load dll from memory buffer

hi,
i’m trying to load a dll that i have in a buffer in my local address space.
i mean that i have a pointer to a buffer in memory which actually contains
the contents of a dll file.
i want to load the dll like LoadLibrary() does, but i want to do it without
writing the file to the disk.
does anybody know a way to load the dll from the buffer and not from a file
?

thanks,
shahar.


Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Is your intent - to create a new, advanced version of BackOrifice?

Max

----- Original Message -----
From: “Shahar Talmi”
To: “File Systems Developers”
Sent: Monday, October 29, 2001 3:40 AM
Subject: [ntfsd] load dll from memory buffer

> hi,
> i’m trying to load a dll that i have in a buffer in my local address space.
> i mean that i have a pointer to a buffer in memory which actually contains
> the contents of a dll file.
> i want to load the dll like LoadLibrary() does, but i want to do it without
> writing the file to the disk.
> does anybody know a way to load the dll from the buffer and not from a file
> ?
>
> thanks,
> shahar.
>
>
>
> _________________________________________________________
>
> Do You Yahoo!?
>
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

i’m sorry, but i cannot explain my intentions :wink: it’s a secret.
i assure you i do not intend to hurt anyone.

cheers,
shahar.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Monday, October 29, 2001 2:51 AM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

Is your intent - to create a new, advanced version of BackOrifice?

Max

----- Original Message -----
From: “Shahar Talmi”
To: “File Systems Developers”
Sent: Monday, October 29, 2001 3:40 AM
Subject: [ntfsd] load dll from memory buffer

> hi,
> i’m trying to load a dll that i have in a buffer in my local address
space.
> i mean that i have a pointer to a buffer in memory which actually contains
> the contents of a dll file.
> i want to load the dll like LoadLibrary() does, but i want to do it
without
> writing the file to the disk.
> does anybody know a way to load the dll from the buffer and not from a
file
> ?
>
> thanks,
> shahar.
>
>
>
>
>
> Do You Yahoo!?
>
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com



Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I don’t know about Shahar, but I too have a good use for this, and have never had even the vaguest idea of how to start. What we want to do is produce a single EXE containing various DLLs appeneded to the main EXE, and have the EXE extract and run the DLL. We do this at the moment by creating a temporary directory, and extracting the DLL into, then loading it from there. We also have to extract an EXE for tidying up - the app often doesn’t exit cleanly - which deletes the DLL when the main app quits. But this leaves the EXE lying about (smaller than the DLL, so less problem) We then have entries in the registry so that the EXE gets deleted by the system on restart.

If we could load the DLL from a block of memory it’d be so much tidier!

Andy.
-----Original Message-----
From: Shahar Talmi [mailto:xxxxx@yahoo.com]
Sent: 29 October 2001 01:12
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

i’m sorry, but i cannot explain my intentions :wink: it’s a secret.
i assure you i do not intend to hurt anyone.

cheers,
shahar.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Monday, October 29, 2001 2:51 AM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

Is your intent - to create a new, advanced version of BackOrifice?

Max

----- Original Message -----
From: “Shahar Talmi”
To: “File Systems Developers”
Sent: Monday, October 29, 2001 3:40 AM
Subject: [ntfsd] load dll from memory buffer

> hi,
> i’m trying to load a dll that i have in a buffer in my local address
space.
> i mean that i have a pointer to a buffer in memory which actually contains
> the contents of a dll file.
> i want to load the dll like LoadLibrary() does, but i want to do it
without
> writing the file to the disk.
> does anybody know a way to load the dll from the buffer and not from a
file
> ?
>
> thanks,
> shahar.
>
>
>
>


_______________________________________________

FREE Personalized E-mail at Mail.com

http://www.mail.com/?sr=signup

Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!

http://www.net2phone.com/cgi-bin/link.cgi?143


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

This is ‘easy’. Create an FSD that maps the memory as a set of .DLL
files.


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

>>This is ‘easy’. Create an FSD that maps the memory as a set of .DLL files.

… leaving me to extract an FSD from the EXE and install that - needing admin privileges. This might help Shahar, but for my problem, the cure is worse that the disease.

Andy


FREE Personalized E-mail at Mail.com

http://www.mail.com/?sr=signup

Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!

http://www.net2phone.com/cgi-bin/link.cgi?143


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

that does’nt solve my problem:
i can’t put any files on the filesystem (except for my .exe), so i can’t put
the FSD there.
i also don’t have administrative privleges on the system, so i can’t install
the FSD.

cheers,
shahar.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
Sent: Monday, October 29, 2001 5:54 PM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

This is ‘easy’. Create an FSD that maps the memory as a set of .DLL
files.

-----Original Message-----
From: Shahar Talmi [mailto:xxxxx@yahoo.com]
Sent: 29 October 2001 01:12
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

i’m sorry, but i cannot explain my intentions :wink: it’s a secret.
i assure you i do not intend to hurt anyone.

cheers,
shahar.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Monday, October 29, 2001 2:51 AM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

Is your intent - to create a new, advanced version of BackOrifice?

Max

----- Original Message -----
From: “Shahar Talmi”
To: “File Systems Developers”
Sent: Monday, October 29, 2001 3:40 AM
Subject: [ntfsd] load dll from memory buffer

> hi,
> i’m trying to load a dll that i have in a buffer in my local address
space.
> i mean that i have a pointer to a buffer in memory which actually contains
> the contents of a dll file.
> i want to load the dll like LoadLibrary() does, but i want to do it
without
> writing the file to the disk.
> does anybody know a way to load the dll from the buffer and not from a
file
> ?
>
> thanks,
> shahar.
>
>
>
>


_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Parse the PE header, create all of the sections, place the text/data there, resolve imports and then apply the page protection. That
it all.
Also note that FreeLibrary cannot work for you - you must have your own FreeLibrary for such images.

Max

----- Original Message -----
From: “Andy Champ”
To: “File Systems Developers”
Sent: Monday, October 29, 2001 12:28 PM
Subject: [ntfsd] Re: load dll from memory buffer

> I don’t know about Shahar, but I too have a good use for this, and have never had even the vaguest idea of how to start. What we
want to do is produce a single EXE containing various DLLs appeneded to the main EXE, and have the EXE extract and run the DLL. We
do this at the moment by creating a temporary directory, and extracting the DLL into, then loading it from there. We also have to
extract an EXE for tidying up - the app often doesn’t exit cleanly - which deletes the DLL when the main app quits. But this leaves
the EXE lying about (smaller than the DLL, so less problem) We then have entries in the registry so that the EXE gets deleted by
the system on restart.
>
> If we could load the DLL from a block of memory it’d be so much tidier!
>
> Andy.
> -----Original Message-----
> From: Shahar Talmi [mailto:xxxxx@yahoo.com]
> Sent: 29 October 2001 01:12
> To: File Systems Developers
> Subject: [ntfsd] Re: load dll from memory buffer
>
>
> i’m sorry, but i cannot explain my intentions :wink: it’s a secret.
> i assure you i do not intend to hurt anyone.
>
> cheers,
> shahar.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
> Sent: Monday, October 29, 2001 2:51 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: load dll from memory buffer
>
>
> Is your intent - to create a new, advanced version of BackOrifice?
>
> Max
>
> ----- Original Message -----
> From: “Shahar Talmi”
> To: “File Systems Developers”
> Sent: Monday, October 29, 2001 3:40 AM
> Subject: [ntfsd] load dll from memory buffer
>
>
> > hi,
> > i’m trying to load a dll that i have in a buffer in my local address
> space.
> > i mean that i have a pointer to a buffer in memory which actually contains
> > the contents of a dll file.
> > i want to load the dll like LoadLibrary() does, but i want to do it
> without
> > writing the file to the disk.
> > does anybody know a way to load the dll from the buffer and not from a
> file
> > ?
> >
> > thanks,
> > shahar.
> >
> >
> >
> >
> –
>
> _______________________________________________
>
> FREE Personalized E-mail at Mail.com
>
> http://www.mail.com/?sr=signup
>
>
>
> Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!
>
> http://www.net2phone.com/cgi-bin/link.cgi?143
>
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

On developer’s PC:

  • Create your dll as a disk file
  • Strip code section. In easy case, replace it with a lot of ‘\0’.
    In difficult case, modify the PE header
  • Replace startup EIP with zero (to avoid access violation)
  • Redistribute dll file to user’s PC

On user’s PC:

  • LoadLibrary(“stub_dll.dll”)
  • Take your buffer, and replace loaded '\0’s with real code from your buffer
  • jmp [stored_EIP]

This is the easiest, platform-independant way.

If you want to avoid file at all, you must learn internal process data structures for Win9x and WinNT and modify them to
fake windows that dll was really loaded.

Moreover, I’m not sure you can do this without writing a driver for WinNT for patching kernel data structures.

P.S. My solution is meaningless if you can write a only an single exe file. Still, you should have ability to write an temp files.

