从内存中的某个位置加载 DLL
正如问题所说,我想从内存中的某个位置而不是文件加载 DLL,类似于 LoadLibrary(Ex).我不是 WinAPI 的专家,所以用谷歌搜索了一下,发现 这篇文章与 MemoryModule 库一起几乎可以满足我的需求.
As the question says, I want to load a DLL from a location in memory instead of a file, similarly to LoadLibrary(Ex). I'm no expert in WinAPI, so googled a little and found this article together with MemoryModule library that pretty much meets my needs.
另一方面,那里的信息很旧,图书馆也有一段时间没有更新了.所以我想知道是否有不同的、更新的和更好的方法来做到这一点.此外,如果有人使用过文章中提到的库,他们能否提供有关我在使用它时可能面临的问题的见解?
On the other hand the info there is quite old and the library hasn't been updated for a while too. So I wanted to know if there are different, newer and better ways to do it. Also if somebody has used the library mentioned in the article, could they provide insight on what I might be facing when using it?
为了好奇的人,我正在探索为应用程序加密一些插件而不将解密版本存储在磁盘上的概念.
Just for the curious ones, I'm exploring the concept of encrypting some plug-ins for applications without storing the decrypted version on disk.
推荐答案
好吧,你可以根据 这些说明,然后将您可以在内存中的 DLL 复制到那里的文件并使用 LoadLibrary().
当然,如果您打算将它部署为某种产品,这不是很实用,因为人们会注意到安装了驱动程序、安装后重新启动以及我的电脑下的新驱动器号.此外,这并没有真正隐藏 DLL,因为它只是放在 RAM 驱动器中供所有人观看.
Well, you can create a RAM Drive according to these instructions, then copy the DLL you can in memory to a file there and the use LoadLibrary().
Of course this is not very practical if you plan to deploy this as some kind of product because people are going to notice a driver being installed, a reboot after the installation and a new drive letter under My Computer. Also, this does nothing to actually hide the DLL since its just sitting there in the RAM Drive for everybody to watch.
我感兴趣的另一件事是你为什么要这样做?也许您的最终结果可以通过从内存中加载 DLL 以外的其他方式来实现.例如,当使用诸如 UPX 之类的二进制打包程序时,您在磁盘上的 DLL 是不同的从最终被执行的那个.在 DLL 被 LoadLibrary 正常加载后,解包器立即启动并使用未压缩的二进制文件重写 DLL 加载到的内存(DLL 头确保分配了足够的空间)
Another thing I'm interested about is Why you actually want to do this? Perhaps your end result can be achieved by some other means other than Loading the DLL from memory. For instance when using a binary packer such as UPX, the DLL that you have on disk is different from the one that is eventually executed. Immediately after the DLL is loaded normally with LoadLibrary, The unpacker kicks in and rewrites the memory which the DLL is loaded to with the uncompressed binary (the DLL header makes sure that there is enough space allocated)
相关文章