Dynamic link library file loading method and dynamic link library file loading system

A technology of dynamic link library and file loading, which is applied in the direction of program loading/starting, program control devices, etc., and can solve problems such as imperfections

Active Publication Date: 2015-06-03
FUJIAN TQ DIGITAL
View PDF8 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But its disadvantage is that you can use the process management tool to see the loaded dll file name and file path
This is not perfect, because as long as the user looks at the module list, it is easy to find suspicious modules and get the full path of the dll, so the dll file is exposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic link library file loading method and dynamic link library file loading system
  • Dynamic link library file loading method and dynamic link library file loading system
  • Dynamic link library file loading method and dynamic link library file loading system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] Such as image 3 , shown in 4, embodiment one of the present invention is:

[0064] 1, read a target DLL file to internal memory: LPVOIDlpMem=ReadFileToMem (szDllFile);

[0065] 2. Load DLL directly from memory: MemoryLoadLibrary(lpMem);

[0066] (1) Check whether the target DLL is in normal PE format;

[0067] (2) The DLL is a file in PE format, and the PE header is located at a certain position of the offset in the PE file, and a memory block marked with MEM_COMMIT is allocated for the PE header of the DLL;

[0068] (3) Copy the PE header to the allocated memory block;

[0069] Specifically: read the PE header of the PE file, including the DOS header, PE header and Section header, to the newly allocated memory block;

[0070] (4) PE header updates imageBase information;

[0071] Specifically: windows loader will re-allocate a piece of space according to whether the loading address defined by ImageBase in the PE header is available, if it is already occupied by ot...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of a dynamic link library, and particularly relates to a dynamic link library file loading method and a dynamic link library file loading system. The method comprises the steps: S100, reading a dynamic link library file, and loading the dynamic link library file to a preset first memory; S200, checking whether the dynamic link library file conforms to a PE format or not; executing the step S300 if the dynamic link library file conforms to the PE format; otherwise, ending the step, and feeding back the error of the dynamic link library file; S300, extracting a PE head in the dynamic link library file according to the PE format, and loading the PE head to a preset second memory. According to the method, the dynamic link library file conforming to the PE format is loaded to the first memory, and the PE head of the dynamic link library file is loaded to the second memory, so that the PE loading is realized.

Description

technical field [0001] The invention relates to the field of dynamic link libraries, in particular to a method and system for loading dynamic link library files. Background technique [0002] There are many ways to hide dynamic link library files. For example, the method of erasing links can make dynamic link library files disappear from the module list, but tools such as XT can still find traces of dynamic link library files in the driver layer, and the hidden effect not good. The XT mentioned above is XueTr, which is a well-received operating system management tool. It has functions such as processes, threads, process modules, process windows, process memory information viewing, hotkey information viewing, killing processes, killing threads, and uninstalling modules. [0003] (1) There are two main methods of remote thread injection. One is to directly copy the pre-injected code in the parent body to the target process address space, and then start the injected code. Once...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/445
Inventor 刘德建方振华何巍巍翁祖岚
Owner FUJIAN TQ DIGITAL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap