Thread: merging dll with .exe

  1. #1
    Registered User
    Join Date
    Mar 2005
    Posts
    76

    merging dll with .exe

    I was just fantacising a little bit, and i thought about the posibilities of merging a .dll with an .exe. To import a function from a dll you use GetProcAddress on the handle to the dll. Would it be possible to just binary merge the dll and the exe, and call GetProcAddress on the .exe itself?. I've worked before on dll's, but i forgotten a little how it worked, and i just wondered if this is possible. I have no real usage for this, so i cant give more details. Its just something i thought of during a boring lecture .

  2. #2
    Registered /usr
    Join Date
    Aug 2001
    Location
    Newport, South Wales, UK
    Posts
    1,273
    You'd have to explain this "binary merge" process a bit more, but from what I know .EXEs aren't allowed to export functions.

  3. #3
    Unregistered User
    Join Date
    Sep 2005
    Location
    Antarctica
    Posts
    341
    you can build the DLL as a static library or you can just use good ol' Ctrl+C and Ctrl+V and paste the DLL's code into your exe's code.

  4. #4
    Registered User
    Join Date
    Mar 2005
    Posts
    76
    You'd have to explain this "binary merge" process a bit more, but from what I know .EXEs aren't allowed to export functions.
    There is some kind of dos command that works like:

    Code:
    copy -b in.exe in.dll out.exe
    Is this clear enough?

    IIRC there are already some programs which can magically merge dll's with .exe's but i dont know what kind of magic these programs perform since i havent used them myself.


    you can build the DLL as a static library or you can just use good ol' Ctrl+C and Ctrl+V and paste the DLL's code into your exe's code.
    If i have all the code myself its indeed possible to copy/paste some code. But what if i only have a dll that i want to convert to a .exe?
    Last edited by johny145; 10-11-2005 at 10:34 AM.

  5. #5
    Unregistered User
    Join Date
    Sep 2005
    Location
    Antarctica
    Posts
    341
    doing a binary copy like that won't help you. you can't just magically merge dll's with exes by copying one to the other.

    How are you supposed to convert a DLL to an exe? You can't convert an apple to an orange. An exe has a main entry point, a DLL exports functions.

  6. #6
    Registered User
    Join Date
    Mar 2005
    Posts
    76
    I know you cant just have a dll, and automatically create a executable from it. Like you said, apples arent bananas. But in dll's you have functions. These functions can be called from executables. Some programs can merge a dll and an exectable together (like i said), but i dont exactly know how. I thought maybe it would somehow be possible to "find" the dll functions if you just appended the dll to the executable itself. But i just checked it myself, and it doesnt appear to work.
    I also looked on google for a program to merge .exe with .dll and although i didnt find any, i found a program that can do this:

    Use this to convert a DLL file into its equivalent static library file. After that, you can replace the original DLL file with the static library file, rebuild your application, and distribute it without the DLL.

    The conversion process does not require any source code from the DLL. All work is done from binary to binary. It will rebuild programming interfaces identical to the export functions in the DLL and reconstruct the necessary symbol, string and reference tables to make a valid static library.
    So this program can do an intermediate step in the proces of merging a dll with an executable, by making a static library out of a dll. But since it has not any use to me, and since this thread is going nowere, i think ill just abandon this idea.
    Last edited by johny145; 10-11-2005 at 01:21 PM.

  7. #7
    Disrupting the universe Mad_guy's Avatar
    Join Date
    Jun 2005
    Posts
    258
    Just put the DLL in the EXE's .rsrc section and then unload it at runtime followed by deleting it on close. This is a very useful technique if you want to just distribute on executable, and you can extract the files to something like C:\WINDOWS\TEMP then delete it later.




    Either way, you can't just 'change' a DLL to a EXE. What if the DLL is a strict resource DLL? How will it know where to enter it's code? What functions will it call? When will it call them?

    Note, you also don't nessecarily HAVE to do GetProcAddress and LoadLibrary to get a function from a DLL to work, that's just one of the ways to do it. Which is explicit linking. You can also do implicit linking in which case when you build the DLL you get a .lib file produced, and link it with your exe with all the functions in the DLL in a header file prototyped with __declspec(dllimport); The only difference is that you call with implicit linking by doing something like:

    jmp Thunk_In_IAT

    ...
    ;;This is that thunk we're jmp'ing to
    call 0x33048854 ;;This is the real address of whatever function
    Last edited by Mad_guy; 10-11-2005 at 05:06 PM.
    operating systems: mac os 10.6, debian 5.0, windows 7
    editor: back to emacs because it's more awesomer!!
    version control: git

    website: http://0xff.ath.cx/~as/

  8. #8
    Registered User
    Join Date
    Mar 2005
    Posts
    76
    Quote Originally Posted by Mad_guy
    Just put the DLL in the EXE's .rsrc section and then unload it at runtime followed by deleting it on close. This is a very useful technique if you want to just distribute on executable, and you can extract the files to something like C:\WINDOWS\TEMP then delete it later.
    Now were getting somewhere, going to give it a try soon



    Either way, you can't just 'change' a DLL to a EXE. What if the DLL is a strict resource DLL? How will it know where to enter it's code? What functions will it call? When will it call them?
    sigh, i know, a dll is a dll not an executable. Somehow i cant get the idea acros i dont want a dll -> .exe converter, because this is just nonsense. I know, my poor english doesnt help to express what i really mean, but if i would talk dutch......

