ICZelion TUT17

Tutorial 17: Dynamic Link Libraries

In this Tutorial, We Well Learn About Dlls, What Are The And How To Create Them.

You Can Download The Example

Here.

Theory: If you program long enough, you'll find that the programs you wrote usually have some code routines in common It's such a waste of time to rewrite them everytime you start coding new programs Back in the old days of DOS, programmers.. store those commonly used routines in one or more libraries. When they want to use the functions, they just link the library to the object file and the linker extracts the functions from the library and inserts them into the final executable file. This process is called static linking. C runtime libraries are good examples. The drawback of this method is that you have identical functions in every program that calls them. Your disk space is wasted storing several identical copies of the functions. But for DOS programs, this method is quite Acceptable Since The Usually Only One Program That's Active In Memory. sore is no waste of precious memory.

Under Windows, the situation becomes much more critical because you can have several programs running simultaneously Memory will be eat up quickly if your program is quite large Windows has a solution for this type of problem:... Dynamic link libraries A dynamic link library is a kind of common pool of functions. Windows will not load several copies of a DLL into memory so even if there are many instances of your program running at the same time, there'll be only one copy of the DLL that program uses in memory . And I should clarify this point a bit. in reality, all processes that use the same dll will have their own copies of that dll. It will look like there are many copies of the DLL in memory. But in reality, Windows does it magic with paging and all processes share the same DLL code.So in physical memory, there is only one copy of DLL code. However, each process will have its own unique data section of the DLL.The program links to a DLL at runtime unlike The old static library. Tha t's why it's called dynamic link library. You can also unload a DLL at runtime as well when you do not need it. If that program is the only one that uses the DLL, it'll be unloaded from memory immediately. But if the Dll is Still Used by Some Other Program, The DLL Remains in Memory Until The Last Program That Uses ITS Service Unloads IT.

However, the linker has a more difficult job when it performs address fixups for the final executable file. Since it can not "extract" the functions and insert them into the final executable file, somehow it must store enough information about the DLL and functions into the Final Execuable File for It To Be Aable To Locate and Load The Correct DLL At Runtime.

That's where import library comes in. An import library contains the information about the DLL it represents. The linker can extract the info it needs from the import libraries and stuff it into the executable file. When Windows loader loads the program into memory, it sees that the program links to a DLL so it searches for that DLL and maps it into the address space of the process as well and performs the address fixups for the calls to the functions in the DLL.You may choose to load the DLL yourself without relying On Windows Loader. This Method Has ITS PROS AND CONS:

It does not need an import library so you can load and use any DLL even if it comes with no import library. However, you still have to know about the functions inside it, how many parameters they take and the likes. When you let the loader load the DLL for your program, if the loader can not find the DLL it will report "A required .DLL file, xxxxx.dll is missing" and poof! your program does not have a chance to run even if that DLL is not essential to its operation. If you load the DLL yourself, when the DLL can not be found and it's not essential to the operation, your program can just tell the user about the fact and go on. you can call * undocumented * functions that are not included in the import libraries. Provided that you know enough info about the functions. If you use LoadLibrary, you have to call GetProcAddress for every function that you want to call. GetProcAddress retrieves the entrypoint address of a function in a particular DLL. So Your Code Might Be a little bit laarger and sl Ower But by Not Much. Seeing The Advantages / Disadvantages of LoadLibrary Call, We Go Into Detail How To Create A DLL Now.

The following code is the dll skeleton. ;: --------------------------------------------------------- -------------------------------------------; Dllskeleton.asm; -------------------------------------------------- ------------------------------------ .386 .Model flat, stdcall option caseMap: none incrude / masm32 / IncludE/Windows.incinc include /masm32/include/User32.inc include /masm32/include/kernel32.inc includelib /masm32/lib/user32.lib incrudelib /masm32/lib/kernel32.lib

Sign, Reserved1: DWord, Reserved1: DWord Mov EAX, True Ret DLlentry Endp; ----------------------------------------------------------------------------------- -------------------------------------------------- ------------------------; this is a dummy function; it does nothing. I put it here to show where you can insert functions Into; A DLL -------------------------------------- -------------------------------------------------- - TestFunction Proc Ret TestFunction ENDP

End dllenTry

; ------------------------------------------------- ------------------------------------; Dllskeleton.def; --------- -------------------------------------------------- -------------------------- Library Dllskeleton Exports TestFunction

The Above Program Is The DLL Skeleton. EVERY DLL MUST HAVE AN EntryPoint Function. Windows Will Call The Entries:

The DLL IS First Loaded The DLL IS Unloaded A Thread Is Created in The Same Process A Thread Is Destroyed in The Same Process

