The tool is to inject or remove the DLL into or from the remote process. It will not only help in removing the spyware programs from the system but also aid in testing individual library components of products.
Target Platform: Windows 2000, Windows XP, Windows 2003.
Click to view.
RemoteDLL is the tool which allows you to inject the DLL or free the DLL from the remote process. This tool is based on the popular DLL Injection technique which has already been used in antivirus and antispyware applications. This is the common technique used by virus and spyware programs to hide their presence on the system. These programs inject themselves to a legitimate Windows process such as explorer.exe and operate from that process so the that normal user will not suspect its presence. RemoteDLL makes it easy to find and remove such programs from the victim process using same technique.
In addition to this, it can also be used as aid in testing various library components in the product. One such use is explained below.
How to use RemoteDLL in testing the Nldapaut.dll (component of SecureLogin)
Nldapaut.dll is the LDAP Authentication component of Novell SecureLogin product. When SecureLogin is installed as GINA in LDAP mode, Nldapaut.dll is loaded into winlogon.exe process. Since this DLL is loaded into the winlogon.exe process, it cannot be replaced or deleted from the disk. During unit testing or development testing if you want to test this DLL, you have to reboot the system and then replace the new DLL. But with RemoteDLL you can do this without restarting the system. Here are the steps.
- Launch this tool and select "Free DLL" option.
- Click on select process button and choose winlogon.exe from the process list.
- Click on select DLL and then choose "Nldapaut.dll" from the DLL list.
- Now click on "Free DLL" button. This will remove the Nldapaut.dll from winlogon.exe process.
- Now you can replace the existing Nldapaut.dll and continue testing secure login.
Note: Removing certain DLLs from a process can cause adverse effect on that process. So use this tool only if you know what you are doing.