#1
|
|||
|
|||
DLLs loading sequence
Is it possible to get sequence how application loads its DLLs?
|
#3
|
|||
|
|||
If I understood your question, Open your target if it was developed in 32 bits OS, with Hdasm, and you will see what you want when you analyze the imports table and the address of each call.
|
#4
|
||||
|
||||
It's possible, you need to hook NtMapViewOfSection. For more details you may look how it's done in this code : http://deroko.phearless.org/itracer.zip (look for NtMapViewOfSection hooking code)
__________________
http://accessroot.com |
#5
|
Did you already try putting BPX on LoadLibraryA?
Here is a little asm code just to recall how dll files are loaded: Code:
push offset lib call LoadLibrary ; will load the dll mov hLib, eax push offset function push hLib call GetProcAddress ; will get the procedure to execute mov hProc, eax call hProc ; will call your function in your DLL push hLib call FreeLibrary ; free the resource
__________________
<<< The L10n won't give up >>> |
#6
|
|||
|
|||
To see how DLLs are loaded for an application I would set the global flag for showing loader snaps (http://msdn.microsoft.com/en-us/library/windows/hardware/ff556886(v=vs.85).aspx) and watch the debug output.
The Windows Internals book has an experiment showing how you can do this. Use google and search for "watching the image loader". Here is a direct link to this page: http://bit.ly/1doJuzI |
#7
|
Using WinDBG, first you have to enable your debugger, so type:
!gflag +ksl Break when your file (.exe or .dll) is loaded: sxe ld mydll.dll That's all
__________________
<<< The L10n won't give up >>> |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Plugin loading problem of using ollydbg | suddenLy | General Discussion | 0 | 03-25-2014 21:17 |
Why the site is loading so slowly? | giv | General Discussion | 10 | 05-17-2011 07:18 |
Ollydbg loading problem | hobferret | General Discussion | 5 | 07-07-2008 20:40 |
Loading BIOS from dos debug - possible ? | petar | General Discussion | 9 | 03-14-2005 00:26 |