📄 tut17.html
字号:
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Author" content="Iczelion">
<meta name="GENERATOR" content="Mozilla/4.51 [en] (Win95; I) [Netscape]">
<title>Iczelion's Win32asm tutorial 17: Dynamic Link Libraries</title>
</head>
<body text="#FFFFFF" bgcolor="#000080" link="#FFFF00" vlink="#8080FF" alink="#FF00FF">
<center>
<h1>
<font face="Arial,Helvetica"><font color="#FFFF99">Tutorial 17: Dynamic
Link Libraries</font></font></h1></center>
<font face="Arial,Helvetica"><font size=-1>In this tutorial, we will learn
about DLLs , what are they and how to create them.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>You can download the example
<a href="files/tut17.zip">here</a>.</font></font>
<br><font face="Arial,Helvetica"><font size=-1></font></font>
<h3>
<font face="Arial,Helvetica"><font color="#99FF99"><font size=+0>Theory:</font></font></font></h3>
<font face="Arial,Helvetica"><font size=-1>If you program long enough,
you'll find that the programs you wrote usually have some code routines
in common. It's such a waste of time to rewrite them everytime you start
coding new programs. Back in the old days of DOS, programmers store those
commonly used routines in one or more libraries. When they want to use
the functions, they just link the library to the object file and the linker
extracts the functions from the library and inserts them into the final
executable file. This process is called static linking. C runtime libraries
are good examples. The drawback of this method is that you have identical
functions in every program that calls them. Your disk space is wasted storing
several identical copies of the functions. But for DOS programs, this method
is quite acceptable since there is usually only one program that's active
in memory. So there is no waste of precious memory.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>Under Windows, the situation
becomes much more critical because you can have several programs running
simultaneously. Memory will be eat up quickly if your program is quite
large. Windows has a solution for this type of problem: dynamic link libraries.
A dynamic link library is a kind of common pool of functions. Windows will
not load several copies of a DLL into memory so even if there are many
instances of your program running at the same time, there'll be only one
copy of the DLL that program uses in memory. And I should clarify this
point a bit. In reality, all processes that use the same dll will have
their own copies of that dll. It will look like there are many copies of
the DLL in memory. But in reality, Windows does it magic with paging and
all processes share the same DLL code.So in physical memory, there is only
one copy of DLL code. However, each process will have its own unique data
section of the DLL.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>The program links to a DLL
at runtime unlike the old static library. That's why it's called dynamic
link library. You can also unload a DLL at runtime as well when you don't
need it. If that program is the only one that uses the DLL, it'll be unloaded
from memory immediately. But if the DLL is still used by some other program,
the DLL remains in memory until the last program that uses its service
unloads it.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>However, the linker has
a more difficult job when it performs address fixups for the final executable
file. Since it cannot "extract" the functions and insert them into the
final executable file, somehow it must store enough information about the
DLL and functions into the final execuable file for it to be able to locate
and load the correct DLL at runtime.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>That's where import library
comes in. An import library contains the information about the DLL it represents.
The linker can extract the info it needs from the import libraries and
stuff it into the executable file. When Windows loader loads the program
into memory, it sees that the program links to a DLL so it searches for
that DLL and maps it into the address space of the process as well and
performs the address fixups for the calls to the functions in the DLL.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>You may choose to load the
DLL yourself without relying on Windows loader. This method has its pros
and cons:</font></font>
<ul>
<li>
<font face="Arial,Helvetica"><font size=-1>It doesn't need an import library
so you can load and use any DLL even if it comes with no import library.
However, you still have to know about the functions inside it, how many
parameters they take and the likes.</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1>When you let the loader load
the DLL for your program, if the loader cannot find the DLL it will report
"A required .DLL file, xxxxx.dll is missing" and poof! your program doesn't
have a chance to run even if that DLL is not essential to its operation.
If you load the DLL yourself, when the DLL cannot be found and it's not
essential to the operation, your program can just tell the user about the
fact and go on.</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1>You can call *undocumented*
functions that are not included in the import libraries. Provided that
you know enough info about the functions.</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1>If you use LoadLibrary, you
have to call GetProcAddress for every function that you want to call. GetProcAddress
retrieves the entrypoint address of a function in a particular DLL. So
your code might be a little bit larger and slower but by not much.</font></font></li>
</ul>
<font face="Arial,Helvetica"><font size=-1>Seeing the advantages/disadvantages
of LoadLibrary call, we go into detail how to create a DLL now.</font></font>
<br><font face="Arial,Helvetica"><font size=-1>The following code is the
DLL skeleton.</font></font><font face="Arial,Helvetica"><font size=-1></font></font>
<p><font face="Arial,Helvetica"><font size=-1>;--------------------------------------------------------------------------------------</font></font>
<br><font face="Arial,Helvetica"><font size=-1>;
DLLSkeleton.asm</font></font>
<br><font face="Arial,Helvetica"><font size=-1>;--------------------------------------------------------------------------------------</font></font>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>.386</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>.model
flat,stdcall</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>option
casemap:none</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>include
\masm32\include\windows.inc</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>include
\masm32\include\user32.inc</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>include
\masm32\include\kernel32.inc</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>includelib
\masm32\lib\user32.lib</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>includelib
\masm32\lib\kernel32.lib</font></font></font></b><font face="Arial,Helvetica"><font size=-1></font></font>
<p><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>.data</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>.code</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>DllEntry
proc hInstDLL:HINSTANCE, reason:DWORD, reserved1:DWORD</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>
mov eax,TRUE</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>
ret</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>DllEntry
Endp</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>;---------------------------------------------------------------------------------------------------</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>;
This is a dummy function</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>;
It does nothing. I put it here to show where you can insert functions
into</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>;
a DLL.</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#66FFFF"><font size=-1>;----------------------------------------------------------------------------------------------------</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>TestFunction
proc</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>
ret</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>TestFunction
endp</font></font></font></b><font face="Arial,Helvetica"><font size=-1></font></font>
<p><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>End
DllEntry</font></font></font></b><font face="Arial,Helvetica"><font size=-1></font></font>
<p><font face="Arial,Helvetica"><font size=-1>;-------------------------------------------------------------------------------------</font></font>
<br><font face="Arial,Helvetica"><font size=-1>;
DLLSkeleton.def</font></font>
<br><font face="Arial,Helvetica"><font size=-1>;-------------------------------------------------------------------------------------</font></font>
<br><font face="Arial,Helvetica"><font size=-1><b><font color="#FFCCCC">LIBRARY</font></b>
DLLSkeleton</font></font>
<br><font face="Arial,Helvetica"><font size=-1><b><font color="#FFCCCC">EXPORTS</font></b>
TestFunction</font></font>
<br><font face="Arial,Helvetica"><font size=-1></font></font> <font face="Arial,Helvetica"><font size=-1></font></font>
<p><font face="Arial,Helvetica"><font size=-1>The above program is the
DLL skeleton. Every DLL must have an entrypoint function. Windows will
call the entrypoint function everytime that:</font></font>
<ul>
<li>
<font face="Arial,Helvetica"><font size=-1>The DLL is first loaded</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1>The DLL is unloaded</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1>A thread is created in the same
process</font></font></li>
<li>
<font face="Arial,Helvetica"><font size=-1>A thread is destroyed in the
same process</font></font></li>
</ul>
<b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>DllEntry
proc hInstDLL:HINSTANCE, reason:DWORD, reserved1:DWORD</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>
mov eax,TRUE</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>
ret</font></font></font></b>
<br><b><font face="Arial,Helvetica"><font color="#FFFF00"><font size=-1>DllEntry
Endp</font></font></font></b><font face="Arial,Helvetica"><font size=-1></font></font>
<p><font face="Arial,Helvetica"><font size=-1>You can name the entrypoint
function anything you wish so long as you have a matching END <Entrypoint
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -