I have multithreaded application. Now, I have written one function in Windows DLL.
I am calling this DLL function from thread function (called by multiple threads) which is in my application.
So, my question is, does this DLL function also executes on same calling thread?
(And no need to handle multithreading separately in DLL)
Yes, the DLL function will execute on the same thread as the caller. There is no need to handle multithreading separately in the DLL.
Related
I have a dynamic link library that will hook certain functions in a host process, redirecting them to my the DLL's detour functions. I want to be able to unload this library on a cue that will be given through a call on one of these hooked functions by the host process. Would it be safe to simply unload the DLL while it's code is being executed?
I am aware that FreeLibraryAndExitThread (as opposed to FreeLibrary) exists for unloading a library from within a owned thread, halting the execution immediately. However, I am not able to terminate the thread on which the DLL's code will be running on at the time of the unloading.
I have thought of a solution in case it isn't safe: To spawn a thread that will properly unhook everything and exit using FreeLibraryAndExitThread afterwards, but I'm not sure that is needed or even the best solution if it is.
I'm trying to understand what the difference is between CreateThread and _beginthreadex and why calling DisableThreadLibraryCalls only prevents threads installed with _beginthreadex from executing.
I have a project which is a DLL, an old DLL, this is a win32 dll and I am tasked with porting it to win64. One thing that tripped me up was a call in DLLMain to DisableThreadLibraryCalls.
My threads were installed with _beginthreadex, the body of the threads was never being executed cause of the call to DisableThreadLibraryCalls. Once I removed this, the threads were working correctly.
Now I've found that other threads in the same DLL are started with CreateThread, I then thought was the call to DisableThreadLibraryCalls there to prevent these threads from executing so I put it back and found that the threads created with CreateThread are executed regardless of if DisableThreadLibraryCalls is present or not but threads created with _beginthreadex are disabled.
Why? I can't find anything on:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682579(v=vs.85).aspx
That describes why this is happening.
CreateThread() is a Windows native API for creating threads while _beginthread() and _beginthreadex() are part of C runtime library and are intended to make it easier to manage thread creation, but they still internally have to call CreateThread().
Your own answer is wrong because there is no explicit checking for enable/disable involved in C runtime.
Instead, C runtime library uses DLL_THREAD_ATTACH and DLL_THREAD_DETACH callbacks to manage thread local storage so it should not be surprising that disabling those callbacks by calling DisableThreadLibraryCalls() is preventing C runtime thread management functions from working correctly.
I have found references online that state that _beginthread and _beginthreadex interally call CreateThread so perhaps the checking disable/enable status is only performed in the top level routines which does echo my findings and to me suggests missing logic in CreateThread.
DisableThreadLibaryCalls has no effect on threads created with CreateThread directly.
I wanted to make sure i fully understand those API functions. If I have an application and a dll where i created a thread. I load this dll inside the application with LoadLibrary function. Does it mean that this dll thread is now a thread of that application?
P.S The thread in the dll created via exported function if that matters.
Thanks.
Understand that threads are an element of an executing process - there's no real notion of a DLL "owning" a thread. The code that starts the thread may well have originated from a function call in code contained in a DLL, but the process that loaded the library is the one that owns the thread. Loading the library merely makes the code in that library available to the calling process dynamically (at runtime).
In c++ ,I want to hook more than one dll to a process. Right now I use CreateProcesswithdll() which can hook only one api at a time. What can I do to inject multiple dlls?
I came across this problem because MS detours requires us to name our custom dll the same as original dll in order to properly detour the api calls. So even though i could have different api calls handled in the same detour dll I created I need to have different names to hook calls from different apis, which means I need different detour Dlls. This also means I need to inject different DLLs. Am I right?
If I am unclear about something I will try to present it more clearly :D
Thanks!
P.S: Just to make my problem more lucid. I need to inject more than 1 dll onto the same process. CreateProcesswithdll() creates a new process with its thread in sleep state. It is woken up after the detours has finished injecting the dll and setting up the hooks. If I want to inject more than one dll I obviously cant repeatedly call CreateProcesswithdll()
so what do i do?? or Is my understanding about some aspect of this wrong?
Calling LoadLibrary() and FreeLibrary() is NOT SAFE from DLLMain(). From TFA:
"The entry-point function should
perform only simple initialization or
termination tasks. It must not call
the LoadLibrary or LoadLibraryEx
function (or a function that calls
these functions), because this may
create dependency loops in the DLL
load order. This can result in a DLL
being used before the system has
executed its initialization code.
Similarly, the entry-point function
must not call the FreeLibrary function
(or a function that calls FreeLibrary)
during process termination, because
this can result in a DLL being used
after the system has executed its
termination code."
EDIT: Apologies - this was meant as a comment for Serge's answer above.
Seems like detourattach and detourdetach will do the trick for me. Thanks everyone!
I found this blog useful!
Obviously you can load any number of DLLs from the first DLL you inject with detours.
EDIT.
When DLL is loaded system runs DllMain of your DLL (with fdwReason==DLL_PROCESS_ATTACH) and then within that function you can do whatever you like, e.g. you can call LoadLibrary to load other DLLs.
ADD:
I totally agree with comments that calling LoadLibrary from DllMain is unsafe. So you can call LoadLibrary (and all the other tricky things) from thread created in DllMain.
What is the difference between the three functions and when to use them??
main() means your program is a console application.
WinMain() means the program is a GUI application -- that is, it displays windows and dialog boxes instead of showing console.
DllMain() means the program is a DLL. A DLL cannot be run directly but is used by the above two kinds of applications.
Therefore:
Use WinMain when you are writing a program that is going to display windows etc.
Use DLLMain when you write a DLL.
Use main in all other cases.
WinMain is used for an application (ending .exe) to indicate the process is starting. It will provide command line arguments for the process and serves as the user code entry point for a process. WinMain (or a different version of main) is also a required function. The OS needs a function to call in order to start a process running.
DllMain is used for a DLL to signify a lot of different scenarios. Most notably, it will be called when
The DLL is loaded into the process: DLL_PROCESS_ATTACH
The DLL is unloaded from the process: DLL_PROCESS_DETACH
A thread is started in the process: DLL_THREAD_ATTACH
A thread is ended in the process: DLL_THREAD_DETACH
DllMain is an optional construct and has a lot of implicit contracts associated with it. For instance, you should not be calling code that will force another DLL to load. In general it's fairly difficult function to get right and should be avoided unless you have a very specific need for it.
[Addendum to your question]
Also don't forget the DllEntryPoint:
When loading time is involved the entry point is DllMain.
(Ex. COM in-process server DLL).
When running time is involved the entry point is DllEntryPoint.
(Ex. LoadLibrary get called).