Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category.

load dll from memory buffer

hi,
i'm trying to load a dll that i have in a buffer in my local address space.
i mean that i have a pointer to a buffer in memory which actually contains
the contents of a dll file.
i want to load the dll like LoadLibrary() does, but i want to do it without
writing the file to the disk.
does anybody know a way to load the dll from the buffer and not from a file
?

thanks,
shahar.



_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com




---
You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com

Comments

  • Is your intent - to create a new, advanced version of BackOrifice?

    Max

    ----- Original Message -----
    From: "Shahar Talmi" <xxxxx@yahoo.com>
    To: "File Systems Developers" <xxxxx@lists.osr.com>
    Sent: Monday, October 29, 2001 3:40 AM
    Subject: [ntfsd] load dll from memory buffer


    > hi,
    > i'm trying to load a dll that i have in a buffer in my local address space.
    > i mean that i have a pointer to a buffer in memory which actually contains
    > the contents of a dll file.
    > i want to load the dll like LoadLibrary() does, but i want to do it without
    > writing the file to the disk.
    > does anybody know a way to load the dll from the buffer and not from a file
    > ?
    >
    > thanks,
    > shahar.
    >
    >
    >
    > _________________________________________________________
    >
    > Do You Yahoo!?
    >
    > Get your free @yahoo.com address at http://mail.yahoo.com
    >
    >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
    > To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
    >


    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • i'm sorry, but i cannot explain my intentions ;) it's a secret.
    i assure you i do not intend to hurt anyone.

    cheers,
    shahar.

    -----Original Message-----
    From: xxxxx@lists.osr.com
    [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    Sent: Monday, October 29, 2001 2:51 AM
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    Is your intent - to create a new, advanced version of BackOrifice?

    Max

    ----- Original Message -----
    From: "Shahar Talmi" <xxxxx@yahoo.com>
    To: "File Systems Developers" <xxxxx@lists.osr.com>
    Sent: Monday, October 29, 2001 3:40 AM
    Subject: [ntfsd] load dll from memory buffer


    > hi,
    > i'm trying to load a dll that i have in a buffer in my local address
    space.
    > i mean that i have a pointer to a buffer in memory which actually contains
    > the contents of a dll file.
    > i want to load the dll like LoadLibrary() does, but i want to do it
    without
    > writing the file to the disk.
    > does anybody know a way to load the dll from the buffer and not from a
    file
    > ?
    >
    > thanks,
    > shahar.
    >
    >
    >
    > _________________________________________________________
    >
    > Do You Yahoo!?
    >
    > Get your free @yahoo.com address at http://mail.yahoo.com
    >
    >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
    > To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
    >


    ---
    You are currently subscribed to ntfsd as: xxxxx@yahoo.com
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com



    _________________________________________________________

    Do You Yahoo!?

    Get your free @yahoo.com address at http://mail.yahoo.com




    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • I don't know about Shahar, but I too have a good use for this, and have never had even the vaguest idea of how to start. What we want to do is produce a single EXE containing various DLLs appeneded to the main EXE, and have the EXE extract and run the DLL. We do this at the moment by creating a temporary directory, and extracting the DLL into, then loading it from there. We also have to extract an EXE for tidying up - the app often doesn't exit cleanly - which deletes the DLL when the main app quits. But this leaves the EXE lying about (smaller than the DLL, so less problem) We then have entries in the registry so that the EXE gets deleted by the system on restart.

    If we could load the DLL from a block of memory it'd be so much tidier!

    Andy.
    -----Original Message-----
    From: Shahar Talmi [mailto:xxxxx@yahoo.com]
    Sent: 29 October 2001 01:12
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    i'm sorry, but i cannot explain my intentions ;) it's a secret.
    i assure you i do not intend to hurt anyone.

    cheers,
    shahar.

    -----Original Message-----
    From: xxxxx@lists.osr.com
    [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    Sent: Monday, October 29, 2001 2:51 AM
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    Is your intent - to create a new, advanced version of BackOrifice?

