Text only | Text with Images

Valhalla Legends Archive

Programming => Advanced Programming => Topic started by: MyndFyre on August 23, 2006, 03:17 PM

Title: LoadLibrary from within memory?
Post by: MyndFyre on August 23, 2006, 03:17 PM
Is it possible to have a memory representation (a byte stream, for instance) of a DLL and LoadLibrary()-or-equivalent it?  I've found one very involved thing that I don't want to use that involved reading the PE headers and stuff like that.  Not really what I was hoping for.

What it really boils down to is that I just don't want to write the temporary file.  :-|  I want to include a DLL as a resource in my application's binary.
Title: Re: LoadLibrary from within memory?
Post by: Skywing on August 23, 2006, 06:14 PM
You would have to do most of the hard work yourself with setting up the in memory layout.  One option might be to hook NtCreateFile/NtCreateSection/NtMapViewOfSection in usermode and let the NTDLL loader manage the import snapping and all of that, with you instead returning a pointer to your own DLL in memory instead of going through the usual image section mapping process.

Note that this approach still requires you to setup the in-memory layout and protections correctly, but it does free you from doing your own import resolution and making the dll accessible to anything using the conventional dll resolution APIs (e.g. GetModuleHandle).
Title: Re: LoadLibrary from within memory?
Post by: Yoni on August 27, 2006, 11:46 AM
In other words... Disgusting.
Title: Re: LoadLibrary from within memory?
Post by: MyndFyre on August 27, 2006, 02:10 PM
Quote from: Yoni on August 27, 2006, 11:46 AM
In other words... Disgusting.
Hahaha yes, still more work than I wanted to do.  Thanks though :)
Title: Re: LoadLibrary from within memory?
Post by: Yoni on August 28, 2006, 02:52 PM
You can find a usable temp filename using GetTempFileName (kernel32).
Title: Re: LoadLibrary from within memory?
Post by: MyndFyre on August 28, 2006, 08:21 PM
Quote from: Yoni on August 28, 2006, 02:52 PM
You can find a usable temp filename using GetTempFileName (kernel32).
Yeah, there's a C# API for that too, but I'm not sure I want to do that yet.   :o

Title: Re: LoadLibrary from within memory?
Post by: Joe[x86] on September 10, 2006, 12:44 AM
I'm probably overlooking something but how does WarCraft III apply IX86BlueDrake.dll? I don't think it gets written to a file before it's loaded, just brought straight out of the MPQ.
Title: Re: LoadLibrary from within memory?
Post by: UserLoser on September 10, 2006, 02:38 PM
Quote from: Joex86] link=topic=15579.msg157728#msg157728 date=1157867092]
I'm probably overlooking something but how does WarCraft III apply IX86BlueDrake.dll? I don't think it gets written to a file before it's loaded, just brought straight out of the MPQ.

Downloads the ix86BlueDrake.mpq, extracts the file to your harddrive, hExtraWork = LoadLibrary(ix86BlueDrake.dll), ExtraWork = GetProcAddress(hExtraWork, "Extrawork"), ExtraWork(&ExtraWorkData).
Title: Re: LoadLibrary from within memory?
Post by: Joe[x86] on September 11, 2006, 09:16 PM
Eh, mmk.
Text only | Text with Images