-
Apr 25th, 2017, 06:19 AM
#1
Thread Starter
Fanatic Member
Load dll from memory ?
Hi all,
I was wondering if it is possible to load a dll from memory rather than from a file on disk.
Can the bytes of the dll file be stored in an array and then load the dll in the calling/current process from that array ?
I can't use the LoadLibrary API because it expects to be passed a file path in its argument.
A web searched came up with this https://www.joachim-bauch.de/tutoria...l-from-memory/
The code is written in C which I am not very good at .
Does anybody know if this can be done with calssic VB ?
Regards.
-
Apr 25th, 2017, 06:30 AM
#2
Re: Load dll from memory ?
Why would you need to do this, why can't you just write the bytes to disk and call the DLL normally? If it's an ActiveX DLL, I doubt it could be done
-
Apr 25th, 2017, 07:12 AM
#3
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by LaVolpe
Why would you need to do this, why can't you just write the bytes to disk and call the DLL normally? If it's an ActiveX DLL, I doubt it could be done
Thanks for responding,
It is a small rudimentary standard windows dll (not an ActiveX DLL) that I wrote in C++ which I can later use in Office/VBA applications.
I prefer not having to have the dll file distributed along with the calling vba program but I also want this for educational reasons.
One workaround that is usually used is to have the dll bytes stored somewhere in the program and then extract those bytes at run time and create a temporary dll file on disk .. finally, delete the dll file from the disk when done.
I thought having the dll loaded from memory without storing the dll on disk is more flexible and worth learning.
Regards.
-
Apr 25th, 2017, 07:32 AM
#4
Re: Load dll from memory ?
I think it's possible. I'm pretty sure I've seen it done before, but I don't remember if it was in C++ or VB (yeah, I know the two aren't remotely close to each other and you would think the syntax would tip me off, but it was a long time ago.)
Something to keep in mind, this isn't a common thing to do, so examples (if there are any) are going to be hard to find. Also, this kind of thing is something that could be exploited by viruses for deployment, so any action of that sort may result in you app being trapped by a virus scanner.
-tg
-
Apr 25th, 2017, 07:38 AM
#5
Re: Load dll from memory ?
The link you provided appears to do just that. However, since the DLL is loaded into memory, that link scans/parses the DLL and basically builds it within memory, modifying DLL parts/sections as needed regarding memory locations. Additionally, any dependent DLLs must be manually loaded into the process, then the in-memory DLL can be called by its modified entry point. That site doesn't give all the code (from what I saw), it primarily outlines the steps and provides some sample code. Educational reasons? Yep, gonna be a good one & good luck. This is a gray area, regarding hacking/spying, and many may not be willing to offer code/ideas.
-
Apr 25th, 2017, 08:08 AM
#6
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Yes the link doesn't give all the code plus it says it uses MemoryModule which is a C-library needed to load a DLL from memory.
I thought maybe this was already done in VB before . It is a complexe task and is indeed a gray area but it a shame one needs to have the dll saved on disk first for it to be used .
Can anybody think of any other alternative ?
-
Apr 25th, 2017, 09:25 AM
#7
Re: Load dll from memory ?
http://www.vbforums.com/showthread.p...ithout-runtime
That's the basic information about loading a PE from memory. Note, that example contains more dificult example because it doesn't use runtime at all and loads an EXE. You can use this knowledge to write your own PE loader for DLLs with less efforts because you can use all runtime features.
-
Apr 25th, 2017, 11:14 AM
#8
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Hi the trick,
With your PE loader code, will I first need to extract the shellcode from the dll (Which I don't know how) or will it be just the dll file bytes (not shellcode) which is easier ?
Thanks for your response.
LATE EDIT: Will your loader work for x64bit Windows with the appropiate PtrSafe and LongPtr modifications or is the whole memory structure of 64 bit different ?
Last edited by JAAFAR; Apr 25th, 2017 at 11:21 AM.
-
Apr 25th, 2017, 11:18 AM
#9
Re: Load dll from memory ?
It might be cleaner to look into static linking, though VB6 isn't really built for that.
Why not just create a proper installer instead of resorting to malware techniques? The path you are on will probably run afoul of anti-virus software anyway.