    Max

    ----- Original Message -----
    From: "Shahar Talmi" <xxxxx@yahoo.com>
    To: "File Systems Developers" <xxxxx@lists.osr.com>
    Sent: Monday, October 29, 2001 3:40 AM
    Subject: [ntfsd] load dll from memory buffer


    > hi,
    > i'm trying to load a dll that i have in a buffer in my local address
    space.
    > i mean that i have a pointer to a buffer in memory which actually contains
    > the contents of a dll file.
    > i want to load the dll like LoadLibrary() does, but i want to do it
    without
    > writing the file to the disk.
    > does anybody know a way to load the dll from the buffer and not from a
    file
    > ?
    >
    > thanks,
    > shahar.
    >
    >
    >
    >
    --

    _______________________________________________

    FREE Personalized E-mail at Mail.com

    http://www.mail.com/?sr=signup



    Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!

    http://www.net2phone.com/cgi-bin/link.cgi?143





    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • This is 'easy'. Create an FSD that maps the memory as a set of .DLL
    files.

    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • >>This is 'easy'. Create an FSD that maps the memory as a set of .DLL files.

    .. leaving me to extract an FSD from the EXE and install that - needing admin privileges. This might help Shahar, but for my problem, the cure is worse that the disease.

    Andy
    --

    _______________________________________________

    FREE Personalized E-mail at Mail.com

    http://www.mail.com/?sr=signup



    Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!

    http://www.net2phone.com/cgi-bin/link.cgi?143





    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • that does'nt solve my problem:
    i can't put any files on the filesystem (except for my .exe), so i can't put
    the FSD there.
    i also don't have administrative privleges on the system, so i can't install
    the FSD.

    cheers,
    shahar.

    -----Original Message-----
    From: xxxxx@lists.osr.com
    [mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
    Sent: Monday, October 29, 2001 5:54 PM
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    This is 'easy'. Create an FSD that maps the memory as a set of .DLL
    files.

    -----Original Message-----
    From: Shahar Talmi [mailto:xxxxx@yahoo.com]
    Sent: 29 October 2001 01:12
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    i'm sorry, but i cannot explain my intentions ;) it's a secret.
    i assure you i do not intend to hurt anyone.

    cheers,
    shahar.

    -----Original Message-----
    From: xxxxx@lists.osr.com
    [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    Sent: Monday, October 29, 2001 2:51 AM
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    Is your intent - to create a new, advanced version of BackOrifice?

    Max

    ----- Original Message -----
    From: "Shahar Talmi" <xxxxx@yahoo.com>
    To: "File Systems Developers" <xxxxx@lists.osr.com>
    Sent: Monday, October 29, 2001 3:40 AM
    Subject: [ntfsd] load dll from memory buffer


    > hi,
    > i'm trying to load a dll that i have in a buffer in my local address
    space.
    > i mean that i have a pointer to a buffer in memory which actually contains
    > the contents of a dll file.
    > i want to load the dll like LoadLibrary() does, but i want to do it
    without
    > writing the file to the disk.
    > does anybody know a way to load the dll from the buffer and not from a
    file
    > ?
    >
    > thanks,
    > shahar.
    >
    >
    >
    >
    --



    _________________________________________________________

    Do You Yahoo!?

    Get your free @yahoo.com address at http://mail.yahoo.com




    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • Parse the PE header, create all of the sections, place the text/data there, resolve imports and then apply the page protection. That
    it all.
    Also note that FreeLibrary cannot work for you - you must have your own FreeLibrary for such images.

    Max

    ----- Original Message -----
    From: "Andy Champ" <xxxxx@earthling.net>
    To: "File Systems Developers" <xxxxx@lists.osr.com>
    Sent: Monday, October 29, 2001 12:28 PM
    Subject: [ntfsd] Re: load dll from memory buffer


