Windows如何调用新创建的DLL的入口函数

来源：互联网发布：淘宝一付款就交易关闭编辑：程序博客网时间：2024/05/01 10:52

1.Debug the MyNewDll project, try to know the calling style inwindows.

1. Calling stack

In SecMain.exe!SecNt32PeCoffRelocateImage, I call the LoadLibrary tocall the library.

In MyNewDll.dll!DllMain, it call the DllMain function in my MyNewDllproject.

$Machine generated alternative text: BOOL WINAPI_DllMainCRTStartup(HANDLE hDllHandle,DWORD dwReason,LPVOID lpreserved)if (dwReason == DLL_PROCESS_ATTACH){It* The /65 security cookie must be initialized before any exception* handling targetting the current image is registered. No function* using exception handling can be called in the current image until* after _security_mit_cookie has been called.*1__security_init_cookiet3;yreturn _DllMainCRTStartup(hDllHandle, dwReason, lpreserved);$

2.Calling from _DllMainCRTStartup to __DllMainCRTStartup

$Machine generated alternative text: _declspec(noinline)800L _cdecl_DllMainCRTStartup(HANDLE hDllHandle,DWORD dwReason,LPVOID lpreserved){BOOL retcode = TRUE;_try (_native_dllmain_reason = dwReason;_t ry{ft* If this is a process detach notification, check that there has* been a prior process attach notification.t?if ( (dwReason == DLI_PROCESS_DETACH) && (_proc_attached == 0) ) (retcode = FALSE;_leave;}if ( dwReason == DLL_PROCESS_ATTACH II dwReason == DLL_THREAD_ATTACH ) (if ( _pRawDllMain )retcode = (t_pRawDllMain)(hDllHandle, dwReason, lpreserved);if ( retcode )retcode = _CRT_INIT(hDllHandle, dwReason, lpreserved);if ( !retcode )_leave;}retcode = DllMain(hDllHandle, dwReason, lpreserved);$

3.Calling from __DllMainCRTStartup to DllMain

From the page 2-3, we can see the function name is hard code inwindows code, so you must use these names to make windows can find the functionit want to call when call LoadLibrary function.

In Our code, we just implement the _DllMainCRTStartup function andreturn TRUE to make the LoadLibrary function always return success.

$Machine generated alternative text: Dump of file C:\Users\ydonglO\Documents\Visual Studio 2008\Projects\MyNewDll\Debug\Mynewdll.dllPE signature foundFile Type: DLLFILE HEADER VALUES14C machine (x86)7 number of sections4F544905 time date stamp Mon Mar 05 13:03:01 2012O file pointer to symbol tableO number of symbolsED size of optional header2102 characteristicsExecutable32 bit word machineDLLOPTIONAL HEADER VALUES10E magic * (PE32)9.00 linker version3400 size of code3E00 size of initialized datao size of uninitialized data11OCS entry point (100110C8) @ILT+195( DllMainCRTStartup@12)I$

4. PE header info (High light the entry point field)

Also in our test, when the function name is not _DllMainCRTStartupin PE's Entry Point field, it also canbe call in. so in windows, it not hard code about the entry point functionname. I think it get the entry point name from this filed, so we just registerthe entry function name here to make windows can call in.