[go: up one dir, main page]
Scribd
Upload
19 views19 pages

Dynamic Link Libraries

Uploaded by

Umbyis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views19 pages

Dynamic Link Libraries

Uploaded by

Umbyis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Windows Dynamic-Link Libraries

Introduction
• Cornerstone of Windows
• Reuse components
• Enable plugging mechanism
• Simplify project development
• Reduce system consumption
• Support localization
• Resolve platform differences
• Save testing/validation time

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Libraries - Types
• Different types of libraries exist with different characteristics

Library
Application

Static Dynamic
Bind

Implicit Explicit
Library

Loaded-time Forwarded Delayed

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Binding Types
• Different binding types during a process’s life-time
Launch First thread Last thread

Implicit Forwarded Explicit Delayed

lib

lib
Application

lib

lib

lib

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Components
• Some components can be made public

functions Optional typical

Optional
data

resources Optional

functions Optional

data Optional

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Implicit Linking
• Most common case
• Dependencies created during development
• Binding occurs when starting the client application

Launch Read IAT Read EAT Update IAT Start

Resolve Symbols Update Addresses

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Implicit Linking
• Invoking methods
Process

Client Library

code code

call functionA@thunk functionA

... ret
call functionA@thunk ...
...
call functionA@thunk functionB
...
ret
call functionB@thunk
...
...

Import Table Export Table

functionA@thunk functionA
... ...
functionB@thunk functionB
...
...

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Explicit Linking
• Increase application portability
– Library NOT found
– Function is not found
– Function signature is wrong
• Mechanism
– LoadLibraryEx(...)
– GetProcAddress(...)
– Invoke function

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Forwarded Library
• Delegate a call to another function of another library
• Mechanism

client library library

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Delay Loaded Library


• Hybrid between implicit and explicit linking
• Reduce application loading time
• Avoid loading rarely used DLLs
• Declared during development

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Entry Point
• Function implemented as a callback
– Is optional...but often implemented
– Is case sensitive
– Is informational
– Global initialization
– TLS initialization

pestudio – www.winitor.com

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Performance - Rebasing
• Every module has a preferred base address
• Addresses conflict when loading several components
• Used at the end of the build cycle

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Performance - Binding
• Loader resolves the addresses of the imported symbols
• Bind the application during the installation process
• Application must have been previously rebased

Client Server

import export
Loader
functionA@thunk
functionA
Binder

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Issues
• Simple name-based dependencies
• Installing a product which overwrites a DLL file
• Solutions
– WFP
– Redirection
– Known Directories
– Known Libraries
– WinSxS

Install OS Compile application Update OS Install application

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Manifest
• Allow different versions of the same DLL to exist “side-by-side”
• Typtes
– Extern
– Intern
• Assemblies
– Private 1

– Shared
2

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Management
• Access the (some) parts of an image
– Update the version
– Manage the certificate
– Edit the executable image

Management Tool

IMAGEHLP

Image

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Difference between executable and DLL


• Executable vs. Dynamic-Link Library

Executable DLL
IMAGE_FILE_EXECUTABLE (0x2) IMAGE_FILE_DLL (0x2000)
Entry point is mandatory Entry point is optional
Usually without exported functions Often with exported functions
Code is mandatory Code is optional
Can host and can be hosted Must be hosted
Own separated address space Shared address space
Unhandled exception crashes process Unhandled exception crashes host

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Convert a DLL into an Executable


• A DLL can be converted into an Executable (e.g. to ease debugging)
– Modify PE Characteristic: IMAGE_FILE_EXECUTABLE > IMAGE_FILE_DLL
– Modify the existing entry-point to an exported function

CFF Explorer – https://ntcore.com

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

References
• Dynamic-Link Library Entry-Point Function
– https://docs.microsoft.com/en-us/windows/desktop/Dlls/dynamic-link-library-
entry-point-function
• DllMain entry point
– https://docs.microsoft.com/en-us/windows/desktop/Dlls/dllmain

www.winitor.com - May 10, 2019


Windows Dynamic-Link Libraries

Thank you
• Questions?

www.winitor.com - May 10, 2019

You might also like