-
October 19th, 2013, 05:10 PM
#1
what does dllmain entry point do?
how does dllmain execute the dll ? and how does it go from running in kernel mode to executing the dll within the user space of the program?
-
October 19th, 2013, 06:13 PM
#2
Re: what does dllmain entry point do?
dllmain doesn't 'execute' the dll. dllmain() is an optional entry point in the dll called when specific events occur and is usually used for initialization and clean-up purposes if required.
See
http://msdn.microsoft.com/en-us/wind...=vs.85%29.aspx
All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!
C++23 Compiler: Microsoft VS2022 (17.6.5)
-
October 19th, 2013, 07:34 PM
#3
Re: what does dllmain entry point do?
so what happens when dllmain is called after injecting a dll?
Last edited by icealys; October 19th, 2013 at 09:28 PM.
-
October 21st, 2013, 08:19 AM
#4
Re: what does dllmain entry point do?
dllmain() is only optional in a c/c++ program because the linker will link in a dummy/empty dllmain() if you don't provide one.
a DLL always has an entrypoint. The exceptions are a resource only DLL which won't typically have a code-section. And a code-dll where you explicitely define to have no entrypoint. (but in that case, you can't use the C-runtime, or assume that global constructors/destructors get called.
typically the entrypoint will point to the C-Runtime startup/cleanup code which does all sort of things, including calling global constructors and destructors and ends up calling the user-defined dllmain() (or the default one if you don't provide one).
this is basically the same as to how it works for an exe instead that in that case, it calls main().
depending on injection/loading method used... the dll entrypoint of the injected dll may or may not get called.
depending on how the application ends (and how the dll was loaded/injected), the dllentrypoint may or may not be called for each loaded dll to detach to the thread/process.
When you dive into the details, dllmain is probably one of the most complex things to fully understand in windows. So if you want an answer to something, you're going to have to be very specific.
-
October 21st, 2013, 09:49 AM
#5
Re: what does dllmain entry point do?
All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!
C++23 Compiler: Microsoft VS2022 (17.6.5)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|