Hi, when i create a Process there are already some DLL's in Userspace.
is it Possible to get rid of them? (Except Kernel32.dll)

Best regards
Dennis

If they are system "essential" DLLs then you shouldn't even bother.

However you can inject a DLL to unmap the other DLLs using GetModuleHandle and FreeLibrary.

It's a trick that I have practically never tried myself. But I hope it works for you.

The Problem is, the free Userspace is very Fragmented. I wrote a Application to get the free Memory List in Userspace and notice, that the largest Free Block is about 1.784.348.672 bytes. and the other space (304.132.096 byte) is fragmented. (or in total, 59.002.879 bytes are Occupied for nothing!)

So is your purpose just to strip them off your app's memory ?

Obviously they contain code that executes for the sake of the systems integrity.

The short answer is "no".

When your process is running in the win32 subsystem, you live by win32's rules. Not all of this is documented, and the implementation differs between various Windows versions.

There's a tool that does achieve this I just forgot it's name. I think it's made by one of the Microsoft guys.

I'll see if I can find it again.

Here's one also from Kaspersky | http://z-oleg.com/secur/avz/download.php

The site is in Russian so use Google Chrome for translation.

good tool too

What does an antivirus program have to do with getting rid of DLLs in your process address space that you didn't explicitly include yourself? O_o

I think they updated the feature. I'm still looking

which other Subsysteme does Windows provide ? i heard sth about native and posix.
is kernel32.dll Not enough?

Afaik, just native and posix - it's been a while since I messed with either, but I wouldn't be surprised if posix has a bit more DLLs than you expect. Native will have the least, but still... keep in mind that the DLLs you import at those that you explicitly request be present, not the only ones.