DLlentry Proc Hinstdll: Hinstance, Reason: DWORD, RESERVED1: DWORD

Mov Eax, True

RET

DLLLENTRY ENDP

You can name the entrypoint function anything you wish so long as you have a matching END . This function takes three parameters, only the first two of which are important. HInstDLL is the module handle of the DLL. It's not the same as the instance handle of the process you should keep this value if you need to use it later you can not obtain it again easily reason can be one of the four values:... DLL_PROCESS_ATTACH The DLL receives this value when it is first injected into the process address space. You can use this opportunity to do initialization. DLL_PROCESS_DETACH The DLL receives this value when it is being unloaded from the process address space. You can use this opportunity to do some cleanup such as deallocate memory and so on. DLL_THREAD_ATTACH The DLL receives this value when the process creates a new thread. DLL_THREAD_DETACH The DLL receives this value when a thread in the process is destroyed. you return TRUE in eax if you want the DLL to go on run ning. If you return FALSE, the DLL will not be loaded. For example, if your initialization code must allocate some memory and it can not do that successfully, the entrypoint function should return FALSE to indicate that the DLL can not run.

You can put your functions in the DLL following the entrypoint function or before it. But if you want them to be callable from other programs, you must put their names in the export list in the module definition file (.def).

.

Library Dllskeleton Exports TestFunction

Normally you must have the first line.The LIBRARY statement defines the internal module name of the DLL. You should match it with the filename of the DLL. The EXPORTS statement tells the linker which functions in the DLL are exported, that is, callable from . other programs in the example, we want other modules to be able to call TestFunction, so we put its name in the EXPORTS statement Another change is in the linker switch You must put / DLL switch and / DEF:.. in Your Linker Switches Like this: Link / DLL / Subsystem: Windows /Def: DLLSKELETON.DEF / LIBPATH: C: / MASM32 / LIB DLLSKELETON.OBJ

The assembler switches are the same, namely / c / coff / Cp. So after you link the object file, you will get .dll and .lib. The .lib is the import library which you can use to link to other programs that use The Functions in the DLL. Next I'll show you how to use loadlibrary to load a dll.

; ------------------------------------------------- --------------------------------------------; Usedll.asm; -------------------------------------------------- ----------------------------------------- .386 .Model flat, stdcall option casemap: none include /masm32/include/windows.inc include /masm32/include/user32.inc include /masm32/include/kernel32.inc includelib /masm32/lib/kernel32.lib includelib /masm32/lib/user32.lib

.data libname db "dllskeleton.dll", 0 functionName DB "testhello", 0 dllnotfound db "cannot loading library", 0 Appname DB "Load Library", 0 functionNotFound DB "Testhello function not found", 0

.DATA? HLIB DD?; TESTHELLOADDR DD?; The Address of The Testhello Function

. Code Start: Invoke LoadLibrary, AddR Libname; ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -------------------------------------------------- ---------------; Call Loadlibrary with the name of the desired dll; if the call is success, iprary (dll). If not, IT Will Return NULL; You CAN Pass The Library Handle To GetProcaddress or Any Function That Requires; A Library Handle As a parameter.; -------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- ------------------------------ .if Eax == Null Invoke Messagebox, Null, AddR Dllnotfound, Addr Appname, MB_OK .ELSE MOV HLIB, EAX INVOKE GETPROCADISS, HLIB, ADDR FUNCTIONNAME; -------------------------------------------------------------------------------------------------------------- -------------------------------------------------- -----------------------; WHEN You get the library handle, you pass it to getprocaddress with the address; of the name of the function in That DLL you Want to call. IT returns the address; of the function if successful Otherwise, it returns NULL;. Addresses of functions do not change unless you unload and reload the library;. So you can put them in global variables for future use;. ----- -------------------------------------------------- -------------------------------------------------- --- .if Eax == Null Invoke Messagebox, Null, Addr FunctionNotfound, Addr Appname, MB_OK .ELSE MOV TESTHELLOADDR, EAX CALL [TESTHELLOADDR]; ----------------- -------------------------------------------------- ----------------------------------------;

NEXT, you can call the function with a simple call with the variable containing; The address of the function as the operand.; ------------------------ -------------------------------------------------- ----------------------------------- .ndif Invoke freeelibrary, hlib; -------- -------------------------------------------------- -------------------------------------------------- -; WHEN you don't need the library anymore, unload it with freeelibrary.; ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- --------------------------- .ndif Invoke EXITPROCESS, NULL End Startso You Can See Using Loadlibrary Is A Little More Involved But It's Also More Involved But it's Also More Flexible.