-
Apr 25th, 2017, 11:23 AM
#10
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by dilettante
It might be cleaner to look into static linking, though VB6 isn't really built for that.
Why not just create a proper installer instead of resorting to malware techniques?
Can you elaborate on that ?
Thank you.
-
Apr 25th, 2017, 11:28 AM
#11
Re: Load dll from memory ?
I'm not sure how to use static linking with a VB6 main program. Maybe somebody else has done that, but it will involve a few gyrations and a special make process.
But why not just use the PDW to make a setup package?
Or if this a flat DLL you don't need to register maybe use a self-extracting archive for distribution and call it good?
-
Apr 25th, 2017, 11:31 AM
#12
Re: Load dll from memory ?
VB6 can use static link. I've already gave an example.
-
Apr 25th, 2017, 11:34 AM
#13
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by dilettante
But why not just use the PDW to make a setup package?
Or if this a flat DLL you don't need to register maybe use a self-extracting archive for distribution and call it good?
Thanks dilettante .. That will defeat the purpose of what I am trying to do which is to keep the dll embedded in the VBA program and not to have a external file or package - Will it not ?
-
Apr 25th, 2017, 11:41 AM
#14
Re: Load dll from memory ?
-
Apr 25th, 2017, 11:52 AM
#15
Re: Load dll from memory ?
you have the code, do the static link.
Both dz32 and wqewto and Trick have had success with static linking.
personally I convert to VB. It usually makes the code smaller and easier to understand anyway.
-
Apr 25th, 2017, 12:14 PM
#16
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by DEXWERX
you have the code, do the static link.
Both dz32 and wqewto and Trick have had success with static linking.
personally I convert to VB. It usually makes the code smaller and easier to understand anyway.
Sorry to be a pain but, the dll is to be used in VBA ,as mentioned im my OP, which is not compiled code and has no linker involved.
-
Apr 25th, 2017, 12:20 PM
#17
Re: Load dll from memory ?
Originally Posted by JAAFAR
Sorry to be a pain but, the dll is to be used in VBA ,as (NOT) mentioned im my OP, which is not compiled code and has no linker involved.
ah! then you can understand the confusion - being this is the VB6 forum.
How much code are you talking - why can't you convert it. Post it here? Especially considering your 32bit dll can't be "loaded" in 64bit VBA.
Last edited by DEXWERX; Apr 25th, 2017 at 12:31 PM.
-
Apr 25th, 2017, 12:52 PM
#18
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by DEXWERX
ah! then you can understand the confusion - being this is the VB6 forum.
How much code are you talking - why can't you convert it. Post it here? Especially considering your 32bit dll can't be "loaded" in 64bit VBA.
I did mention that I needed this for VBA in my second post and the dll is 64Bit (not 32bit) and I have it working as expected in Windows10 64bit/Office 64bit when loaded the classical way.
The reason I need to run the code from a dll is because the code installs a CBT Windows hook (SetWindowsHookEx) and executing the code from VBA is not IDE safe as opposed to executing it from a dll.
I know that embeeding a dll into an office application with no external DLL file to re-distribute is doable as shown in this link:
http://www.everythingaccess.com/tuto...n-Access-forms
I am after something similar.
-
Apr 25th, 2017, 01:04 PM
#19
Re: Load dll from memory ?
@JAAFAR: DLLs include sections with relocations that need to be fixed up depending on the actual load address -- that's what the OS loader does and what The trick showed how to do manually. Shellcode by definition is relocatable so it is very easy to use from VB6 -- just get a pointer and call it. It's way more hard to produce relocatable bytecode from C/C++ compiler because even `switch` statements emit labels that need relocation.
Here is how I did some "shellcode" in a recent VB6 project of mine: https://github.com/wqweto/ZipArchive...ZipArchive.cls
STR_THUNKs are just base64 encoded x86 bytecode for which each function entry-point is communicated out-of-band in STR_THUNK_OFFSETS. This auto-generated section is produced from `lib/sshzlib/sshzlib.c` plain C file compiled to a DLL, loaded (with the OS loader) and then the bytecode/offsets are extracted from the memory image.
cheers,
</wqw>
-
Apr 25th, 2017, 01:18 PM
#20
Re: Load dll from memory ?
Originally Posted by JAAFAR
I did mention that I needed this for VBA in my second post and the dll is 64Bit (not 32bit) and I have it working as expected in Windows10 64bit/Office 64bit when loaded the classical way.
The reason I need to run the code from a dll is because the code installs a CBT Windows hook ( SetWindowsHookEx) and executing the code from VBA is not IDE safe as opposed to executing it from a dll.
I know that embeeding a dll into an office application with no external DLL file to re-distribute is doable as shown in this link:
http://www.everythingaccess.com/tuto...n-Access-forms
I am after something similar.
I've seen that method - It's basically the same as loading the assembly of the routine, and executing it from memory.
wqewto, The Trick (And LaVolpe) have used embedded assembly to make single File Class's for use in VB.
The link you've posted - uses an IDispatch object created via Assembly or C/C++, and then patches the API entrypoints using a latebound call to an Init function.
This way you only need the code of the COM object. Clever in that you don't need to do a lot of "loading"/address fixups, and really only need to extract the code of the object.
A lot of effort, just to get rid of a dependency.
Why wouldn't you just drop the dll file and load it that way? It's way more maintainable than embedded machine code.
Last edited by DEXWERX; Apr 25th, 2017 at 01:21 PM.
-
Apr 25th, 2017, 01:21 PM
#21
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by wqweto
@JAAFAR: DLLs include sections with relocations that need to be fixed up depending on the actual load address -- that's what the OS loader does and what The trick showed how to do manually. Shellcode by definition is relocatable so it is very easy to use from VB6 -- just get a pointer and call it. It's way more hard to produce relocatable bytecode from C/C++ compiler because even `switch` statements emit labels that need relocation.
Here is how I did some "shellcode" in a recent VB6 project of mine: https://github.com/wqweto/ZipArchive...ZipArchive.cls
STR_THUNKs are just base64 encoded x86 bytecode for which each function entry-point is communicated out-of-band in STR_THUNK_OFFSETS. This auto-generated section is produced from `lib/sshzlib/sshzlib.c` plain C file compiled to a DLL, loaded (with the OS loader) and then the bytecode/offsets are extracted from the memory image.
cheers,
</wqw>
@wqw : That looks daunting and way over my head
I guess I first need to have a better understanding of what the subject involves before attempting similar venture.. I thought this would be less complicated.
Thanks anyway.
-
Apr 25th, 2017, 01:29 PM
#22
Thread Starter
Fanatic Member
Re: Load dll from memory ?
Originally Posted by DEXWERX
I've seen that method - It's basically the same as loading the assembly of the routine, and executing it from memory.
wqewto, The Trick (And LaVolpe) have used embedded assembly to make single File Class's for use in VB.
The link you've posted - uses an IDispatch object created via Assembly or C/C++, and then patches the API entrypoints using a latebound call to an Init function.
This way you only need the code of the COM object. Clever in that you don't need to do a lot of "loading"/address fixups, and really only need to extract the code of the object.
A lot of effort, just to get rid of a dependency.
Why wouldn't you just drop the dll file and load it that way? It's way more maintainable than embedded machine code.
@DEXWERX:
I am a newbie at this stuff but i am eager to learn .
The link you've posted - uses an IDispatch object created via Assembly or C/C++, and then patches the API entrypoints using a latebound call to an Init function.
This way you only need the code of the COM object. Clever in that you don't need to do a lot of "loading"/address fixups, and really only need to extract the code of the object.
Is there a tutorial/example that can teach me how to implement the above technique in a methodical way using C++ (I have no knowledge of ASM)? I would be grateful if you or someone else could point me in the right direction.
Last edited by JAAFAR; Apr 25th, 2017 at 01:41 PM.
-
Apr 25th, 2017, 01:38 PM
#23
Re: Load dll from memory ?
BTW, you can write a shellcode in pure VB6 using small ASM trampolins.
http://www.vbforums.com/showthread.p...=1#post5082533
Last edited by The trick; Apr 25th, 2017 at 01:58 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|