Back to General and Gameplay Programming

LoadLibrary from byte array?

General and Gameplay Programming Programming

Started by thenoobie August 10, 2011 11:57 PM

12 comments, last by L. Spiro 12 years, 8 months ago

thenoobie

100

Author

August 10, 2011 11:57 PM

How would I go about using an array of bytes containing binary data to find the address of a function located in that data. For example, I compile a DLL with the function "Squared( int a, int b )" but all I have is the array of bytes that make up the DLL. How would I go about finding the address of "Squared"?

ApochPiQ

23,138

August 11, 2011 12:01 AM

How long is the array? What format is the data in it expressed in?

Wielder of the Sacred Wands
[Work - ArenaNet] [Epoch Language] [Scribblings]

thenoobie

100

Author

August 11, 2011 12:21 AM

The array is 126,462 bytes and it's a DLL binary file.

SiCrane

11,840

August 11, 2011 12:28 AM

This is a non-trivial exercise. You could try the instructions here, but honestly it's just easier to have it as a separate file.

thenoobie

100

Author

August 11, 2011 12:31 AM

Thanks a lot for the link, I really appreciate the help.

wqking

778

August 11, 2011 03:05 AM

Why not just store the byte array to a temporary dll file and load that file?
Some single exe tools (such as RegMon from sysinternal, if I remember correct) does same to load drivers.

https://www.kbasm.com -- My personal website

https://github.com/wqking/eventpp eventpp -- C++ library for event dispatcher and callback list

https://github.com/cpgf/cpgf cpgf library -- free C++ open source library for reflection, serialization, script binding, callbacks, and meta data for OpenGL Box2D, SFML and Irrlicht.

thenoobie

100

Author

August 11, 2011 03:21 AM

I worded my question pretty badly, I want to get the address of a function stored in a DLL through a byte array. This is absolutely 100% for learning purposes which is why I don't want to use a blatantly simpler method. There are 100 ways I know how to do this differently but I want to learn how to do it this specific way.





DWORD GetAddressFromBinary( unsigned char *pData )

{

	// Sort through data here

	HMODULE MemDll = reinterpret_cast<HMODULE>pData;

	DWORD Address = GetProcAddress( MemDll, "TestFunction" );



	return Address;

}



int main( unsigned char *pData )

{

	// Read file for array of bytes

	unsigned char *pData = ReadFile(/*Parameters here*/);

	GetAddressFromBinary( pData );

}

wqking

778

August 11, 2011 03:28 AM

Then you only want to get the function address? Then you need to learn PE format.

An In-Depth Look into the Win32 Portable Executable File Format

Also google for more articles.

https://www.kbasm.com -- My personal website

https://github.com/wqking/eventpp eventpp -- C++ library for event dispatcher and callback list

https://github.com/cpgf/cpgf cpgf library -- free C++ open source library for reflection, serialization, script binding, callbacks, and meta data for OpenGL Box2D, SFML and Irrlicht.

thenoobie

100

Author

August 11, 2011 03:30 AM

Thanks, keep the information coming guys.

I am incredibly interested in learning Windows programming bottom to top and this is one of the things at the moment that I'm most interested in learning.

rip-off

11,000

August 11, 2011 08:18 AM

HMODULE MemDll = reinterpret_cast<HMODULE>pData;
[/quote]
No. Just... no.

A HMODULE is a handle. A handle is an opaque type given to you by an API. You're not supposed to assume anything about it. You are assuming that it is a pointer to the first byte in memory of a loaded DLL.

blog | twitter

LoadLibrary from byte array?

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

LoadLibrary from byte array?

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines