|
LdrLoadDll in nt native api |
Post Reply 
|
Page 123> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
|||
zahra34 
Newbie 
Joined: 25 August 2009 Location: teh Online Status: Offline Posts: 32 |
 Post Options
 Quote Reply
 Topic: LdrLoadDll in nt native apiPosted: 06 November 2009 at 5:39am |
|||
|
hi
you are correct.maybe it has user mode dlls too that can not load them.I'm not sure.thanks for your reply
|
||||
 |
||||
|
sepehrst
Newbie
Joined: 06 October 2007 Location: teh Online Status: Offline Posts: 1 |
Post Options
Quote Reply
Posted: 04 November 2009 at 5:21am |
|||
|
Hi
Does the dll your're trying to load, imports any dlls from user mod(win32 subsystem) land? (like kernel32, user32,...)
if so, then you will fail to load your dll.
To be able to load the dll in your native app, the dll must import ONLY ntdll.dll or other "native" dlls.
|
||||
|
||||
|
BanMe
Groupie 
Joined: 18 August 2006 Location: United States Online Status: Offline Posts: 58 |
Post Options
Quote Reply
Posted: 28 August 2009 at 8:52pm |
|||
|
if your dll is in the 'systems' search path there is no need to specify one ;) just rely on the system being able to locate it.. so code such as this
should work like this..
if this continues to fail, then you maybe just have to come up with a alternitive method of 'loading' it..if there is a problem with your Dll's DllMain or LibMain or w/e that could also be a problem.. try loading your dll into OllyDbg using the LoadDll feature present in version 1.10..if olly loads it properly then you can try the upper solution, otherwise you will have to recompile your dll.. ;)
regards BanMe |
||||
|
||||
|
zahra34
Newbie
Joined: 25 August 2009 Location: teh Online Status: Offline Posts: 32 |
Post Options
Quote Reply
Posted: 27 August 2009 at 9:19pm |
|||
Hi BanMe, First,I should Thank you for your attention to my post :) If this post becomes more longer , I will contact You via your email, I think it is better to discuss about it here so that every one that has this problem in future can use it :) Then, about path in system32 and the file, yes, my dll is in system32, but I want to ask a question that may solve this problem. Is there any necessary properties for dll that I use in LdrLoadDll, for example any especial registry set that I did not attention about it? Or I don’t know something that is prerequisite for this function?
Another thing which I want to know is,Can I use ZwLoadDriver/NtLoadDriver instead?to start working with a device? As I see in these functions definition It is not very hard to use them . but I’m new in working with ZwLoadDriver.. thanks every body that helps me one time more |
||||
|
||||
|
BanMe
Groupie
Joined: 18 August 2006 Location: United States Online Status: Offline Posts: 58 |
Post Options
Quote Reply
Posted: 27 August 2009 at 2:27pm |
|||
|
is your dll in C:\Windows\System32 folder?...
also ntdll is already loaded you can traverse the PEB and get the modulehandle..to bypass this error..alternitivly you can contact me on msnLive an everyone else can spam the f**k outta me and we can work out another way.. rinna_marlen@hotmail.com is my email although I wont be on much today I will be on alot tommorow.. ;)
p.s. I'm also developing a Native Application..and have alot of time and research invested into it..and I usually know what im talking about...and alternatives..
|
||||
|
||||
|
zahra34
Newbie
Joined: 25 August 2009 Location: teh Online Status: Offline Posts: 32 |
Post Options
Quote Reply
Posted: 27 August 2009 at 1:23pm |
|||
here is my code:
for this code I get this error:c0000135 (STATUS_DLL_NOT_FOUND)
and code that works for ntdll.dll:
for this one I get c0000005 that I said(it just works with ntdll.dll not another dll) thanks for your help
|
||||
|
||||
|
wj32
Senior Member 
Joined: 16 January 2009 Location: Australia Online Status: Offline Posts: 704 |
Post Options
Quote Reply
Posted: 27 August 2009 at 7:38am |
|||
|
What is the exact code you're using?
|
||||
|
MCTS: Windows Internals
Process Hacker, a free and open source process viewer. |
||||
|
||||
|
zahra34
Newbie
Joined: 25 August 2009 Location: teh Online Status: Offline Posts: 32 |
Post Options
Quote Reply
Posted: 27 August 2009 at 7:12am |
|||
thanks for your interest,c0000005 (STATUS_ACCESS_VIOLATION)
|
||||
|
||||
|
ntunldr
Senior Member
Joined: 05 July 2009 Online Status: Offline Posts: 229 |
Post Options
Quote Reply
Posted: 27 August 2009 at 6:00am |
|||
Offtop: If ntdll rourtine uses call through sysenter/int 2e then it is impossible (you will have problems with sysexit), if you will change SharedUserData->CallRoutine (pointer to KiFastSystemCall) to point on KiIntSystemCall, then you can try to call some of ntdll.dll funcs from kernel mode. However this is perversion, but when somebody in kernel mode, there are no rules for them, only popular opinion. |
||||
|
||||
|
||||
|
wj32
Senior Member
Joined: 16 January 2009 Location: Australia Online Status: Offline Posts: 704 |
Post Options
Quote Reply
Posted: 26 August 2009 at 9:50pm |
|||
Yes you did.
What error? Are you sure you're specifying the correct file name in native format? |
||||
|
MCTS: Windows Internals
Process Hacker, a free and open source process viewer. |
||||
|
||||
|
Post Reply
|
Page 123> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
