DLLs loading sequence
Is it possible to get sequence how application loads its DLLs?
|
Here is a discussion on the subject, with some useful external links.
|
If I understood your question, Open your target if it was developed in 32 bits OS, with Hdasm, and you will see what you want when you analyze the imports table and the address of each call.
|
It's possible, you need to hook NtMapViewOfSection. For more details you may look how it's done in this code : http://deroko.phearless.org/itracer.zip (look for NtMapViewOfSection hooking code)
|
Did you already try putting BPX on LoadLibraryA?
Here is a little asm code just to recall how dll files are loaded: Code:
push offset lib |
To see how DLLs are loaded for an application I would set the global flag for showing loader snaps (http://msdn.microsoft.com/en-us/library/windows/hardware/ff556886(v=vs.85).aspx) and watch the debug output.
The Windows Internals book has an experiment showing how you can do this. Use google and search for "watching the image loader". Here is a direct link to this page: http://bit.ly/1doJuzI |
Using WinDBG, first you have to enable your debugger, so type:
!gflag +ksl Break when your file (.exe or .dll) is loaded: sxe ld mydll.dll That's all :) |
All times are GMT +8. The time now is 17:56. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX