问题描述
由于这个问题说,我想在内存中,而不是将文件从一个位置加载DLL,同样给LoadLibrary(例)。我在WinAPI的不是专家,所以GOOGLE了一点,发现,然后在内存中的DLL可以复制到那里的文件和使用的LoadLibrary()。
当然这如果您计划部署此为某种产品,因为人们会注意到一个司机正在安装不是很实用,安装后重新启动和我的电脑下一个新的驱动器号。此外,这无助于真正隐藏自其只是在RAM驱动器坐在那里供大家观赏DLL。
Well, you can create a RAM Drive according to these instructions, then copy the DLL you can in memory to a file there and the use LoadLibrary().
Of course this is not very practical if you plan to deploy this as some kind of product because people are going to notice a driver being installed, a reboot after the installation and a new drive letter under My Computer. Also, this does nothing to actually hide the DLL since its just sitting there in the RAM Drive for everybody to watch.
我有兴趣有关的另一件事是,为什么你真的想这样做吗?也许最终结果可以通过比中从存储器DLL的其他一些其它手段来实现。例如使用时,二进制封隔器,如,你必须在磁盘上的DLL不同于的一个是最终执行。紧随DLL与调用LoadLibrary正常加载后,在解包踢并重写该DLL加载到与uncom pressed二进制文件(DLL头可确保有足够的分配空间)
Another thing I'm interested about is Why you actually want to do this? Perhaps your end result can be achieved by some other means other than Loading the DLL from memory. For instance when using a binary packer such as UPX, the DLL that you have on disk is different from the one that is eventually executed. Immediately after the DLL is loaded normally with LoadLibrary, The unpacker kicks in and rewrites the memory which the DLL is loaded to with the uncompressed binary (the DLL header makes sure that there is enough space allocated)
这篇关于从内存的位置加载DLL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!