Missing ``MemoryGetProcAddress`` && ``MemoryLoadLibraryEx(const void *, size_t, CustomAllocFunc, CustomFreeFunc, CustomLoadLibraryFunc, CustomGetProcAddressFunc, CustomFreeLibraryFunc, void *)``

[AraHaan]

I have a usecase forthese apis as drop in replacement for :

/*
 * Memory DLL loading code
 * Version 0.0.4
 *
 * Copyright (c) 2004-2015 by Joachim Bauch / mail@joachim-bauch.de
 * http://www.joachim-bauch.de
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is MemoryModule.h
 *
 * The Initial Developer of the Original Code is Joachim Bauch.
 *
 * Portions created by Joachim Bauch are Copyright (C) 2004-2015
 * Joachim Bauch. All Rights Reserved.
 *
 */

#ifndef __MEMORY_MODULE_HEADER
#define __MEMORY_MODULE_HEADER

#include <windows.h>

typedef void *HMEMORYMODULE;

typedef void *HMEMORYRSRC;

typedef void *HCUSTOMMODULE;

#ifdef __cplusplus
extern "C" {
#endif

typedef LPVOID (*CustomAllocFunc)(LPVOID, SIZE_T, DWORD, DWORD, void*);
typedef BOOL (*CustomFreeFunc)(LPVOID, SIZE_T, DWORD, void*);
typedef HCUSTOMMODULE (*CustomLoadLibraryFunc)(LPCSTR, void *);
typedef FARPROC (*CustomGetProcAddressFunc)(HCUSTOMMODULE, LPCSTR, void *);
typedef void (*CustomFreeLibraryFunc)(HCUSTOMMODULE, void *);

/**
 * Load EXE/DLL from memory location with the given size.
 *
 * All dependencies are resolved using default LoadLibrary/GetProcAddress
 * calls through the Windows API.
 */
HMEMORYMODULE MemoryLoadLibrary(const void *, size_t);

/**
 * Load EXE/DLL from memory location with the given size using custom dependency
 * resolvers.
 *
 * Dependencies will be resolved using passed callback methods.
 */
HMEMORYMODULE MemoryLoadLibraryEx(const void *, size_t,
    CustomAllocFunc,
    CustomFreeFunc,
    CustomLoadLibraryFunc,
    CustomGetProcAddressFunc,
    CustomFreeLibraryFunc,
    void *);

/**
 * Get address of exported method. Supports loading both by name and by
 * ordinal value.
 */
FARPROC MemoryGetProcAddress(HMEMORYMODULE, LPCSTR);

/**
 * Free previously loaded EXE/DLL.
 */
void MemoryFreeLibrary(HMEMORYMODULE);

/**
 * Execute entry point (EXE only). The entry point can only be executed
 * if the EXE has been loaded to the correct base address or it could
 * be relocated (i.e. relocation information have not been stripped by
 * the linker).
 *
 * Important: calling this function will not return, i.e. once the loaded
 * EXE finished running, the process will terminate.
 *
 * Returns a negative value if the entry point could not be executed.
 */
int MemoryCallEntryPoint(HMEMORYMODULE);

/**
 * Find the location of a resource with the specified type and name.
 */
HMEMORYRSRC MemoryFindResource(HMEMORYMODULE, LPCTSTR, LPCTSTR);

/**
 * Find the location of a resource with the specified type, name and language.
 */
HMEMORYRSRC MemoryFindResourceEx(HMEMORYMODULE, LPCTSTR, LPCTSTR, WORD);

/**
 * Get the size of the resource in bytes.
 */
DWORD MemorySizeofResource(HMEMORYMODULE, HMEMORYRSRC);

/**
 * Get a pointer to the contents of the resource.
 */
LPVOID MemoryLoadResource(HMEMORYMODULE, HMEMORYRSRC);

/**
 * Load a string resource.
 */
int MemoryLoadString(HMEMORYMODULE, UINT, LPTSTR, int);

/**
 * Load a string resource with a given language.
 */
int MemoryLoadStringEx(HMEMORYMODULE, UINT, LPTSTR, int, WORD);

/**
* Default implementation of CustomAllocFunc that calls VirtualAlloc
* internally to allocate memory for a library
*
* This is the default as used by MemoryLoadLibrary.
*/
LPVOID MemoryDefaultAlloc(LPVOID, SIZE_T, DWORD, DWORD, void *);

