|
Richard II,
Well, Yahoo is back, I am off to go down the rabbit hole called MS Feedback. I may find my way out of there.
Dave.
|
|
|
|
|
A DLL can be loaded explicitly by using LoadLibrary and GetProcAddress functions (sometimes called "run-time linking" or "manual linking") or implicitly by linking so called import library into your program and declaring functions in conventional way (sometimes called "load-time linking" or "automatic linking"). The latter method has two varieties: pre-load and delay-load. Pre-loaded DLLs are loaded instantly and unconditionally at the start of the program. Delay-loaded DLLs are loaded when (if) they are first used.
So, in this terms, there are still only two major ways to load a DLL: explicit and implicit. The latter load method just happens to have two sub-varieties. Some people might prefer to interpret this hierarchical classification as a flat one, ending up with three linking/loading methods.
Some companies ask the other ways to load Dynamic-Link Libraries(besieds explict and implict) in their interview.
But I wonder whether exists other ways to load the Dynamic-Link Libraries?
Any help will be appreciated!
modified 29-Jul-12 20:40pm.
|
|
|
|
|
Wow, that's a tough question. I suppose you could try to load it from memory by manually mapping the sections into memory and resolving all the imports. But that's really a hack, and it's very difficult to handle every case the way the Windows Loader does.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I wrote such piece of code and its surprisingly short. It has many drawbacks you might not spot at first sight but here is a list that came to my mind from the time I played with this: some module related features won't work because your DLL doesn't have a valid windows HMODULE/HINSTANCE handle, so you can't easily use for example resources, your library wont receive DLL_THREAD_ATTACH/DETACH events, you have to write your own GetProcAddress(). You can also use Resources (for examaple dialogs) if you write your own FindResource() and you use CreateDialogIndirect() instead of CreateDialog(), lot of resources have an "indirect" version fortunately. To sum it up: its pain in the ass to load your library "manually" but its fun to experiment with it, and it can hide a "hack" very well in the process space. With this load method you can skip loading the DLL PE header that makes thing harder to detect even for memory sweeps, thats why we used it.
|
|
|
|
|
I'm honored to meet someone who actually implemented this. I once looked into it and I was totally intimidated.
Your list of features that won't work is precisely why I didn't pursue it.
But maybe when I have more time I would experiment with it......
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Just looked up my sources and Iam thinking about posting up the sources here. I have a similar module hacking related short tip/trick whose rating is almost a 5. For this reason I think that some people might be interested in this stuff but Iam lazy to write a full fledged article. What about posting up a few tips with short intro + sources? For example one for the FindResource, and another with the Dll loading.
|
|
|
|
|
pasztorpisti wrote: What about posting up a few tips with short intro + sources?
I would vote that a 5 many times over.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
OK, then I post the sources as tips, it will serve well for PE divers at least as a tutorial or reference. Its easier to find out things even by debugging this code then starting from zero.
|
|
|
|
|
|
Thanks! Unfortunately I'm not one of the chosen ones. I'll have to wait til it's approved, I'm afraid.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
OK, will repost it when its done!
|
|
|
|
|
|
Great!
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Falconapollo wrote: Some companies ask the other ways to load Dynamic-Link Libraries(besieds explict and implict) in their interview.
But I wonder whether exists other ways to load the Dynamic-Link Libraries?
Excluding evidence to the contrary I would say that you covered all of the possibilities.
Have you considered the possibility that those "companies" (presumably actually certain individuals) are wrong? Did they explain their answer to you so perhaps you could paraphrase what they said?
|
|
|
|
|
Maybe you are right.
How about the DLL Injection and API Hooking which is mentioned in Chapter 22,
Windows via C/C++, Fifth Edition by Jeffrey Richter and Christophe Nasarre?
It seems another way to use dll.
But I'm not sure.
|
|
|
|
|
DLL Injection is simply a way to invoke explicit linking (calling LoadLibrary).
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
I have an app that has worked for YEARS. Flawlessly. <insert demons="" here="">
It does a lot of file processing. On my laptop, it fails to open certain files. I catch the exception, and the reason is 0 (no error). My laptop - W7 Pro.
My laptop Xp Pro VM: fail.
On the "golden" laptop, it works fine. Xp Pro.
Assorted other machines - fail.
I copied the source from the golden machine, built it, FAIL.
Copied the binary off the golden machine to mine: FAIL.
-----
The only wildcard I can think of is that some update has broken something, but that is surely digging deep.
------
Any wild ass ideas or random thoughts?
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: Any wild ass ideas or random thoughts? Yes, something is going wrong somewhere.
You really need to do some debugging and provide some more specific technical information for anyone to be able offer any suggestions.
One of these days I'm going to think of a really clever signature.
|
|
|
|
|
Understood.
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: fail
doesn't mean anything except to you that can see the system, code and the error messages.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
Wes - sorry, the context of the "fail" is simply opening a new file. The open fails, but no error data is returned.
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
Does GetLastError return anything?
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
Yep. 0 (or no problem). Real bizarre.
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
are those files in restricted areas? does your account have access to them?
|
|
|
|
|
The files are in an area that I'll call the release area - the same place they have been for 5+ years. It's a specific folder in our development tree on my C drive.
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|