DLL Magic is the simple command-line tool to Hide DLL in any Windows Process.
Every Process maintains internal database of loaded Modules/DLLs in the form of three linked lists. Each of these linked list represents the order in which DLLs are loaded, here are they
Load Order
Memory Order
Initialization Order
DLL Magic hides the DLL by removing the DLL from all these three linked lists.
This is an effective technique to hide DLL from any of the Process/DLL listing tools. And it is the common method used by Rootkits to hide their presence. However such hidden DLLs are visible in Kernel based tools.
Though 'DLL Magic' works on both 32-bit & 64-bit systems, it can Hide DLL from 32-bit Process only.
It is primarily useful for developers and researchers. Also being command-line tool makes it easy to use in automation scripts.
It works all platforms starting from Windows XP to Windows 8.
How to use?
DLL Magic is very easy to use tool. It is command-line/console based tool, hence you have to launch it from the command prompt (cmd.exe).
Here is the simple usage information
DLLMagic.exe <dll_name> <pid>
Examples of DLL Magic
//Hide DLL 'injector.dll' from a Process 1151
DLLMagic.exe injector.dll 1151
//Show this help screen
DLLMagic.exe -?
Note that it works on both 32-bit & 64-bit platforms but currently supports Hiding DLL in 32-bit Process only.
Screenshots
Examples of DLL Magic hiding the Inject32.dll in Internet Explorer process.
