Loading a DLL from memory 内存加载dll This tutorial de

文件名称: Loading a DLL from memory

所属分类: C++

开发工具:

文件大小: 169kb

下载次数: 0

上传时间: 2013-03-26

提供者: yizhen*******

下载 (169kb)

不能下载？报告错误

详细说明：内存加载dll Loading a DLL from memory Loading a DLL from memory This tutorial describes a technique how a dynamic link library (DLL) can be loaded from memory without storing it on the hard-disk first. Author: Joachim Bauch Contact: mail@joachim-bauch.de Copyright: Creative Commons License (by-sa) Contents • Overview • Windows executables - the PE format • DOS header / stub • PE header • Section header • Loading the library • Allocate memory • Copy sections • Base relocation • Resolve imp orts • Protect memory • Notify library • Exported functions • Freeing the library • MemoryModule • Downloads • Known issues • License • Ports • Copyright Overview The default windows API functions to load external libraries into a program (LoadLibrary, LoadLibraryEx) only work with files on the filesystem. It's therefore impossible to load a DLL from memory. But sometimes, you need exactly this functionality (e.g. you don't want to distribute a lot of files or want to make disassembling harder). Common workarounds for this problems are to write the DLL into a temporary file first and import it from there. When the program terminates, the temporary file gets deleted. In this tutorial, I will describe first, how DLL files are structured and will present some code that can be used to load a DLL completely from memory - without storing on the disk first. Windows executables - the PE format Most windows binaries that can contain executable code (.exe, .dll, .sys) share a common file format that consists of the following parts: DOS header DOS stub PE header Section header Section 1 Section 2 . . . Section n All structures given below can be found in the header file winnt.h. DOS header / stub The DOS header is only used for backwards compatibility. It precedes the DOS stub that normally just displays an error message about the program not being able to be run from DOS mode. Microsoft defines the DOS header as follows: typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header WORD e_magic; // Magic number WORD e_cblp; // Bytes on last page of file WORD e_cp; // Pages in file WORD e_crlc; // Relocations WORD e_cparhdr; // Size of header in paragraphs WORD e_minalloc; // Minimum extra paragraphs needed WORD e_maxalloc; // Maximum extra paragraphs needed WORD e_ss; // Initial (relative) SS value WORD e_sp; // Initial SP value WORD e_csum; // Checksum WORD e_ip; // Initial IP value WORD e_cs; // Initial (relative) CS value WORD e_lfarlc; // File address of relocation table WORD e_ovno; // Overlay number WORD e_res[4]; // Reserved words WORD e_oemid; // OEM identifier (for e_oeminfo) WORD e_oeminfo; // OEM information; e_oemid specific WORD e_res2[10]; // Reserved words LONG e_lfanew; // File address of new exe header } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; PE header The PE header contains informations about the different sections inside the executable that are used to store code and data or to define imports from other libraries or exports this libraries provides. It's defined as follows: typedef struct _IMAGE_NT_HEADERS { DWORD Signature; IMAGE_FILE_HEADER FileHeader; IMAGE_OPTIONAL_HEADER32 OptionalHeader; } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32; The FileHeader describes the physical format of the file, i.e. contents, informations about symbols, etc: typedef struct _IMAGE_FILE_HEADER { WORD Machine; WORD NumberOfSections; DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; WORD Characteristics; } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; The OptionalHeader contains informations about the logical format of the library, including required OS version, memory requirements and entry points: typedef struct _IMAGE_OPTIONAL_HEADER { // ...展开收缩

(系统自动生成,下载前可以参看下载内容)