An API detour question
When I am load a DLL library in my process, is the shared DLL code shared same memory with other process that us the same DLL?
Here is the use case,
When I detour and API, say "CreateProcess" from "kernel32.dll", will it intercept the function calls only from this process or it can come from all process?
Thank you for any answer.
Here is the use case,
When I detour and API, say "CreateProcess" from "kernel32.dll", will it intercept the function calls only from this process or it can come from all process?
Thank you for any answer.
Last Comment
ASKER
Thank you Sara,
I am not asking questions of data. I am asking questions of the code, as when we do the detour of an API we are changing the code of that API for the first 5-6 bytes, here is the reference about what happens:
https://www.microsoft.com/en-us/research/project/detours/
My question is that when we do the detour, are we going to detour only my the calls from my process or all calls from the system for this API.
Looks that it is only affect one my process, and I do not understand that.
I am not asking questions of data. I am asking questions of the code, as when we do the detour of an API we are changing the code of that API for the first 5-6 bytes, here is the reference about what happens:
https://www.microsoft.com/en-us/research/project/detours/
My question is that when we do the detour, are we going to detour only my the calls from my process or all calls from the system for this API.
Looks that it is only affect one my process, and I do not understand that.
detours creates new binary code for each dll function detoured and creates a safe copy of the code for each call. the new code is never a subject of to being shared with other threads let alone with other processes.
you may not worry about code but only about data.
Sara
you may not worry about code but only about data.
Sara
ASKER
Hi Sara,
Thank for your answer.
I am little more confused.
Here is more question now:
When we loadlibrary, will the OS duplicate the code that other people has loaded for other process in my process space? If yes, it will be too many GDI.dll, kernel.dll etc.
If not, when we do detour, we'll change other process space, is it possible?
Or are you saying that when we call getprocaddress, the function code gets duplicated in my process space.
Anyway, I need to know what is happening underline. I could not find the answer from Microsoft paper. Thanks for further help.
Evan
Thank for your answer.
I am little more confused.
Here is more question now:
When we loadlibrary, will the OS duplicate the code that other people has loaded for other process in my process space? If yes, it will be too many GDI.dll, kernel.dll etc.
If not, when we do detour, we'll change other process space, is it possible?
Or are you saying that when we call getprocaddress, the function code gets duplicated in my process space.
Anyway, I need to know what is happening underline. I could not find the answer from Microsoft paper. Thanks for further help.
Evan
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
You are right. if we get an address that is in my process space, it must be copied. But, I could not find any document that talk about when I get the address successfully, the function code is copied to process space?
ASKER
Thank you for your help.
C
C is a general-purpose, imperative computer programming language, supporting structured programming, lexical variable scope and recursion, while a static type system prevents many unintended operations. By design, C provides constructs that map efficiently to typical machine instructions, so it has found lasting use in applications that had formerly been coded in assembly language, including operating systems as well as various application software for computers ranging from supercomputers to embedded systems. It is distinct from C++ (which has its roots in C) and C#, and many later languages have borrowed directly or indirectly from C.
23K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
if using global or static data in the dll you should always make sure that it is constant data valid for all processes using the dll.
don't know exactly what you mean by that. kernel32.dll never would be unloaded and each call of one of the exported dll functions is independent to other calls running parallel or later regardless of whether the calls were coming from same process and same thread, or from other thread or from other process. of course you need to care for thread-safety if using global or shared data for input arguments but the code of the dll function is always safe since each call runs a copy of the original code.
Sara