Index
> Windows > Learning about DLL's |
| Author |
|
|
revolution 03 Jul 2012, 09:24
This depends upon your version of Windows. Some version of Windows allow you to load a program without linking to any APIs and some don't.
It would probably be best to at least link with kernel32.dll and import ExitProcess to give the Windows loader the information to load the standard APIs into the address space. |
|||
03 Jul 2012, 09:24 |
|
|
fantasia 03 Jul 2012, 09:54
I see, so the DLL is too minimal, then?
I tried to follow your advice but I think I probably made a mistake as I am getting the same error despite importing & calling ExitProcess in my Test program, as well as importing it into my DLL (I didn't call ExitProcess from in the DLL, though). My amended source follows: myDLL.dll: Code: ; myDLL.asm format PE GUI 4.0 DLL entry DllEntryPoint include 'win32a.inc' section '.text' code readable executable proc DllEntryPoint hinstDLL,fdwReason,lpvReserved mov eax,TRUE ret endp proc test_function mov eax,TRUE ret endp section '.idata' import data readable writeable library kernel32,'kernel32.dll' import kernel32,\ ExitProcess,'ExitProcess' section '.edata' export data readable export 'myDLL.dll',test_function,'test_function' section '.reloc' fixups data readable discardable and for the test program: Code: ; Test.asm format PE console 4.0 entry _main include 'win32a.inc' section '.text' code readable executable proc _main call [test_function] call [ExitProcess] endp section '.idata' import data readable writeable library kernel32,'kernel32.dll',\ myDLL,'myDLL.dll' import kernel32,\ ExitProcess,'ExitProcess' import myDLL,\ test_function,'test_function' section '.reloc' fixups data readable discardable |
|||
|
03 Jul 2012, 09:54 |
|
|
revolution 03 Jul 2012, 10:14
You still have an empty import section if you don't reference any of the APIs. Use something like this:
Code: proc DllEntryPoint hinstDLL,fdwReason,lpvReserved mov eax,TRUE ret call [ExitProcess] ;dummy to force the macro to import the API endp Last edited by revolution on 03 Jul 2012, 10:18; edited 1 time in total |
|||
|
03 Jul 2012, 10:14 |
|
|
revolution 03 Jul 2012, 10:17
BTW: Your relocs section in the DLL will also be empty when you don't import any of the system APIs in the DLL. A DLL does not need to import any APIs but it must have a non-empty relocs section.
|
|||
|
03 Jul 2012, 10:17 |
|
|
AsmGuru62 03 Jul 2012, 13:51
@fantasia:
I think, recently there was a long thread on why some DLLs (built by FASM) fail on a newer Windows versions -- search the forum. |
|||
|
03 Jul 2012, 13:51 |
|
|
fantasia 03 Jul 2012, 15:00
@AsmGuru62
Thanks for the suggestion, but I was ineffective at searching because I didn't really understand what I was doing and hence what might have even gone wrong. Since Revolution's remarks about initialization routines, I have been reading about the Ldr functions in ntdll.dll. By the way, you don't know how to catch ntdll.dll in a debugger do you?  |
|||
|
03 Jul 2012, 15:00 |
|
|
AsmGuru62 03 Jul 2012, 16:46
You mean to set a breakpoint at WinMain of NTDLL.DLL?
I do not know how to do it. Some DLLs are loaded by the OS before loading any other EXEs, like the one you compile. So, it is not possible to break at this time. |
|||
|
03 Jul 2012, 16:46 |
|
|
fantasia 04 Jul 2012, 09:59
I suppose what I really want to do is to be able to debug the (mis)loading of my DLL so that I might be able to figure out where I went wrong on my own.
The trouble is, in this case, that I'm relying on copying templates rather than understansing why the templates contain what they do. Hence, I haven't been able to understand why what I wrote (well, copied) was not being recognised as a DLL by Windows. I'm a firm believer in trying to figure things out on my own, and I think that using a debugger is the best way to find out why code we write is not working the way we expected. However, I understand that the Ldr API contained within ntdll.dll, is doing the real work and I would like to debug it to see when it decides that my DLL is invalid. But, I do also know when to ask for help from the community. So, can anybody point me in the right direction as to how to go about debugging the loading of a DLL, and how to tell why Windows has decided that my DLL is invalid? Thanks |
|||
|
04 Jul 2012, 09:59 |
|
|
revolution 04 Jul 2012, 10:32
fantasia wrote: ... how to tell why Windows has decided that my DLL is invalid? Quote: Your relocs section in the DLL will also be empty when you don't import any of the system APIs in the DLL. A DLL does not need to import any APIs but it must have a non-empty relocs section.
|
|||
|
04 Jul 2012, 10:32 |
|
|
fantasia 04 Jul 2012, 11:03
@Revolution - I am grateful for, and have accepted your earlier advice.
Perhaps I am not making myself clear: I am trying to learn about DLLs and how they are validated and loaded by Windows. Because it allows fine-grained control of the format of the PE, FASM is the tool I am using to create both valid and invalid DLLs. If all I ever see are examples of well-written, working DLLs , how am I going to know what's wrong with my rubbish ones? So I don't want to just add lines to my source code until it works, I want to know: Is there a way I can get Windows to tell me specifically what it didn't like about my DLL? Thanks |
|||
|
04 Jul 2012, 11:03 |
|
|
revolution 04 Jul 2012, 11:22
It might be possible to debug the loading of an invalid DLL if you delay the loading by using the LoadLibrary API (i.e. remove it from you import table), and use a debugger like OllyDbg. I've not tried it though so let us know if it works.
|
|||
|
04 Jul 2012, 11:22 |
|
|
sinsi 04 Jul 2012, 11:28
Doesn't windbg do kernel debugging?
Here's an old reference What Goes On Inside Windows 2000: Solving the Mysteries of the Loader |
|||
|
04 Jul 2012, 11:28 |
|
|
fantasia 04 Jul 2012, 11:28
@Revolution
That's an excellent idea, thank you. I will let you know how I get on. |
|||
|
04 Jul 2012, 11:28 |
|
< Last Thread | Next Thread > |
Forum Rules:
|