0

I have gone through SO question1 and SO question2 but they are far more descriptive for my simple problem and here it is:

I have an application which is dynamically linked to a shared object(.dll, .so or whatever!). I am aware that the tool chain leaves a stub in our application which will be filled by dynamic linker. Fare enough !!

What I didn't get:

1) What will a stub look like( I know it's an odd way to put it)? I can guess that it is an entry point to our application but is it what we call a backdoor?

2) Suppose the that we looking for the object code for a function printf() but the dynamic library that we are linking to, say mylib.dll contains object code for printf() but not restricted to that. When the linking happens are linkers smart enough to copy the object code for printf() alone or will it copy the entire dynamic library to the application?

Or am I totally confused?

Community
  • 1
  • 1
sjsam
  • 21,411
  • 5
  • 55
  • 102

2 Answers2

1

When you link against a DLL, the linker just creates an entry in the Import Directory of the PE file. There is no copying of code since that will duplicate code unnecessarily. Instead, the linker will create an entry telling the PE loader what to load.

For example, if you use the function foo_bar from your foo.dll, the linker inserts import descriptor (IMAGE_IMPORT_DESCRIPTOR) that specifies the name of the dll to load (foo.dll) and function descriptor (IMAGE_THUNK_DATA) that specifies the name of the function (foo_bar). When your code that calls foo_bar is compiled, the compiler is actually generating an instruction that calls an address from the IMAGE_THUNK_DATA entry. So when your executable runs, the PE loader will check the import descriptors and load foo.dll and then check the function descriptors and gets the address of those functions from foo.dll and puts the address in the IMAGE_THUNK_DATA structure. After that, control is transferred to your application and the call to foo_bar will work since it's now pointing to the address of foo_bar.

shebaw
  • 1,775
  • 1
  • 13
  • 15
0

The DLL is an entity that exist for itself. I will be loaded into your process at load time when you used the import library. The Windows API functions LoadLibrary and GetProcAddress also allows to load the DLL at run time. In any case the DLL will not be changed. If you call only a subset of the function it still provides all functions.

The Linker doesn't change the DLL. It justs adds the stub code to the program that uses the DLL function. The stub

  • loads the DLL to the process
  • ajusts the function pointer to the actual implementation in the DLL utilizing the import table of the DLL.
harper
  • 13,345
  • 8
  • 56
  • 105
  • ThankYou! I got the answer for the second part of the question! What will entrypoint(stub) look like? Is it a function? – sjsam Jun 03 '15 at 07:21
  • The linker doesn't add code to load dlls, it just creates import entries for them. – shebaw Jun 03 '15 at 07:51