Deeper inside DLL

Now get deeper inside DLL.

Basically, a DLL is a file on disk (usually with a DLL extension) consisting of global data, compiled functions, and resources, that becomes part of our process.

 

DLL is compiled to load at a preferred base address, and if there's no conflict with other DLLs, the file gets mapped to the same virtual address in client process.

 

A function table of DLL contains exported functions and the addresses of the functions within the DLL.

The exported functions are identified symbolic names and (optionally) by integers called ordinal numbers.

When the client program first loads the DLL, the dynamic linking process builds a table that connects the client's calls to the function addresses in the DLL by the symbols or ordinal.

In Win32, each process gets its own copy of the DLL's read/write global variables.

LIB file, which contains every DLL's exported symbols and (optionally) ordinals, but no code.

Each DLL in a process is identified by a unique 32-bit HINSTANCE value.

Instance handles are particularly important for loading resources. EXEs and DLLs can each have their own resources.