从内存中的某个位置加载DLL [英] Loading DLL from a location in memory
问题描述
另一方面,信息很旧,图书馆还没有被更新一会儿所以我想知道是否有不同的,更新的和更好的方式来做到这一点。另外,如果有人使用了文章中提到的图书馆,那么他们能否提供使用它可能面临什么的洞察力?
只是为了好奇,探索加密应用程序的插件的概念,而不将解密的版本存储在磁盘上。
嗯,你可以创建一个RAM驱动器根据这些说明,然后将您可以在内存中的DLL复制到那里的文件,并使用LoadLibrary()。
当然,如果您打算将其部署为某种产品,因为人们会注意到正在安装的驱动程序,安装后重新启动,并在我的电脑下面有一个新的驱动器号。此外,这并不实际隐藏DLL,因为它刚刚坐在RAM驱动器中,供大家观看。
另一件我感兴趣的是为什么你实际上想做这个吗也许您的最终结果可以通过其他方式来实现,而不是从内存中加载DLL。例如,当使用诸如 UPX 的二进制打包程序时,您在磁盘上的DLL不同从最终执行的那个。在DLL通过LoadLibrary正常加载之后,解压器立即启动并重写加载DLL的内存与未压缩的二进制文件(DLL头确保已分配足够的空间)
As the question says, I want to load a DLL from a location in memory instead of a file, similarly to LoadLibrary(Ex). I'm no expert in WinAPI, so googled a little and found this article together with MemoryModule library that pretty much meets my needs.
On the other hand the info there is quite old and the library hasn't been updated for a while too. So I wanted to know if there are different, newer and better ways to do it. Also if somebody has used the library mentioned in the article, could they provide insight on what I might be facing when using it?
Just for the curious ones, I'm exploring the concept of encrypting some plug-ins for applications without storing the decrypted version on disk.
Well, you can create a RAM Drive according to these instructions, then copy the DLL you can in memory to a file there and the use LoadLibrary().
Of course this is not very practical if you plan to deploy this as some kind of product because people are going to notice a driver being installed, a reboot after the installation and a new drive letter under My Computer. Also, this does nothing to actually hide the DLL since its just sitting there in the RAM Drive for everybody to watch.
Another thing I'm interested about is Why you actually want to do this? Perhaps your end result can be achieved by some other means other than Loading the DLL from memory. For instance when using a binary packer such as UPX, the DLL that you have on disk is different from the one that is eventually executed. Immediately after the DLL is loaded normally with LoadLibrary, The unpacker kicks in and rewrites the memory which the DLL is loaded to with the uncompressed binary (the DLL header makes sure that there is enough space allocated)
这篇关于从内存中的某个位置加载DLL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
