Original address: https://www.cnblogs.com/westsoft/p/5936092.html
Dynamic loading DLL
dynamic loading means that you do not know which DLL functions will be called before compiling, and decide which functions should be called according to needs during the running process.
The method is: use the LoadLibrary function to load the dynamic link library into the memory, and use the GetProcAddress function to dynamically obtain the entry address of the DLL function. When a DLL file is explicitly loaded with LoadLibrary, it can be explicitly unloaded from memory at any time by calling the FreeLibrary function.
There are three main Windows API functions used for dynamic call, namely LoadLibrary, GetProcAddress and FreeLibrary.
We will introduce the functions of these three functions in detail, because these three functions are very commonly used whether learning programming or reverse engineering.
(1) LoadLibrary function
Note: Delphi also provides the SafeLoadLibrary function, which encapsulates the Loadlibrary function and can load WindowsDLL or Linux shared objects specified by the Filename parameter. It simplifies DLL loading and makes loading more secure.
[Format]:
- function LoadLibrary(LibFileName : PChar): Thandle;
[Function]: Load the DLL file specified by the parameter LibFileName.
[Description]: The parameter LibFileName specifies the name of the DLL file to be loaded. If LibFileName does not contain a path, the system will follow: current directory, Windows directory, Windows system directory, directory containing the executable file of the current task, listed in the PATH environment variable Find files sequentially in directories, etc.
If the function operation is successful, it will return the instance handle of the loaded DLL library module, otherwise, it will return an error code, the definition of the error code is shown in the following table.
|
error code
|
meaning
|
| 0 | Insufficient system memory, executable file is corrupted or called illegally |
| 2 | file not found |
| 3 | path not found |
| 5 | Attempt to dynamically link a task error or have a share or network protection error |
| 6 | Libraries need to create separate data segments for each task |
| 8 | Not enough memory to start the application |
| 10 | Incorrect Windows version |
| 11 | The executable is illegal or not a Windows application, or has a bug in the .EXE image |
| 12 | The application is designed for a different operating system (eg OS/2) |
| 13 | Application designed for MS DOS 4.0 |
| 14 | The type of the executable is not known |
| 15 | Attempting to load a real-mode application (designed for earlier Windows versions) |
| 16 | Attempt to load a second instance of an executable that contains multiple data segments that are writable |
| 19 | Attempt to load a compressed executable (file must be decompressed before it can be loaded) |
| 20 | Illegal DLL file |
| 21 | Application requires 32-bit extensions |
If other applications have loaded the DLL into memory before using the LoadLibrary function to load a DLL in the application, the system will no longer load another instance of the DLL, but make the "reference" of the DLL. Count" plus 1.
(2) GetProcAddress function
[format]:
- function GetProcAddress(Module:Thandle; ProcName:PChar): TfarProc;
[Function]: Returns the entry address of the procedure or function specified by the parameter ProcName in the module specified by the parameter Module.
[Explanation]: The parameter Module contains the DLL handle of the called function. This value is returned by LoadLibrary. ProcName
is a pointer to a nil-terminated string containing the function name, or it can be the sequence value of the function, but in most cases, use Function names are a safer choice. If the function executes successfully, it returns the entry address of the procedure or function specified by the parameter ProcName in the DLL, otherwise it returns nil.
(3) FreeLibrary function
[format]:
- procedure FreeLibrary(Module: Thandle);
[Description]: Unload the DLL file specified by the parameter Module from the memory once.
[Description]: Module is the handle of the DLL library. This value is returned by LoadLibrary. Since the DLL is loaded only once in memory, the call to FreeLibrary first decrements the DLL's reference count by 1, and unloads the DLL if the count is decremented to 0.
[Note]: The FreeLibrary function should be called every time the LoadLibrary function is called to ensure that no redundant library modules remain in the memory after the application ends, otherwise it will cause memory leaks.