people recognize you and believe in your words that its false-positive.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width