In-Depth Explanation of LoadLibrary

Anne Wilcoxen 46 Reputation points
2020-12-06T23:37:33.123+00:00

As part of a learning process I want to emulate the loading of a DLL without the use of LoadLibraryW().
I already fully parse PE files, and I want to go on an educational journey using all of this loaded data to create an in-memory footprint that could actually be executed.

I am aware that first PE files get loaded (usually at specific addresses), then expanded to align with sections, certain sections are then initialized to 0, then you will adjust any offsets according to the base relocations if applicable, determine a thread stack size, determine the entry point, etc., etc.
You would have to fully handle the DLL_PROCESS_ATTACH, DLL_THREAD_ATTACH, etc. if applicable, and so on.

I basically know all of the major steps but I would like a more detailed walk-through of the whole process to make sure I don’t miss any steps and handle all the edge cases etc.
I don’t need to go so detailed as to handle DONT_RESOLVE_DLL_REFERENCES and friends but who knows, maybe I will get that far lost in the woods.

So all I would like is to know of the best resource(s) where this whole process is outlined/documented.

Thank you,
L. Spiro

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,405 questions
0 comments No comments
{count} votes

2 additional answers

Sort by: Most helpful
  1. Anne Wilcoxen 46 Reputation points
    2020-12-07T00:29:54.447+00:00

    I have found this but am still interested in other resources.
    https://www.codeproject.com/Tips/430684/Loading-Win-DLLs-manually-without-LoadLibrary

    L. Spiro

    0 comments No comments

  2. Anne Wilcoxen 46 Reputation points
    2020-12-07T02:54:55.787+00:00

    That looks about detailed enough. Thank you!

    L. Spiro

    0 comments No comments