Comments (5)
I'm also trying to load multiple DLLs, and adapting code to setup struct to save info for dedicated DLL, instead of global varibles such as pe_exports
and num_pe_exports
.
At last, I'm trapped by a global struct pe_image image
, required by Exception.c
of x64 branch but not in x86.
@cube0x8 Could you please kindly clarify that why this struct is required in x64 implementation and how to fix this issue? And, if I have two dlls(target1.dll
and target2.dll
), is it possible to load these dlls in one process?
Thanks and looking forward your reply!
from loadlibrary.
I've just noticed that this issue has never been addressed. Sorry for this.
-
I am reasonably sure that loadlibrary is not meant to allow the loading of multiple DLLs.
Despite thelink_pe_images
API was originally designed for this purpose (that's why it takes, as arguments, an array of images and the number of images to link), actually it's not providing this capability now. As @juju812 correctly stated, the exports of a library are stored in thepe_exports
global variable, which gets overwritten at each iteration if you're linking multiple libraries (see here). In the end you will get anum_pe_exports
which will sum up all the exports in all the DLLs, but thepe_exports
variable will be inconsistent. All of this will subsequently leads to the SIGSEGV @posutsai reported. -
In the x64 version of loadlibrary, the SEH support is completely changed from its original x86 version. I won't get too much in detail here, but long story short: there are functions in the
Exception.c
file of thepeloader
library that will need the base address of the loaded library to work correctly, that's why I moved that struct as global in the x86_64 version.
I'm also trying to load multiple DLLs, and adapting code to setup struct to save info for dedicated DLL, instead of global varibles such as pe_exports and num_pe_exports.
I don't want to jump on conclusions for this, since I am not the owner of the project and this is not my call, but to be able to load and link multiple DLLs you will need to make radical changes to the framework, which I guess are out of the scope of the project itself, since loadlibrary provides a set of API to load a single self-contained DLL mostly for fuzzing purposes.
from loadlibrary.
Hi, I commented out SEH functions in Exception.c
and finally I can load two simple DLLs in one executable. Demo can be found here.
What I've done is just to introduce the pe_handle
struct, save pe_exports
of each DLL seperately, and adapt APIs affected.
I believe there's potential problems, for my demo is so simple that there's no dependency of any kernel32 API.
@cube0x8 @taviso, could you please help to figure out if this approach is feasible and how much further work is needed?
Thanks and looking forward your reply!
from loadlibrary.
Hi,
It sounds like a good approach to me.
I guess you will need to modify some of the peloader APIs, but that should be quite simple and straightforward.
For example, if you are using the x86_64 version, you will have to modify the exception handling routine to look for the RUNTIME_FUNCTION
entries in each of the loaded DLLs. A quick solution that comes to my mind is to store the pe_handle
structures in a global list and then call RtlPcToFileHeader
on all of them.
from loadlibrary.
Hi juju812 how can i clone your files and compile .
from loadlibrary.
Related Issues (20)
- APIs patching fails with selinux enabled
- mpclient: failed to resolve function HOT 16
- __rsignal(RSIG_BOOTENGINE) returned failure, missing definitions? HOT 13
- scan(): __rsignal(RSIG_SCAN_STREAMBUFFER) returned failure, file unreadable HOT 2
- Engine version 1.349.149.0 (2021/09/04) breaks mpclient HOT 2
- Replacing a thiscall function HOT 1
- Trying to load library and link to module HOT 2
- Is there any way to load a dll depends on msvcrt*.dll
- About msvc##.dll solution
- mpclient fails with latest defender update. HOT 2
- Trace/breakpoint trap (core dumped) HOT 2
- lastest windows defender can't work
- Segmentation fault at fixup_reloc HOT 3
- mpclient: function at 0x5a741c8a attempted to call an unknown symbol HOT 6
- Trace/breakpoint trap - error/unknown symbol HOT 2
- Possible to check the virus database version and timestamp?
- MPClient - No debugging symbols found HOT 1
- Engine version 1.339.932.0 (2021/05/18) breaks mpclient HOT 3
- Take care of floating point registers during calling convention switches
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loadlibrary.