This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 41%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
As part of a learning process I want to emulate the loading of a DLL without the use of LoadLibraryW().
I already fully parse PE files, and I want to go on an educational journey using all of this loaded data to create an in-memory footprint that could actually be executed.
I am aware that first PE files get loaded (usually at specific addresses), then expanded to align with sections, certain sections are then initialized to 0, then you will adjust any offsets according to the base relocations if applicable, determine a thread stack size, determine the entry point, etc., etc.
You would have to fully handle the DLL_PROCESS_ATTACH, DLL_THREAD_ATTACH, etc. if applicable, and so on.
I basically know all of the major steps but I would like a more detailed walk-through of the whole process to make sure I don’t miss any steps and handle all the edge cases etc.
I don’t need to go so detailed as to handle DONT_RESOLVE_DLL_REFERENCES and friends but who knows, maybe I will get that far lost in the woods.
So all I would like is to know of the best resource(s) where this whole process is outlined/documented.
Thank you,
L. Spiro
A pretty detailed source of information is available in connection with reactos.org.
One starting point might be the source at dll_2win32_2kernel32_2client_2loader_8c.html
I have found this but am still interested in other resources.
https://www.codeproject.com/Tips/430684/Loading-Win-DLLs-manually-without-LoadLibrary
L. Spiro
That looks about detailed enough. Thank you!
L. Spiro