DLL stands for Dynamic Link Library. Itâs Microsoftâs implementation for shared library concept. The file format for DLLs and EXEs are the same, Portable Executable.
DLLs can contain code, data and resources, in any combination.
A windows DLL is just like an executable (EXE). The difference is that EXEs have an entry point (main function) and so it can be used to start a process, while DLLs can only be loaded into a pre-existing process. DLLs too have an entry point, but it is not used as main function, just some sort of initialization/finalization hook.
DLLs execute in the memory space of the calling process and with the same access permissions, which means there is little overhead in their use, but also that there is no protection for the calling program if the DLL has any sort of bug.
Â
Memory Management
In Windows API, DLL files are organized into sections. Each section has its own set of attributes, such as being writable or read-only, executable (for code) or non-executable (for data), and so on.
Windows does not use position independent code for its DLLs; instead the code undergoes relocation as it is loaded, fixing addresses for all its entry points at locations which are free in memory space of the first process to load the DLL.
In contrast to code sections, the data sections of a DLL are usually private; that is, each process using the DLL has its own copy of all the DLL's data.
Import Libraries
Import libraries for DLLs are noted by .lib extension. Linking to dynamic libraries is usually handled by linking to an import library when building or linking to create an executable file.
The created executable then contains an import address table (IAT) by which all DLL function calls are referenced (each referenced DLL function contains its own entry in the IAT). At run-time, the IAT is filled with appropriate addresses that point directly to a function in the separately loaded DLL.
Symbol resolution and binding
Each function exported by a DLL is identified by a numeric ordinal and optionally a name. Functions can be imported from a DLL either by ordinal or by name.
The ordinal represents the position of the functionâs address pointer in the DLL Export Address Table.
Explicit run-time linking
DLL files can be explicitly loaded at run-time, a process referred to as run-time dynamic linking by Microsoft.
LoadLibrary API function is used to load the library at runtime.GetProcAddress API function is used to look up exported symbols by name.FreeLibrary to unload the DLL.Â
The procedure for explicit run-time linking is the same in any language that supports pointer to functions, since it depends on the Windows API rather than language constructs.
Shared Library
This concept basically allows you to have your common code that has to be used by multiple programs at a single place and can be loaded dynamically when a program requires it.
For example, there let there be a two programs called FFT.exe which performs Fast Fourier Transform and other one be Signal.exe that generates some sort of a signal. Both these programs require some sort a basic math library to implement common math routines like add, divide, differentiate, integrate etc. So here we usually create a library called math.dll (hypothetical, this does not actually exist in Windows) which can be called upon by FTT.exe and Signal.exe at runtime.
This basically saves disk space as only one copy of the library exists (in contrast to static linking where each program has a copy of the library).
The programs that call this file are connected to it at run time, with the operating system, performing the binding.
This also allows for modularity. Modularity allows changes to be made to code and data in a single self-contained DLL shared by several applications without any change to the applications themselves.
DLLs provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled.
Â
There is an application for analyzing the Portable Executable file. The name of the application is Dependencies and is hosted on Github.
Dynamic Linker
Itâs a part of the OS that loads and links the shared libraries needed by an executable when it is executed (at ârun timeâ) by copying the content of libraries from persistent storage to RAM, filling jump tables and relocating pointers.
Portable Executable
Address Space
Pointer to Function
Windows Registry
Hierarchical database that stores low level settings for the Microsoft Windows operating system and for applications that opt to use the registry.
The registry also allows access to counters for profiling system performance.
It contains information, settings, options, and other values for programs and hardware installed on all versions of Windows operating systems. When a program is installed, a new subkey containing settings such as a programâs location itâs version and how to start the program, are all added to the registry.
Backup and restoration is also simplified as the registry can be accessed over a network connection for remote management/support, including from scripts, using the standard set of APIs, as long as the Remote Registry service is running and firewall rules permit this.
Â
.NET Framework
Microsoft promotes .NET Framework as one solution to the problems of DLL hell.
Common Language Infrastructure (CLI)
Windows API
PowerShell
Task automation and configuration management program from Microsoft, consisting of command line shell and the associated scripting language.
In PowerShell, administrative tasks are generally performed via cmdlets (pronounced command-lets) which are specialized .NET classes implementing a particular operation.
Stub
It is a piece of code used to stand in for some other programming functionality. It may simulate the behavior of existing code or be a temporary substitute for yet-to-be developed code.
These are most useful in porting, distributed computing as well as general software development and testing.
A stub is a routine that doesnât actually do anything other than declaring itself and the parameters it accepts and returning something that is usually the value expected in one of the âhappy scenariosâ for the caller.
Stubs are used commonly as placeholders for implementation of a known interface, where the interface is finalized/known but the implementation is not yet known/finalized.
Shim
Shim is a library that transparently intercepts API calls and changes the arguments passed, handles the operation itself or redirects the operation elsewhere.
It can be used to support an old API in a newer environment, or a new API in an older environment.
Shims can also be used for running programs on different software platforms than they were developed for.
An example of this is web polyfills which implement newer web standards using older standards and JavaScript, if newer standard is not available in a given web browser.