Results 1 to 3 of 3

Thread: Writing a pure Native DLL

  1. #1

    Question Writing a pure Native DLL

    Does anyone have a small sample of how to do this? I'd like to write a native DLL which doesn't link to anything other than ntdll.lib, is this possible and will the entrypoint be executed when loaded by a Win32 process? I don't need to export any routines or anything, just wanting to write a native DLL since I never have seen this done exactly. Thanks

    Regards,
    cpuZ

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,081
    Blog Entries
    5
    I guess the first question is, what defines a "Native Dll" from a programmatic viewpoint? A basic search mentions a couple of things such as requiring the preprocessor definition "NATIVEDLL_EXPORTS", and that the entry point is, by convention though not required, called "NtProcessStartup" rather than winmain/main/dllmain.

    Searching for those 2 keywords yields a lot of information. A few random examples which might be useful:

    http://technet.microsoft.com/en-us/sysinternals/bb897447
    http://www.lcs.syr.edu/faculty/fawcett/handouts/cse775/code/LibDemo/NativeDLL/
    http://doxygen.reactos.org/dd/d0d/entry__point_8c_source.html
    http://www.codeproject.com/Articles/36344/Native-Thread-Injection-Into-the-Session-Manager-S
    http://social.msdn.microsoft.com/Forums/en-US/vcgeneral/thread/03bb7abc-b5a0-427e-b393-588b6b56b949


    If you do get a skeleton working it might be interesting if you posted the code.

    Kayaker

  3. #3
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    well, imho, NtProcessStartup must never be present in a native DLL, which simply imports Nt...() API's, taken from NTDLL.LIB exports, with or without the concurrent use of other less exoteric API's.

    An example of this kind of DLL, but only for .NET applications, is in
    http://www.codeproject.com/Articles/21974/Windows-NT-Native-API-Wrapper-Library:
    it allows a regular .NET application to use Native API's instead of KERNEL32 counterparts...

    An use of the included Registry Editor sample? Reset the trial period of the programs developed by a software house (I will not tell here which one) who stores the installation data in some keys and values whose names include some null characters ;-)

    Best regards, bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

Similar Threads

  1. Native Blocks Pre-Alpha
    By Daniel Pistelli in forum Blogs Forum
    Replies: 10
    Last Post: July 6th, 2009, 13:23
  2. .NET Internals and Native Compiling
    By Daniel Pistelli in forum Blogs Forum
    Replies: 13
    Last Post: July 25th, 2008, 20:55
  3. Replies: 7
    Last Post: March 22nd, 2008, 19:38
  4. Finding Native/P-code compiled?
    By yuvarar in forum The Newbie Forum
    Replies: 5
    Last Post: August 26th, 2006, 03:17
  5. Remotesoft's Salamander 1.1.6.0 (Native Compiling)
    By Ntoskrnl in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: May 23rd, 2006, 06:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •