Say you have a DLL that has a chunk of data in it's data section that you'd like your process (that uses the DLL to have). Just export the data sections address (in the DLL) and import the address in the program (that uses the DLL).
You can always make Get* and Set* methods that return the address to and set the data, but this method seems a little cleaner.
Small Example: This is a PE64 DLL that contains a low level mouse hook. The mouse hook is used to help make randomly generated encyrption keys more random. There's a 16 byte (2x qword) peice of the data section that the process that uses the DLL would like to have.
DLL
format PE64 DLL
entry EntryPoint
include '%fasminc%\win64a.inc'
section '.code' code readable executable
EntryPoint:
mov qword[hMod],rcx ;;;instance handle
mov eax,TRUE
ret 0
;;;LRESULT CALLBACK
;;;Input: rcx=nCode rdx=wParm r8=lParm
CallbackMouseHook:
mov rax,[r8] ;;;POINT struct at MSLLHOOKSTRUCT.pt
sub rsp,8*8 ;;; set up stack for later api calls
cmp edx,WM_MOUSEMOVE ;;;if NOT mousemove event skip logic
jne .skip
add qword[ForEncKey],rax
add qword[ForEncKey+4],rax
bswap rax
sub qword[ForEncKey+8],rax
add dword[ForEncKey+12],eax
mov qword[rsp+8*5],rcx
mov qword[rsp+8*6],rdx
;;;mov qword[rsp+8*7],r8
rdtsc
mov rcx,qword[rsp+8*5]
mov rdx,qword[rsp+8*6]
;;;mov r8,qword[rsp+8*7]
xor dword[ForEncKey+12],eax
sub dword[ForEncKey+8],eax
xor dword[ForEncKey+4],eax
add dword[ForEncKey],eax
not dword[ForEncKey+12]
.skip:
call [CallNextHookEx]
add rsp,8*8
ret 0
section '.data' data readable writeable
;;;module handle
hMod dq 0
;;;Shared information
SharedAddr:
ForEncKey dq 0,0
section '.idata' import data readable writeable
library kernel32,'KERNEL32.DLL',\
user32,'USER32.DLL'
include '%fasminc%\apia\kernel32.inc'
include '%fasminc%\apia\user32.inc'
section '.edata' export data readable
export 'MouseHook.DLL',\
SharedAddr,'SharedAddr',\
CallbackMouseHook,'CallbackMouseHook'
Executable
...
section '.data' data readable writeable
ForEncKey dq 0,0
...
mov rax,qword[SharedAddr]
mov rcx,qword[rax] ;;;1st qword of ForEncKey
mov rax,qword[rax+8] ;;;2nd qword
mov qword[ForEncKey],rcx
mov qword[ForEncKey+8],rax
...
section '.idata' import data readable writeable
;;;API imports
library kernel32,'KERNEL32.DLL',\
user32,'USER32.DLL',\
utils,'MouseHook.DLL'
import MouseHook,\
SharedAddr,'SharedAddr' ;;;Not a function dll shared data ptr
include '%fasminc%\apia\kernel32.inc'
include '%fasminc%\apia\user32.inc'
Any thoughts?
Do you think having a function that returns the address and then using a memcpy api is more appropriate in this situation, or is exporting the address just as good?