    Note, you also don't nessecarily HAVE to do GetProcAddress and LoadLibrary to get a function from a DLL to work, that's just one of the ways to do it. Which is External linking. You can also do implicit linking in which case when you build the DLL you get a .lib file produced, and link it with your exe with all the functions in the DLL in a header file prototyped with __declspec(dllimport); The only difference is that you call with implicit linking by doing something like:

    jmp Thunk_In_IAT

    ...
    ;;This is that thunk we're jmp'ing to
    call 0x33048854 ;;This is the real address of whatever function

    I've only used the LoadLibrary myself, but i was aware there are other methods. I understand a little what you mean, but the details are still unclear to me. I guess IAT is input address table, and it has to do with functions inside an executable, but thats all i know.

    in any case ,i just needed a push into the right direction, and i think your help is just about ennough to get me going .

  9. #9
    Disrupting the universe Mad_guy's Avatar
    Join Date
    Jun 2005
    Posts
    258
    Eh, my grammar isn't perfect either so I'm not complaining.


    Basically what you have to do is create a resource script, and then simply compile that resource into your project like you would an ordinary file. Once you do that you can use the Resource Functions to unload your DLL from the resource section. To be completely honest I don't know much about resources, since I primarily use them only when I'm doing GUI coding for things like menu's and dialogs and icons (and I don't even do that very much anymore ever since I improved my Delphi skills, but resource scripts are resource scripts really (delphi resource scripts are basically the same as C ones)), but I think I MIGHT have some code from "Rootkits: Subverting the windows kernel" that shows you how to unload a file from a resource section.


    EDIT: here, this code probably isn't 100% correct syntactically but it should give you the general idea, look up some internet articles (this is used for decompressing a .sys file which you can put rootkit code into):

    Code:
    bool _util_decompress_sysfile(char *theResourceName)
    {
          HRSRC aResourceH;
          HGLOBAL aResourceHGlobal;
          unsigned char * aFilePtr;
          unsigned long aFileSize;
          HANDLE file_handle;
          //////////////////////////////////////////////////////////
          // locate a named resource in the current binary EXE
          //////////////////////////////////////////////////////////
          aResourceH = FindResource(NULL, theResourceName, "BINARY");
          if(!aResourceH)
          {
                return false;
          }
          aResourceHGlobal = LoadResource(NULL, aResourceH);
          if(!aResourceHGlobal)
          {
                return false;
          }
          aFileSize = SizeofResource(NULL, aResourceH);
          aFilePtr = (unsigned char *)LockResource(aResourceHGlobal);
          if(!aFilePtr)
          {
                return false;
          }
          char _filename[64];
          snprintf(_filename, 62, "%s.sys", theResourceName);
          file_handle = CreateFile(filename,
                                   FILE_ALL_ACCESS,
                                   0,
                                   NULL,
                                   CREATE_ALWAYS,
                                   0,
                                   NULL);
          if(INVALID_HANDLE_VALUE == file_handle)
          {
                int err = GetLastError();
                if( (ERROR_ALREADY_EXISTS == err) || (32 == err))
                {
                      // no worries, file exists and may be locked
                      // due to exe
                      return true;
                }
                printf("%s decompress error %d\n", _filename, err);
                return false;
          }
          // While loop to write resource to disk
          while(aFileSize--)
          {
                unsigned long numWritten;
                WriteFile(file_handle, aFilePtr, 1, &numWritten, NULL);
                aFilePtr++;
          }
          CloseHandle(file_handle);
          return true;
    }
    Last edited by Mad_guy; 10-11-2005 at 05:16 PM.
    operating systems: mac os 10.6, debian 5.0, windows 7
    editor: back to emacs because it's more awesomer!!
    version control: git

    website: http://0xff.ath.cx/~as/

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. non-MFC DLL with MFC app question.
    By Kempelen in forum Windows Programming
    Replies: 10
    Last Post: 08-20-2008, 07:11 AM
  2. dll communicating between each other
    By cloudy in forum C++ Programming
    Replies: 5
    Last Post: 06-17-2005, 02:20 AM
  3. DLL and std::string woes!
    By Magos in forum C++ Programming
    Replies: 7
    Last Post: 09-08-2004, 12:34 PM
  4. Using class with DLL
    By greg2 in forum C++ Programming
    Replies: 2
    Last Post: 09-12-2003, 05:24 AM
  5. .lib vs .h vs .dll
    By Shadow12345 in forum C++ Programming
    Replies: 13
    Last Post: 01-01-2003, 05:29 AM