Method and system for loading dynamic link library files

A dynamic link library and file loading technology, applied in the direction of program loading/starting, program control devices, etc., can solve problems such as imperfections

Active Publication Date: 2018-07-06
FUJIAN TQ DIGITAL
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But its disadvantage is that you can use the process management tool to see the loaded dll file name and file path
This is not perfect, because as long as the user looks at the module list, it is easy to find suspicious modules and get the full path of the dll, so the dll file is exposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for loading dynamic link library files
  • Method and system for loading dynamic link library files
  • Method and system for loading dynamic link library files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] Such as image 3 , shown in 4, embodiment one of the present invention is:

[0064] 1, read a target DLL file to internal memory: LPVOIDlpMem=ReadFileToMem (szDllFile);

[0065] 2. Load DLL directly from memory: MemoryLoadLibrary(lpMem);

[0066] (1) Check whether the target DLL is in normal PE format;

[0067] (2) The DLL is a file in PE format, and the PE header is located at a certain position of the offset in the PE file, and a memory block marked with MEM_COMMIT is allocated for the PE header of the DLL;

[0068] (3) Copy the PE header to the allocated memory block;

[0069] Specifically: read the PE header of the PE file, including the DOS header, PE header and Section header, to the newly allocated memory block;

[0070] (4) PE header updates imageBase information;

[0071] Specifically: windows loader will re-allocate a piece of space according to whether the loading address defined by ImageBase in the PE header is available, if it is already occupied by ot...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of dynamic link libraries, in particular to a method and system for loading dynamic link library files. The method includes: S100, reading a dynamic link library file, and loading the dynamic link library file into the preset first memory; S200, checking whether the dynamic link library file complies with the PE format; if the dynamic link library file If the file conforms to the PE format, then step S300 is executed; otherwise, the step ends, and an error is fed back to the dynamic link library file; S300, extract the PE header in the dynamic link library file according to the PE format, and load the PE header to the preset second memory. The PE loading is realized by loading the dynamic link library file complying with the PE format into the first memory, and then loading the PE header of the dynamic link library into the second memory.

Description

technical field [0001] The invention relates to the field of dynamic link libraries, in particular to a method and system for loading dynamic link library files. Background technique [0002] There are many ways to hide dynamic link library files. For example, the method of erasing links can make dynamic link library files disappear from the module list, but tools such as XT can still find traces of dynamic link library files in the driver layer, and the hidden effect not good. The XT mentioned above is XueTr, which is a well-received operating system management tool. It has functions such as processes, threads, process modules, process windows, process memory information viewing, hotkey information viewing, killing processes, killing threads, and uninstalling modules. [0003] (1) There are two main methods of remote thread injection. One is to directly copy the pre-injected code in the parent body to the target process address space, and then start the injected code. Once...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/445
Inventor 刘德建方振华何巍巍翁祖岚
Owner FUJIAN TQ DIGITAL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap