I wan't to load a DLL but if i use LoadLibrary it executes the DLL, so i used GetModuleHandle, but that doesn't work, so then i used LoadLibrary and DisableThreadLibraryCalls to stop execution, but it still executes.

how can i load the DLL for use with GetProcAddress without executing it.
Posted on 2003-05-05 09:11:30 by -=TM=-
(posted in the wrong forum - moved to main)

By 'execute' you mean calling DllMain? I never used it but MapAndLoad might do what you want. Have a look at the ImageHlp API it has lots of these kind of functions.
DllMain gives the DLL a chance to initialize itself and to prevent the parent app from loading if something went wrong in the initialization. So why do you want to load a DLL without doing this? At least don't expect functions to work if you don't let the DLL initialize itself. You can access resources though if that's what this is about.


edit: Oh I see you want to use GetProcAddress, if the DLL is not yours, you'll have to let it initialize or functions may fail (or worse: work on unitialized data). Of course you can just test it and see if it works, but 'hey it works' does not mean it's correct or that it will work in future releases.
Posted on 2003-05-05 09:37:58 by Thomas

how can i load the DLL for use with GetProcAddress without executing it.

In short: "you can't" - but there's methods, depending on what you need. What exactly do you need to do?
Posted on 2003-05-05 10:31:07 by f0dder
I'm getting the Proc address, but loadLibrary causes it to execute at DLLMain, I used GetModuleHandle but it doesn't work. It needs to work on 9x, so LoadLibrayEx won't work either. Would file mapping return a valid handle for use with GetProcAddress.
Posted on 2003-05-05 14:15:44 by -=TM=-
GetModuleHandle only returns a handle if the DLL is already loaded in your process.
If you need to call the stuff returned by GetProcAddress, you _need_ to LoadLibrary it.

File mapping will not be enough. Give some more info on what you need to do, otherwise we can't really help you.
Posted on 2003-05-05 14:18:40 by f0dder
My program has no real use, i was just experimenting with DLL's, but i just didn't wan't it to execute after it was loaded.

how would i uses DisableThreadLibraryCalls, i assume you use it after loadlibrary as it needs a handle, but the DLL still gets executed.
Posted on 2003-05-05 14:24:58 by -=TM=-

The DisableThreadLibraryCalls function disables the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications for the specified dynamic-link library (DLL).

Ie, you still get process attach/detach.

If you want to look up exports without executing _any_ DLL code, you will have to do your own PE loader. And unless you do a relatively large job, you wont be able to execute exports from the DLL.

"My program has no real use", yet you say "It needs to work on 9x, so LoadLibrayEx"? Sounds a bit fishy to me. Anyway, LoadLibraryEx is there since NT3.1 and win95, so you can use that with LOAD_LIBRARY_AS_DATAFILE. Don't count on being able to use GetProcAddress, though. Might work on some windows versions, fail on other. Even if it works, you still can't call code.
Posted on 2003-05-05 14:31:08 by f0dder
i said needs to work on 9x cause i'm on 9x, so i need to know if it works or not, and most params for LoadLibraryEx are not supported on 9x.
Making my own PE Loader is a bit to much, so i'll just forget this DLL stuff.
Thanks for your help.
Posted on 2003-05-05 14:38:28 by -=TM=-


If this value is used, the system maps the file into the calling process's virtual address space as if it were a data file. Nothing is done to execute or prepare to execute the mapped file. Use this flag when you want to load a DLL only to extract messages or resources from it.
Windows NT/2000/XP: You can use the resulting module handle with any functions that operate on resources.

Windows 95/98/Me: You can use the resulting module handle only with resource management functions such as EnumResourceLanguages, EnumResourceNames, EnumResourceTypes, FindResource, FindResourceEx, LoadResource, and SizeofResource. You cannot use this handle with specialized resource management functions such as LoadBitmap, LoadCursor, LoadIcon, LoadImage, and LoadMenu.
Posted on 2003-05-05 14:43:07 by f0dder
Hmmmm, i think we have a budding nex cr4x0r on the forum.....
Posted on 2003-05-05 18:12:25 by sluggy
Ya but I can tollerate f0dder ;)
Posted on 2003-05-05 20:51:48 by NaN
Yeah, i was thinking i should change the way i said that, i wasn't actually meaning f0dder :)
Posted on 2003-05-05 21:10:06 by sluggy
You got me wrong here. I dont think f0dder is any of the above... I was just trying to be funny... (i see i have successfully fallen on my face here ;) )
Posted on 2003-05-05 21:54:32 by NaN

Hmmmm, i think we have a budding nex cr4x0r on the forum.....

Indeed it smells fishy... but we go by "innocent until proven guilty", don't we? And there are legitimate reasons to do something like this. I remember a (failed :)) attempt at retrieving EXE version by providing a "getVersion" export and... well, it was a mess.
Posted on 2003-05-06 01:44:52 by f0dder
It's a fine line sometimes, and for those of us who ride the fence so to speak, well, we already have one foot squarely either side of that line in the sand... just because you can do something doesn't mean you should, but by the same token, knowledge is not inherently dangerous ... is it ? :grin:
Posted on 2003-05-07 23:55:23 by Homer
to do what he suggests, he would have to make his import/export loader, find the majic word etc get to the exports etc and find there addresses are and execute the code. of cource he might want to set protcetions on the sections.
Posted on 2003-05-08 00:03:42 by Qages
Iczelion's Tut 13 will expain alot with good examples.
Posted on 2003-05-08 00:18:07 by mrgone
As i have to share a computer, The person i share it with can't be trusted, and i don't wan't a virus, So i was trying to make an application like DAP(Download Accelerator Plus) Which knows when a file is being downloaded, so i was trying to inject a DLL into IE so i can stop downloads. CreateRemoteThread doesn't work as i'm 9x, so i used a differn't method, I think IE uses URLDownloadToFile. So i was lloking for various IAT Patching methods so i can Hook and Stop downloads. Maybe there is an easyer way, I only chose Injection to IE so i can log what the attempted download was.

Thats the reason i didn't wan't the logger dll being executed in the injector prog, as it would then crash.
Posted on 2003-05-08 10:26:40 by -=TM=-
UrlDownloadtoFile? Is that in win32 help file? I guess that's what used to store cookies and Tempory Internet files?
Posted on 2003-05-23 19:12:47 by mrgone
Where did you learn of this API?
Posted on 2003-05-23 19:19:31 by mrgone