Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Development
  New Posts New Posts RSS Feed: LdrLoadDll in nt native api
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

LdrLoadDll in nt native api
 Post Reply Post Reply Page  123>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
zahra34 View Drop Down
Newbie
Newbie


Joined: 25 August 2009
Location: teh
Online Status: Offline
Posts: 32 		  Quote zahra34 Quote  Post ReplyReply Direct Link To This Post Topic: LdrLoadDll in nt native api
    Posted: 25 August 2009 at 3:38pm
Hi all

I'm writting a program in kernel mode using ddk.for this purpose I use NT-Native functions .

I want to load some kernel mode dlls there and use of "LdrLoadDLL" function .

I don't know how should I pass those dlls path address in the first input
argument of this function? I get error to load some
kernel mode dll (Error such as "File not found" or "access violation" where it succeeds in loading
only "ntdll.dll"!) and also I don't know how should be the dll's "path"
format in first argument of function?
 
is there any example about this function?

I extremely hope you could help me!!!!

Thanks in Advance.
Back to Top
BanMe View Drop Down
Groupie
Groupie
Avatar

Joined: 18 August 2006
Location: United States
Online Status: Offline
Posts: 55 		  Quote BanMe Quote  Post ReplyReply Direct Link To This Post Posted: 25 August 2009 at 4:35pm
UNC Native PATH name.. ;)
example in UNICODE
 
L"\\??\\C:\\Windows\\System32\\somemod.dll"
 
regards BanMe
 
ps..thats a funky link finding method you use...oh sad sad developer..of this website..


Edited by BanMe - 25 August 2009 at 4:37pm
Back to Top
zahra34 View Drop Down
Newbie
Newbie


Joined: 25 August 2009
Location: teh
Online Status: Offline
Posts: 32 		  Quote zahra34 Quote  Post ReplyReply Direct Link To This Post Posted: 25 August 2009 at 6:41pm
thanx BanMe
I think it is not as simple as  that you declared.I examine a path like above you said and even more things but it does not answer. I need more professional example :)
Back to Top
ntunldr View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 July 2009
Online Status: Offline
Posts: 103 		  Quote ntunldr Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 4:37am
Then google it :)
Working with Sections will help you instead of using Ldr user mode functions in kernel mode (you of course can try but this is perversion), or maybe mods here have a special professional opinion that gives them right to kick my previous post? ^_^ Rhetorical question no need to answer.
Of course if you doing this
I'm writting a program in kernel mode using ddk.

If not, then simple example to LdrLoadDll will be easy to find even here.
Open file, create section from it, map file and work with it.
As an professional example you can search for ProcessHunter v1.1 source. It includes primitive loader.
Back to Top
wj32 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 January 2009
Location: Australia
Online Status: Offline
Posts: 607 		  Quote wj32 Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 5:59am
How do you even call LdrLoadDll from kernel-mode? Kernel modules have to be loaded through the driver mechanism. If you just want to load and relocate a module, I'm not sure if mapping a section as an image will relocate it...
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.
Back to Top
zahra34 View Drop Down
Newbie
Newbie


Joined: 25 August 2009
Location: teh
Online Status: Offline
Posts: 32 		  Quote zahra34 Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 6:25am
thanks ntunldr for your answer, I will search and try this way
 
Originally posted by wj32

How do you even call LdrLoadDll from kernel-mode?
 
I use it in NtStartupProcess,is it possible? I want a handle of dll that then I can pass it to LdrGetProcedureAddress and use some functions of that dll.I'm not sure that is it possible or it is a wrong way maybe!
Back to Top
zahra34 View Drop Down
Newbie
Newbie


Joined: 25 August 2009
Location: teh
Online Status: Offline
Posts: 32 		  Quote zahra34 Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 6:33am
sorry,I mean NtProcessStartup ;)
Back to Top
ntunldr View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 July 2009
Online Status: Offline
Posts: 103 		  Quote ntunldr Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 7:21am
Of course they must be rellocated. Instead of coding such perversions as using r3 code in r0 you maybe shred some light, what exactly do you want to do? For what purpose you want to use these functions and what exactly? What are you trying to accomplish now is deadend way leading to blue screens.
Back to Top
zahra34 View Drop Down
Newbie
Newbie


Joined: 25 August 2009
Location: teh
Online Status: Offline
Posts: 32 		  Quote zahra34 Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 8:27am

I have a project to load dll of a device so that I can use functions within it(dll such as card reader). no, it does not lead to blue screens that you mean, I get an error code(c0000005 (STATUS_ACCESS_VIOLATION))first I think maybe I should use kernel mode dll, I just examine hal.dll as an example but it just returns the error which I said, instead returning success, my code runs before blue welcome screen.
Back to Top
wj32 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 January 2009
Location: Australia
Online Status: Offline
Posts: 607 		  Quote wj32 Quote  Post ReplyReply Direct Link To This Post Posted: 26 August 2009 at 10:01am
You can't use user-mode code in kernel-mode. That's a rule.
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.
Back to Top
 Post Reply Post Reply Page  123>

Forum Jump Forum Permissions View Drop Down

Privacy Statement