-----Original Message-----
From: Shahar Talmi [mailto:xxxxx@yahoo.com]
Sent: Tuesday, October 30, 2001 2:08 AM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

that does’nt solve my problem:
i can’t put any files on the filesystem (except for my .exe),
so i can’t put
the FSD there.
i also don’t have administrative privleges on the system, so
i can’t install
the FSD.

cheers,
shahar.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Benson Margulies
Sent: Monday, October 29, 2001 5:54 PM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

This is ‘easy’. Create an FSD that maps the memory as a set of .DLL
files.

-----Original Message-----
From: Shahar Talmi [mailto:xxxxx@yahoo.com]
Sent: 29 October 2001 01:12
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

i’m sorry, but i cannot explain my intentions :wink: it’s a secret.
i assure you i do not intend to hurt anyone.

cheers,
shahar.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Monday, October 29, 2001 2:51 AM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

Is your intent - to create a new, advanced version of BackOrifice?

Max

----- Original Message -----
From: “Shahar Talmi”
> To: “File Systems Developers”
> Sent: Monday, October 29, 2001 3:40 AM
> Subject: [ntfsd] load dll from memory buffer
>
>
> > hi,
> > i’m trying to load a dll that i have in a buffer in my local address
> space.
> > i mean that i have a pointer to a buffer in memory which
> actually contains
> > the contents of a dll file.
> > i want to load the dll like LoadLibrary() does, but i want to do it
> without
> > writing the file to the disk.
> > does anybody know a way to load the dll from the buffer and
> not from a
> file
> > ?
> >
> > thanks,
> > shahar.
> >
> >
> >
> >
> –
>
>
>
> _________________________________________________________
>
> Do You Yahoo!?
>
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@extrim.ru
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

any chance you can direct me to some sample source code ?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Monday, October 29, 2001 5:49 PM
To: File Systems Developers
Subject: [ntfsd] Re: load dll from memory buffer

Parse the PE header, create all of the sections, place the text/data there,
resolve imports and then apply the page protection. That
it all.
Also note that FreeLibrary cannot work for you - you must have your own
FreeLibrary for such images.

Max

----- Original Message -----
From: “Andy Champ”
To: “File Systems Developers”
Sent: Monday, October 29, 2001 12:28 PM
Subject: [ntfsd] Re: load dll from memory buffer

> I don’t know about Shahar, but I too have a good use for this, and have
never had even the vaguest idea of how to start. What we
want to do is produce a single EXE containing various DLLs appeneded to the
main EXE, and have the EXE extract and run the DLL. We
do this at the moment by creating a temporary directory, and extracting the
DLL into, then loading it from there. We also have to
extract an EXE for tidying up - the app often doesn’t exit cleanly - which
deletes the DLL when the main app quits. But this leaves
the EXE lying about (smaller than the DLL, so less problem) We then have
entries in the registry so that the EXE gets deleted by
the system on restart.
>
> If we could load the DLL from a block of memory it’d be so much tidier!
>
> Andy.
> -----Original Message-----
> From: Shahar Talmi [mailto:xxxxx@yahoo.com]
> Sent: 29 October 2001 01:12
> To: File Systems Developers
> Subject: [ntfsd] Re: load dll from memory buffer
>
>
> i’m sorry, but i cannot explain my intentions :wink: it’s a secret.
> i assure you i do not intend to hurt anyone.
>
> cheers,
> shahar.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
> Sent: Monday, October 29, 2001 2:51 AM
> To: File Systems Developers
> Subject: [ntfsd] Re: load dll from memory buffer
>
>
> Is your intent - to create a new, advanced version of BackOrifice?
>
> Max
>
> ----- Original Message -----
> From: “Shahar Talmi”
> To: “File Systems Developers”
> Sent: Monday, October 29, 2001 3:40 AM
> Subject: [ntfsd] load dll from memory buffer
>
>
> > hi,
> > i’m trying to load a dll that i have in a buffer in my local address
> space.
> > i mean that i have a pointer to a buffer in memory which actually
contains
> > the contents of a dll file.
> > i want to load the dll like LoadLibrary() does, but i want to do it
> without
> > writing the file to the disk.
> > does anybody know a way to load the dll from the buffer and not from a
> file
> > ?
> >
> > thanks,
> > shahar.
> >
> >
> >
> >
> –
>
>
>
> FREE Personalized E-mail at Mail.com
>
> http://www.mail.com/?sr=signup
>
>
>
> Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free!
>
> http://www.net2phone.com/cgi-bin/link.cgi?143
>
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>


You are currently subscribed to ntfsd as: xxxxx@yahoo.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

__________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com