I know this subject has been talked about before but i hope im going at another angle then others but it most likelly not and original idea..

as you all know people ask all the time on how to load a dll directly from the exe with out a having to creating it as a file...

I figure at some point in time the dll has to be loaded into memory and pointed to by an address...

When you run LoadLibraryA it then runs
LoadLibraryExA and then LoadLibraryExW

A is for testing the Ansi Strings namelly the dll dir and name... then
W for unicode testing of the Dir and dll name

Then it Runs another api called LdrEnumerateLoadedModules which seems to point to the base address of 00400000

eventually it runs the rest of these
LdrLoadDll
LdrProcessRelocationBlock
LdrQueryApplicationCompatibilityGoo
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrRelocateImage

the only problem im having is that these are mostly undocumented API's

is there a place that does have them documented..
Posted on 2003-09-10 04:56:05 by devilsclaw
I think Matt Pietrek had an article about that in an MSDN journal, maybe you can find a link to it on his site
Posted on 2003-09-10 05:31:21 by Hiroshimator
thanks i will take a look there..
Posted on 2003-09-10 12:23:18 by devilsclaw
Some of these api are documented on undocumented.ntinternals.net
Often, it's not a real, full documentation as you could expect in msdn, but it could help.
Posted on 2003-09-14 06:35:38 by Chrishka
thanks.. thanks alot. i took a look at the site and it seems it might be what i was looking for...
Posted on 2003-09-14 12:42:01 by devilsclaw
this looks like what i need..


LdrLoadDll


NTSYSAPI
NTSTATUS
NTAPI
LdrLoadDll(

IN PWCHAR PathToFile OPTIONAL,
IN ULONG Flags OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE ModuleHandle );






Flags
See WINAPI LoadLibraryEx for possibbilitied flags.

ModuleHandle
Address of MZ header in virtual memory of caller's process.
Posted on 2003-09-14 14:07:19 by devilsclaw
Glad I could help you.
Posted on 2003-09-14 14:14:21 by Chrishka
yeah thanks again..
Posted on 2003-09-14 14:15:32 by devilsclaw