James Brown Jun 3 2003, 7:04 pm show options
Newsgroups: microsoft.public.win32.programmer.kernel
From: "James Brown" <PLEASEDONTSPAMjames.bro...@virgin.net> - Find messages by this author
Date: Tue, 3 Jun 2003 18:04:46 +0100
Local: Tues, Jun 3 2003 7:04 pm
Subject: Re: How to load DLL from memory
Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse
It is not enough to do LockResource and "load" the DLL from the resource
section,
because of the nature of PE files. You need to do several more steps:
1. Store DLL (a PE file) as resource
2. Lock the resource (i.e. get pointer to PE header)
3. Allocate (using VirtualAlloc) enough memory as indicated in
NtHeader.OptionalHeader.SizeOfImage
4. Try to allocate this at location ntheader.OptionalHeader.ImageBase - if
this fails, then just allocate
anywhere in your address space.
5. Copy (from resource into newly allocated space) the DLL's PE header (+
section tables), and
each section 1-by-1 into the correct places (as described in the PE
header)
6. Fix the new PE header to indicate where the module has been loaded
7. Perform full Base-Relocations - you need to find the base-relocations
section by looking
in the data-directory of the PE header.
8. Fixup the DLL's import table, by looping through it calling
LoadLibrary/GetProcAddress as
appropriate
9. Call the DLL's entry-point with DLL_PROCESS_ATTACH - the signature
of the DLL entrypoint is BOOL __stdcall DllEntry(PVOID base, DWORD
dwReason, PVOID reserved)
10. (Optionally) add the loaded module into the linked-list of inside the
PEB. Not required.
That's all you need to do to load a DLL - you can load pretty much any
system DLL as well using this
technique. It's not too much work, but you must be familiar with the PE
format (portable executable)
in order to get it to work.
Cheers,
Partager