    > I don't know about Shahar, but I too have a good use for this, and have never had even the vaguest idea of how to start. What we
    want to do is produce a single EXE containing various DLLs appeneded to the main EXE, and have the EXE extract and run the DLL. We
    do this at the moment by creating a temporary directory, and extracting the DLL into, then loading it from there. We also have to
    extract an EXE for tidying up - the app often doesn't exit cleanly - which deletes the DLL when the main app quits. But this leaves
    the EXE lying about (smaller than the DLL, so less problem) We then have entries in the registry so that the EXE gets deleted by
    the system on restart.
    >
    > If we could load the DLL from a block of memory it'd be so much tidier!
    >
    > Andy.
    > -----Original Message-----
    > From: Shahar Talmi [mailto:xxxxx@yahoo.com]
    > Sent: 29 October 2001 01:12
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > i'm sorry, but i cannot explain my intentions ;) it's a secret.
    > i assure you i do not intend to hurt anyone.
    >
    > cheers,
    > shahar.
    >
    > -----Original Message-----
    > From: xxxxx@lists.osr.com
    > [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    > Sent: Monday, October 29, 2001 2:51 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > Is your intent - to create a new, advanced version of BackOrifice?
    >
    > Max
    >
    > ----- Original Message -----
    > From: "Shahar Talmi" <xxxxx@yahoo.com>
    > To: "File Systems Developers" <xxxxx@lists.osr.com>
    > Sent: Monday, October 29, 2001 3:40 AM
    > Subject: [ntfsd] load dll from memory buffer
    >
    >
    > > hi,
    > > i'm trying to load a dll that i have in a buffer in my local address
    > space.
    > > i mean that i have a pointer to a buffer in memory which actually contains
    > > the contents of a dll file.
    > > i want to load the dll like LoadLibrary() does, but i want to do it
    > without
    > > writing the file to the disk.
    > > does anybody know a way to load the dll from the buffer and not from a
    > file
    > > ?
    > >
    > > thanks,
    > > shahar.
    > >
    > >
    > >
    > >
    > --
    >
    > _______________________________________________
    >
    > FREE Personalized E-mail at Mail.com
    >
    > http://www.mail.com/?sr=signup
    >
    >
    >
    > Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!
    >
    > http://www.net2phone.com/cgi-bin/link.cgi?143
    >
    >
    >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
    > To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
    >


    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • On developer's PC:
    - Create your dll as a disk file
    - Strip code section. In easy case, replace it with a lot of '\0'.
    In difficult case, modify the PE header
    - Replace startup EIP with zero (to avoid access violation)
    - Redistribute dll file to user's PC


    On user's PC:
    - LoadLibrary("stub_dll.dll")
    - Take your buffer, and replace loaded '\0's with real code from your buffer
    - jmp [stored_EIP]

    This is the easiest, platform-independant way.

    If you want to avoid file at all, you must learn internal process data structures for Win9x and WinNT and modify them to
    fake windows that dll was really loaded.

    Moreover, I'm not sure you can do this without writing a driver for WinNT for patching kernel data structures.

    P.S. My solution is meaningless if you can write a only an single exe file. Still, you should have ability to write an temp files.

    > -----Original Message-----
    > From: Shahar Talmi [mailto:xxxxx@yahoo.com]
    > Sent: Tuesday, October 30, 2001 2:08 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > that does'nt solve my problem:
    > i can't put any files on the filesystem (except for my .exe),
    > so i can't put
    > the FSD there.
    > i also don't have administrative privleges on the system, so
    > i can't install
    > the FSD.
    >
    > cheers,
    > shahar.
    >
    > -----Original Message-----
    > From: xxxxx@lists.osr.com
    > [mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
    > Sent: Monday, October 29, 2001 5:54 PM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > This is 'easy'. Create an FSD that maps the memory as a set of .DLL
    > files.
    >
    > -----Original Message-----
    > From: Shahar Talmi [mailto:xxxxx@yahoo.com]
    > Sent: 29 October 2001 01:12
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > i'm sorry, but i cannot explain my intentions ;) it's a secret.
    > i assure you i do not intend to hurt anyone.
    >
    > cheers,
    > shahar.
    >
    > -----Original Message-----
    > From: xxxxx@lists.osr.com
    > [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    > Sent: Monday, October 29, 2001 2:51 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > Is your intent - to create a new, advanced version of BackOrifice?
    >
    > Max
    >
    > ----- Original Message -----
    > From: "Shahar Talmi" <xxxxx@yahoo.com>
    > To: "File Systems Developers" <xxxxx@lists.osr.com>
    > Sent: Monday, October 29, 2001 3:40 AM
    > Subject: [ntfsd] load dll from memory buffer
    >
    >
    > > hi,
    > > i'm trying to load a dll that i have in a buffer in my local address
    > space.
    > > i mean that i have a pointer to a buffer in memory which
    > actually contains
    > > the contents of a dll file.
    > > i want to load the dll like LoadLibrary() does, but i want to do it
    > without
    > > writing the file to the disk.
    > > does anybody know a way to load the dll from the buffer and
    > not from a
    > file
    > > ?
    > >
    > > thanks,
    > > shahar.
    > >
    > >
    > >
    > >
    > --
    >
    >
    >
    > _________________________________________________________
    >
    > Do You Yahoo!?
    >
    > Get your free @yahoo.com address at http://mail.yahoo.com
    >
    >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: xxxxx@extrim.ru
    > To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
    >
    >



    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
  • any chance you can direct me to some sample source code ?

