为什么LoadLibrary加载不相关的DLL [英] Why LoadLibrary loads unrelated DLLs

问题描述

这是关于DLL注入的。

This is about DLL injection.

假设P.exe依赖于A.dll，B.dll和C.dll（隐式链接），它们是P.exe的私有模块。

Let's say P.exe depends on A.dll, B.dll and C.dll (implicit linking), they're private modules of P.exe.

现在我使用带有CREATE_SUSPENDED标志的CreateProcess来启动P.exe，之后我使用它CreateRemoteThread在目标进程中调用LoadLibrary来加载Inject.dll，并以相同的方式调用Inject.dll的初始化函数来完成实际工作（你不能在DLLMain中做
）。

Now I use CreateProcess with CREATE_SUSPENDED flag to launch P.exe, after that I use CreateRemoteThread to call LoadLibrary in target process to load Inject.dll, and in the same way call an initialize function of Inject.dll to do real work (things you can't do in DLLMain).

它有效。但我发现调用LoadLibrary也会导致A.dll，B.dll和C.dll加载 - 而不仅仅是Inject.dll。从Visual Studio的输出，它们甚至在Inject.dll之前加载，这不是我想要的。你知道，Inject.dll不依赖于任何第三方
DLL，实际上它只取决于kernel32.dll和user32.dll。

It works. But I found that calling to LoadLibrary makes A.dll, B.dll and C.dll load too - not just Inject.dll. From the Output of Visual Studio, they even load before Inject.dll, this is not what I want. You know, Inject.dll does not depend on any third-party DLLs, in fact it just depends on kernel32.dll and user32.dll.

在这种情况下，如何只加载Inject.dll？

In this case, how to load only Inject.dll ?

Aman

推荐答案

无关的DLL是什么意思？你说P.exe取决于那些dll，当然在代码开始执行时加载它们。

What do you mean by unrelated DLLs? You say that P.exe depends on those dlls, of course they are loaded when code starts executing in that process.

这篇关于为什么LoadLibrary加载不相关的DLL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！