views:

40

answers:

3

Hello All,

Is there a way of dynamically running a DLL at a remote Windows box?

Say a user wants to send a his own DLL file to a remote server and run a function in that DLL at the remote site. The user may be able to provide function entry points as well as required parameters, but no more. (e.g. no header file)

I am thinking of setting up an agent executable at the remote site that can (1) dynamically load and bind a unknown DLL and (2) run a function with parameters. Is this a good a approach, or is such an executable possible?

Any comments/advices are welcomed!

/Taeho

+1  A: 

Yes you could write small program that runs the DLL function using this information and call it remotely using the something like PSEXEC from sysinternals.

PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client softwareto manually install client software

Preet Sangha
+1  A: 

You can use a technique of Dynamically loading your DLL's.

Normally you use a DLL by statically linking a .LIB into your project and compiling it. To load a DLL dynamically at runtime you use the following WIN32 API functions and a few other tricks.

LoadLibaray(); LoadLibarayEx(); GetProcAddress(); FreeLibrary();

There are some other tricks involved

  • You need to declare the dll functions as export'ed.
  • In c++ you need to use extern "C" to prevent name mangling of your functions.
  • FARPROC ... with GetProcAddress

It is all explained in the following wiki article - http://en.wikipedia.org/wiki/Dynamic-link_library

Your idea of installing an executable on the remote machine is a good one. So long as you agree on the function names and parameters with the user. If the dll complies with this then the dll can be changed at any time without requiring you EXE to be changed. Once set up and working it is simple to add extra functions.

Andrew Cash
A: 

Andrew Cash's reply is sound for unmanaged code. The technique he describes around GetProcAddress is essentially what RunDll32.exe does. RunDll32.exe is part of Windows and specializes at loading arbitrary DLLs and executing their code. You can run it like this:

RUNDLL32.EXE [dllfile],[entrypoint] [optional arguments]

When you do this, RunDll32 will call LoadLibrary on the DLL and then GetProcAddress on the entrypoint name you give it. If all that goes well then it calls the entry point function.

For this to actually work the entrypoint function needs to be exported. It must also be declared like this:

void CALLBACK MyEntryPoint(
  HWND hwnd,
  HINSTANCE hinst,
  LPSTR lpszCmdLine,
  int nCmdShow);
Justin R