Index
> Windows > Load DLL directly from memory (no file) |
| Author |
|
|
Trinitek
https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
It basically says that you need to write your own PE loader. Seems trivial as far as I can tell. |
|||
25 Apr 2016, 22:08 |
|
|
MUFOS
Trinitek wrote: https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/ In other words; should I just follow that guide and translate the code to fasm? |
|||
|
26 Apr 2016, 07:48 |
|
|
revolution
Trinitek wrote: It basically says that you need to write your own PE loader. Seems trivial as far as I can tell. |
|||
|
26 Apr 2016, 09:10 |
|
|
MUFOS
revolution wrote:
So that guide won't work? |
|||
|
26 Apr 2016, 09:39 |
|
|
revolution
It depends upon your DLL file. Some DLLs are simple and don't load any other resources, some are not. If you have the source to the DLL then it is probably easier to just statically compile it into your exe. Or maybe try statically linking it, but not its dependencies.
|
|||
|
26 Apr 2016, 09:45 |
|
|
MUFOS
What I want is an addon system. Would it be possible to just inject an addon that only contains assembly code (e.g. .bin assembled) without PE? If I am not thinking completely wrong, it's like injecting shellcode?
|
|||
|
27 Apr 2016, 10:25 |
|
|
revolution
MUFOS wrote: What I want is an addon system. Would it be possible to just inject an addon that only contains assembly code (e.g. .bin assembled) without PE? If I am not thinking completely wrong, it's like injecting shellcode? You could always just us a DLL, it is designed for the job (: |
|||
|
27 Apr 2016, 13:20 |
|
|
MUFOS
revolution wrote:
What I want to accomplish is a plugin system. For instance I could send the plugin over the internet so that code could remain protected (one usage example). And in addition others could develop further on the program. However, my requirement is that the plugin can be loaded from memory, e.g. never stored on the disk. |
|||
|
27 Apr 2016, 18:11 |
|
|
typedef
You can define your own file structure then.
Your plugin file's header will contain information about which DLLs to load and where to place the jump/function pointer. Your main program loads the required DLLs if not already loaded. Your plugin must use relative jumps to so that way your host application can fill in those function pointer. plugin.bin Code: MAX_NAME equ 0xFF MAX_FN_NAME equ 0x80 ; align to some bit-width boundary here .ddMagic dd $123 ; some file identifier here .dwLibs dd 1 ; number of DLLs to load ; Begin import structure .pzsDllName1 du "user32.dll",....,0 ; <--- Unicode string of length MAX_NAME .ddFuncs2 dd 1 ; <-- Number of functions ; user32 functions .pszName db "MessageBoxW",...0 ; MAX_FN_NAME .dwOrdinal dw $00000 .dwMessageBoxW dd $00000 ; Either ordinal or name ; End import structure ; your data area placed in data section. .ddDataSize dd 123456 .ddDataOffset dd .my_data ; Relative offset from the beginning of the file. Since the whole thing will be in memory .ddFlags dd $0000000 ;<--- Define access flags here ; your exported code .ddCodeSize dd 123455 .ddSectionAddress dd .code_section .ddAccessFlags dd 1234 .ddNumberOfExportedFunctions dd 1 ; export function structure .pszFuncName db "my_function",....,0 ; MAX_FN_NAME .ddFuncAddress dd my_function ; You code section here .code_section: ; void __stdcall my_function() my_function: push ebp mov ebp, esp push 0 push .pszHello push .pszHello push 0 call dword ptr[.dwMessageBoxW] mov esp, ebp pop ebp retn .my_data: .pszHello du "Hello",0 To make it simple, you can just lay it out FLAT in memory so that way resolving function calls will be easier. Also make sure you align and padd all sections. |
|||
|
09 May 2016, 15:27 |
|
< Last Thread | Next Thread > |
Forum Rules:
|