    -----Original Message-----
    From: xxxxx@lists.osr.com
    [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    Sent: Monday, October 29, 2001 5:49 PM
    To: File Systems Developers
    Subject: [ntfsd] Re: load dll from memory buffer


    Parse the PE header, create all of the sections, place the text/data there,
    resolve imports and then apply the page protection. That
    it all.
    Also note that FreeLibrary cannot work for you - you must have your own
    FreeLibrary for such images.

    Max

    ----- Original Message -----
    From: "Andy Champ" <xxxxx@earthling.net>
    To: "File Systems Developers" <xxxxx@lists.osr.com>
    Sent: Monday, October 29, 2001 12:28 PM
    Subject: [ntfsd] Re: load dll from memory buffer


    > I don't know about Shahar, but I too have a good use for this, and have
    never had even the vaguest idea of how to start. What we
    want to do is produce a single EXE containing various DLLs appeneded to the
    main EXE, and have the EXE extract and run the DLL. We
    do this at the moment by creating a temporary directory, and extracting the
    DLL into, then loading it from there. We also have to
    extract an EXE for tidying up - the app often doesn't exit cleanly - which
    deletes the DLL when the main app quits. But this leaves
    the EXE lying about (smaller than the DLL, so less problem) We then have
    entries in the registry so that the EXE gets deleted by
    the system on restart.
    >
    > If we could load the DLL from a block of memory it'd be so much tidier!
    >
    > Andy.
    > -----Original Message-----
    > From: Shahar Talmi [mailto:xxxxx@yahoo.com]
    > Sent: 29 October 2001 01:12
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > i'm sorry, but i cannot explain my intentions ;) it's a secret.
    > i assure you i do not intend to hurt anyone.
    >
    > cheers,
    > shahar.
    >
    > -----Original Message-----
    > From: xxxxx@lists.osr.com
    > [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
    > Sent: Monday, October 29, 2001 2:51 AM
    > To: File Systems Developers
    > Subject: [ntfsd] Re: load dll from memory buffer
    >
    >
    > Is your intent - to create a new, advanced version of BackOrifice?
    >
    > Max
    >
    > ----- Original Message -----
    > From: "Shahar Talmi" <xxxxx@yahoo.com>
    > To: "File Systems Developers" <xxxxx@lists.osr.com>
    > Sent: Monday, October 29, 2001 3:40 AM
    > Subject: [ntfsd] load dll from memory buffer
    >
    >
    > > hi,
    > > i'm trying to load a dll that i have in a buffer in my local address
    > space.
    > > i mean that i have a pointer to a buffer in memory which actually
    contains
    > > the contents of a dll file.
    > > i want to load the dll like LoadLibrary() does, but i want to do it
    > without
    > > writing the file to the disk.
    > > does anybody know a way to load the dll from the buffer and not from a
    > file
    > > ?
    > >
    > > thanks,
    > > shahar.
    > >
    > >
    > >
    > >
    > --
    >
    > _______________________________________________
    >
    > FREE Personalized E-mail at Mail.com
    >
    > http://www.mail.com/?sr=signup
    >
    >
    >
    > Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!
    >
    > http://www.net2phone.com/cgi-bin/link.cgi?143
    >
    >
    >
    >
    >
    > ---
    > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
    > To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
    >


    ---
    You are currently subscribed to ntfsd as: xxxxx@yahoo.com
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com



    _________________________________________________________

    Do You Yahoo!?

    Get your free @yahoo.com address at http://mail.yahoo.com




    ---
    You are currently subscribed to ntfsd as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-ntfsd-$subst('Recip.MemberIDChar')@lists.osr.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!