Eh, my grammar isn't perfect either so I'm not complaining.
Basically what you have to do is create a resource script, and then simply compile that resource into your project like you would an ordinary file. Once you do that you can use the Resource Functions to unload your DLL from the resource section. To be completely honest I don't know much about resources, since I primarily use them only when I'm doing GUI coding for things like menu's and dialogs and icons (and I don't even do that very much anymore ever since I improved my Delphi skills, but resource scripts are resource scripts really (delphi resource scripts are basically the same as C ones)), but I think I MIGHT have some code from "Rootkits: Subverting the windows kernel" that shows you how to unload a file from a resource section.
EDIT: here, this code probably isn't 100% correct syntactically but it should give you the general idea, look up some internet articles (this is used for decompressing a .sys file which you can put rootkit code into):
Code:
bool _util_decompress_sysfile(char *theResourceName)
{
HRSRC aResourceH;
HGLOBAL aResourceHGlobal;
unsigned char * aFilePtr;
unsigned long aFileSize;
HANDLE file_handle;
//////////////////////////////////////////////////////////
// locate a named resource in the current binary EXE
//////////////////////////////////////////////////////////
aResourceH = FindResource(NULL, theResourceName, "BINARY");
if(!aResourceH)
{
return false;
}
aResourceHGlobal = LoadResource(NULL, aResourceH);
if(!aResourceHGlobal)
{
return false;
}
aFileSize = SizeofResource(NULL, aResourceH);
aFilePtr = (unsigned char *)LockResource(aResourceHGlobal);
if(!aFilePtr)
{
return false;
}
char _filename[64];
snprintf(_filename, 62, "%s.sys", theResourceName);
file_handle = CreateFile(filename,
FILE_ALL_ACCESS,
0,
NULL,
CREATE_ALWAYS,
0,
NULL);
if(INVALID_HANDLE_VALUE == file_handle)
{
int err = GetLastError();
if( (ERROR_ALREADY_EXISTS == err) || (32 == err))
{
// no worries, file exists and may be locked
// due to exe
return true;
}
printf("%s decompress error %d\n", _filename, err);
return false;
}
// While loop to write resource to disk
while(aFileSize--)
{
unsigned long numWritten;
WriteFile(file_handle, aFilePtr, 1, &numWritten, NULL);
aFilePtr++;
}
CloseHandle(file_handle);
return true;
}