I need a C++ sample source code for loading a DLL from memory and to get its 
proc addresses.

It should be something like �
HMEMORYMODULE MemoryLoadLibrary(const void *);
FARPROC MemoryGetProcAddress(HMEMORYMODULE, const char *);

"Yoavo" <yoav@cimatron.co.il> wrote in message 
news:i6nolj$br5$1@speranza.aioe.org...
>I need a C++ sample source code for loading a DLL from memory and to get 
>its proc addresses.
>
> It should be something like �
> HMEMORYMODULE MemoryLoadLibrary(const void *);
> FARPROC MemoryGetProcAddress(HMEMORYMODULE, const char *);

http://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/

.... but it is probably far easier to save it as a temp file and load it from 
there.... 

I need to load the dll from memory for security reasons. writing to temp 
file is much easier for hackers to find the DLL.

I've tried the code in your link few days ago, but the problem with it is 
that it is aimed for 32Bit DLL's only and our application support also 
64Bit.

Thank You

"Preben Friis" <noone@technologist.com> wrote in message 
news:i6omef$bfk$1@speranza.aioe.org...
> "Yoavo" <yoav@cimatron.co.il> wrote in message 
> news:i6nolj$br5$1@speranza.aioe.org...
>>I need a C++ sample source code for loading a DLL from memory and to get 
>>its proc addresses.
>>
>> It should be something like �
>> HMEMORYMODULE MemoryLoadLibrary(const void *);
>> FARPROC MemoryGetProcAddress(HMEMORYMODULE, const char *);
>
> http://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
>
> ... but it is probably far easier to save it as a temp file and load it 
> from there.... 

"Yoavo" <yoav@cimatron.co.il> wrote in message 
news:i6pt9q$pu7$1@speranza.aioe.org...
>I need to load the dll from memory for security reasons. writing to temp 
>file is much easier for hackers to find the DLL.

If you lock it for reading and make it auto-delete once the handle 
dissapears then it is really hard to get hold of - even if you find it.

> I've tried the code in your link few days ago, but the problem with it is 
> that it is aimed for 32Bit DLL's only and our application support also 
> 64Bit.

Your orignal question did not state what you already tried - neither that 
you needed 64-bit support.
http://blogs.msdn.com/b/oldnewthing/archive/2010/04/21/9999675.aspx

Extending the existing code sample from 32 to 64 bit should be trivial.

/Preben Friis 

Sorry I forgot to mention that I've already used your suggested code.

Lock the DLL won't help much since the hacker can restart the computer (or 
someting similar) before the dll is deleted and the handle to dll will be 
free for copy.

Extending the existing code sample to 64bit doesn't seems trivial - he is 
using winnt structures that not exist in the 64Bit of winnt


"Preben Friis" <noone@technologist.com> wrote in message 
news:i6qj5q$klb$1@speranza.aioe.org...
> "Yoavo" <yoav@cimatron.co.il> wrote in message 
> news:i6pt9q$pu7$1@speranza.aioe.org...
>>I need to load the dll from memory for security reasons. writing to temp 
>>file is much easier for hackers to find the DLL.
>
> If you lock it for reading and make it auto-delete once the handle 
> dissapears then it is really hard to get hold of - even if you find it.
>
>> I've tried the code in your link few days ago, but the problem with it is 
>> that it is aimed for 32Bit DLL's only and our application support also 
>> 64Bit.
>
> Your orignal question did not state what you already tried - neither that 
> you needed 64-bit support.
> http://blogs.msdn.com/b/oldnewthing/archive/2010/04/21/9999675.aspx
>
> Extending the existing code sample from 32 to 64 bit should be trivial.
>
> /Preben Friis 

On 15/09/2010 15:27, Yoavo wrote:
> Sorry I forgot to mention that I've already used your suggested code.
>
> Lock the DLL won't help much since the hacker can restart the computer
> (or someting similar) before the dll is deleted and the handle to dll
> will be free for copy.

There is nothing you can do to stop them accessing it once you give them 
the executable.
They can extract it fromt he same place your code will, or it's trivial 
to get the data from the processes memory space once you've loaded it.

If you don't want them to have access to the DLL, don't send them 
anything with the DLL in.

-- 
Dee Earley (dee.earley@icode.co.uk)
i-Catcher Development Team

iCode Systems

(Replies direct to my email address will be ignored.
Please reply to the group.)