Question

I have an executable that needs a dll file for dependencies. I wonder if it's possible to actually patch a PE file that needs the dll that would read the entry point from a pointer which is located either in memory or in a resource. If this would be possible how can I do it?

Thanks for your help :)

Was it helpful?

Solution

It's not simply an entry point in the DLL that the dependent executable needs. The DllMain is simply invoked by the system (PE loader) when the DLL is loaded. The dynamic loader resolves imported addresses in structures like the Import Address Table and at runtime the application can even resolve addresses dynamically via GetProcAddress.

It is theoretically possible to relocate/base the DLL to some unused part of memory and patch all references to its functions to the relocated code but this is extremely difficult and would require an intimate understanding of the OS. I'm not sure what kind of answer you are looking for. The steps required to achieve this? It would be highly non-trivial and I'm not aware it has been done before (the closest I've seen is ILMerge which is for .NET assemblies). Essentially you are transforming the code to the equivalent of if the DLL had been statically linked at compile time.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top