更改导入的Dll名称？ [英] Change imported Dll name?

问题描述

在便携式可执行文件中，我们可以通过编辑PE文件来更改导入的dll名称，
在这里，我已经在一个导入的DLL应用程序exe的名称中更改了，那个时候它正常地改变了....例如advapi32.dll到^ dvapi32.dll，所以这里system32或任何其他PATH位置没有^ dvapi32.dll ..这个时候，我只是改变了真正的advapi32.dll到^ dvapi32.dll并放入应用程序目录，这一次它的工作很好....但是当我试图用ntdll& gdi32.dll，它不支持，我无法解决问题，请帮助我解决问题..thanks。

In a Portable-Executable ,we can change the imported dll name ,by editing PE file , here , i had changed in one imported dll name of application exe,that time it changed normally ....e.g advapi32.dll to ^dvapi32.dll ,so here system32 or any other PATH location doesnt have ^dvapi32.dll ..this time simply i changed the real advapi32.dll into ^dvapi32.dll and put in the application directory ,this time its work fine ....but when i am trying with ntdll & gdi32.dll ,it doesnt supported ,i cant resolve the problem ,pls help me towards the problem ..thanks.

推荐答案

系统当Windows启动时，像GDI32.DLL这样的Dll将加载到内存中，因为它们提供必要的Windows操作系统功能（在这种情况下是图形功能）。一些DLL是使用固定的ImageBase构建的（怀疑这适用于最重要的系统DLL，例如KERNEL32，GDI32.DLL，USER32.DLL），并复制和重命名此类型的DLL，并引用它们将无法正常工作，而不是修改其ImageBase PE头。

System Dlls like GDI32.DLL are loaded into memory when Windows starts as they provide essential Windows OS functions (in this case, graphical functions). Some DLLs are built with a fixed ImageBase (suspect this applies to the most essential system DLLs e.g KERNEL32, GDI32.DLL, USER32.DLL) and copying and renaming this type of DLLs and referencing them will not work, not without modifying their ImageBase in the PE header.

这是因为它们将尝试将自己加载到ImageBase指定的内存中，并且失败，因为特定的内存位置已被原来的DLL占用内存及其固定的ImageBase可防止它们在备用内存位置加载。没有固定的ImageBase的DLL将被Windows重定位，以使用另一个内存位置并运行没有问题。

This occurs because they will attempt to load themselves into memory specified by ImageBase and fail, since the particular memory location is already occupied by the original DLL already in memory and their fixed ImageBase prevents them from loading at alternative memory locations. DLLs without a fixed ImageBase will be relocated by Windows to use another memory location and run without problems.

如果DLL副本的ImageBase更改为不同的值，DLL如果ImageBase指向的内存位置未被占用，则固定的ImageBase将正常工作。

If the ImageBase of the DLL copy is changed to a different value, DLLs with a fixed ImageBase will work properly provided that the memory location pointed by ImageBase is unoccupied.

虽然我已经在记事本副本上成功测试了该方法，然后更改了导入Windows XP中的DLL副本的DLL名称和ImageBase，这个强大的DISCOURAGE 这种方式导入和篡改Windows系统DLL。

While I have tested this approach successfully on a copy of Notepad and then changing the imported DLL names and ImageBases of the DLL copies on Windows XP, I STRONGLY DISCOURAGE this fiddling with imports and tampering of Windows system DLLs in this manner.

这篇关于更改导入的Dll名称？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！