View Full Version : LoadLibrary Emulation

February 28th, 2002, 22:18
Hi all.

The other day someone ask me why the regsvr32.exe cannot register some .dll (say "a.dll".
I've realize that those "a.dll" uses some others dll's (i mean in the import table of "a.dll" there's "c.dll" and "d.dll" and some other dll's).
The point is: regsvr32 fails bcoz i dont have c.dll and d.dll, so i start to program my own regsvr, and i discover that i must make a LoadLibrary, then GetProcAddress of function DllRegisterServer and then execute those function. That's easy.
The proble is LoadLibrary fails if some dll in the import table is missing. So i try to make my own LoadLibrary function.

First OpenFile, then CreateFileMappin, MapViewOfFileEx, the search for the EP and execute the code there, and then i've programmed my GetProcAddress and the execute DllRegisterServer.

All those goes fine, until i've discovered that those shitty DllRegisterServer uses static addresses. (i mean that the MApViewOfFileEx maps from address 82xxxxxx or something like that and the code into the dll expects addresses 10xxxxxx or something).

So, anyone have some ideas to make a successfull LoadLibrary emulation?. i think it could be possible.

Greets and thanks.

March 1st, 2002, 02:32
Hello r00t !

Try to look at this document http://spiff.tripnet.se/~iczelion/files/pe1.zip. It describes the format of PE files. The point you're interested in (because that's your problem ) is Relocation.
But you'll need Imports too, so take a look at the Import section. Then you'll find out that you'll probably need the DLLs you don't have in order to have your DLL working correctly. I don't think they're in the import table just for fun.
Don't hesitate to look at the rest too.

March 2nd, 2002, 01:42
Thanks for the tip.

I've managed to make all the relocations.

But i've the problem of unresolved imports.
More or lees i've managed to resolve some imports, i've tested in some code locations that uses those imports that was resolved, but the imports relocation fails bcoz the difference between the raw offsets and virtual offsets.

It seems that i must make a MapViewOfFile for each section in the exe.

Hey Dakien, any other tip?.

March 2nd, 2002, 10:17
Hello r00t !

You must change your DLL so that raw and virtual offset are the same.
MapViewOfFile for each section might also work, but it is very complicated.

But as I already said, if you don't have the missing DLLs, all imports from these DLLs will be unresolved and any call to an imported function from this DLLs will crash the main DLL.

March 2nd, 2002, 14:22
The main point is emulate the function DllRegisterServer.

Remember i wanna make my own regsvr32.

The problem with regsvr32 is that depends on each dll that u wanna register, bcoz regsvr32 only calls the function DllRegisterServer that lies in the dll u want to register.

Greets and thanks.

March 3rd, 2002, 04:14
Why not scan and LoadLibrary() for each DLL in the import directory, then do your thing?