LoadLibrary from byte array?
How would I go about using an array of bytes containing binary data to find the address of a function located in that data. For example, I compile a DLL with the function "Squared( int a, int b )" but all I have is the array of bytes that make up the DLL. How would I go about finding the address of "Squared"?
This is a non-trivial exercise. You could try the instructions here, but honestly it's just easier to have it as a separate file.
Why not just store the byte array to a temporary dll file and load that file?
Some single exe tools (such as RegMon from sysinternal, if I remember correct) does same to load drivers.
Some single exe tools (such as RegMon from sysinternal, if I remember correct) does same to load drivers.
I worded my question pretty badly, I want to get the address of a function stored in a DLL through a byte array. This is absolutely 100% for learning purposes which is why I don't want to use a blatantly simpler method. There are 100 ways I know how to do this differently but I want to learn how to do it this specific way.
DWORD GetAddressFromBinary( unsigned char *pData )
{
// Sort through data here
HMODULE MemDll = reinterpret_cast<HMODULE>pData;
DWORD Address = GetProcAddress( MemDll, "TestFunction" );
return Address;
}
int main( unsigned char *pData )
{
// Read file for array of bytes
unsigned char *pData = ReadFile(/*Parameters here*/);
GetAddressFromBinary( pData );
}
Then you only want to get the function address? Then you need to learn PE format.
An In-Depth Look into the Win32 Portable Executable File Format
Also google for more articles.
An In-Depth Look into the Win32 Portable Executable File Format
Also google for more articles.
Thanks, keep the information coming guys.
I am incredibly interested in learning Windows programming bottom to top and this is one of the things at the moment that I'm most interested in learning.
I am incredibly interested in learning Windows programming bottom to top and this is one of the things at the moment that I'm most interested in learning.
HMODULE MemDll = reinterpret_cast<HMODULE>pData;
[/quote]
No. Just... no.
A HMODULE is a handle. A handle is an opaque type given to you by an API. You're not supposed to assume anything about it. You are assuming that it is a pointer to the first byte in memory of a loaded DLL.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement