Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Loading DLL from a location in memory

Tags:

c++

c

dll

winapi

As the question says, I want to load a DLL from a location in memory instead of a file, similarly to LoadLibrary(Ex). I'm no expert in WinAPI, so googled a little and found this article together with MemoryModule library that pretty much meets my needs.

On the other hand the info there is quite old and the library hasn't been updated for a while too. So I wanted to know if there are different, newer and better ways to do it. Also if somebody has used the library mentioned in the article, could they provide insight on what I might be facing when using it?

Just for the curious ones, I'm exploring the concept of encrypting some plug-ins for applications without storing the decrypted version on disk.

like image 977
Saulius Žemaitaitis Avatar asked Mar 12 '09 11:03

Saulius Žemaitaitis

People also ask

How is DLL loaded in memory?

The DLL uses the stack of the calling thread and the virtual address space of the calling process. The DLL allocates memory from the virtual address space of the calling process.

What is DLL loading?

A DLL side-loading attack is an adversarial technique that aims to take advantage of weak library references and the default Windows search order by placing a malicious DLL file masquerading as a legitimate DLL on a system, which will be automatically loaded by a legitimate program.

Can you load a DLL twice?

You can not load the same DLL multiple times into a single process (or not and have any effect). If you make the DLL a COM host and use COM objects then this will be automatically handled by each class instance.

What is LoadLibrary?

LoadLibrary can be used to load a library module into the address space of the process and return a handle that can be used in GetProcAddress to get the address of a DLL function. LoadLibrary can also be used to load other executable modules.

1 Answers

Implementing your own DLL loader can get really hairy really fast. Reading this article it's easy to miss what kind of crazy edge cases you can get yourself into. I strongly recommend against it.
Just for a taste - consider you can't use any conventional debugging tools for the code in the DLL you're loading since the code you're executing is not listed in the region of any DLL known by the OS.
Another serious issue is dealing with DEP in windows.

like image 190
shoosh Avatar answered Oct 21 '22 04:10

shoosh
Sign in to Comment

Related questions

Why does this function return an lvalue reference given rvalue arguments?
Implementation of string pattern matching using Suffix Array and LCP(-LR)
Difference between const auto and auto for lambdas
Is this downcasting undefined?
GCC compatibility of shared libraries with STL objects in their interface
Why does the standard allow a tuple of rvalue references to be assigned to by a tuple of lvalue references?
gcc warning flags for implicit conversions
Is the alignment of char in C (and C++) guaranteed to be 1? [duplicate]
Is the C++ Standard Library fully supported on Arduino?
Non-trivial example of undefined behavior with const_cast
What does the C++ standard say about overriding a throw() function with noexcept?
C++17 expression evaluation order and std::move
Using own class name to resolve type in a deduced context
If structured bindings cannot be constexpr why can they be used in constexpr function?
How to prevent unused variable warning with non trivial destructor
How to update g++ compiler on OSX
Enum bitfield and aggregate initialization
boost::combine, range-based for and structured bindings
Why is it recommended not to allow querying the contract level for C++20 Contracts?
How to integrate clang-tidy to CMake and GCC?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!