/**
* Default implementation of CustomFreeFunc that calls VirtualFree
* internally to free the memory used by a library
*
* This is the default as used by MemoryLoadLibrary.
*/
BOOL MemoryDefaultFree(LPVOID, SIZE_T, DWORD, void *);

/**
 * Default implementation of CustomLoadLibraryFunc that calls LoadLibraryA
 * internally to load an additional libary.
 *
 * This is the default as used by MemoryLoadLibrary.
 */
HCUSTOMMODULE MemoryDefaultLoadLibrary(LPCSTR, void *);

/**
 * Default implementation of CustomGetProcAddressFunc that calls GetProcAddress
 * internally to get the address of an exported function.
 *
 * This is the default as used by MemoryLoadLibrary.
 */
FARPROC MemoryDefaultGetProcAddress(HCUSTOMMODULE, LPCSTR, void *);

/**
 * Default implementation of CustomFreeLibraryFunc that calls FreeLibrary
 * internally to release an additional libary.
 *
 * This is the default as used by MemoryLoadLibrary.
 */
void MemoryDefaultFreeLibrary(HCUSTOMMODULE, void *);

#ifdef __cplusplus
}
#endif

#endif  // __MEMORY_MODULE_HEADER

That implements full TLS support. The reason why is that I need to load python's core dll file (3.14) from a void * pointer obtained from LockResource, however since Python 3.12 the Python Core Developers force __declspec(thread) in parts of their codebase so now when I go to load the dll it causes an access violation when it even attempts to call it's DllMain function.

[bb107]

Hello, is the above code the original version of MemoryModule? As far as I know, the original version does not support TLS. The missing functions such as MemoryGetProcAddress you mentioned are required by the original version. The MemoryModule implemented in this repo is compatible with Win32 API, such as MemoryGetProcAddress can be directly replaced by GetProcAddress function.

[AraHaan]

Hello, is the above code the original version of MemoryModule? As far as I know, the original version does not support TLS. The missing functions such as MemoryGetProcAddress you mentioned are required by the original version. The MemoryModule implemented in this repo is compatible with Win32 API, such as MemoryGetProcAddress can be directly replaced by GetProcAddress function.

I think so, it is a copy of the one from py2exe.

[bb107]

If this is the case, you need to modify MemoryModule to call the unexported ntdll!LdrpHandleTlsData function to handle TLS before calling DllMain. Since it is not exported, you need to locate it through signatures or debug symbols.

[albertosottile]

@bb107

If this is the case, you need to modify MemoryModule to call the unexported ntdll!LdrpHandleTlsData function to handle TLS before calling DllMain. Since it is not exported, you need to locate it through signatures or debug symbols.

I see that this project, Blackbone, jector, and probably many other all resorted to load this unexported symbol from ntdll. Conversely, nobody tried to reimplement this function. Do you have any idea why? Is doing this so difficult? My uneducated guess is that the gist is easy but the devil lies in the details/in the peculiar cases...

[AraHaan]

@bb107

If this is the case, you need to modify MemoryModule to call the unexported ntdll!LdrpHandleTlsData function to handle TLS before calling DllMain. Since it is not exported, you need to locate it through signatures or debug symbols.

I see that this project, Blackbone, jector, and probably many other all resorted to load this unexported symbol from ntdll. Conversely, nobody tried to reimplement this function. Do you have any idea why? Is doing this so difficult? My uneducated guess is that the gist is easy but the devil lies in the details/in the peculiar cases...

For starters x64 cannot __asm as I have tried to __declspec(naked) it for inline ASM.

I could just paste the asm code inside of an asm file but it would require some fixups and probably dumping of even more internal only ntdll.dll symbols for it to work as well.

Also when I tried this I got an access violation instantly from inside the function call, and then I realized I had to fake up the __thiscall because in C you do not have c++ classes and as such cannot use __thiscall in non-member functions unless you use inline ASM to fake it. Oh wait Microsoft messed us over on using inline asm on x64 when needing to compile :joy:.

[bb107]

You can't use assembly code directly because it contains relocation code. Implementing this function requires hooking some functions to complete, which may bring uncertainty.

[CycloneRing]

You can use asmjit for x64