Click here to Skip to main content
Click here to Skip to main content

Late binding on native DLLs with C#

, 12 Nov 2001
Rate this:
Please Sign up or sign in to vote.
Delaying which DLL export to call until runtime is not possible with C#. This article shows you how to make it possible.
<!-- Download Links --> <!-- Article image -->

Sample Image - DynInvok.gif

Introduction

Consider the situation where the native, Win32 DLL is unknown at compile time. Perhaps its name or location is stored in the Windows Registry, or is selected by the user from a FileOpen dialog. How can we call a function exported from this library, but only resolved at runtime? The prescribed way to call native functions from the CLR is through PInvoke, using the DllImport attribute, but this must be declared at compile time or, at the very least, generated on the fly using Reflection.Emit. This article will show an alternative way which requires the use of a little x86 assembler to meet our goal.

LoadLibrary

Windows provides two ways to load DLLs into the process of an executable. Either, the DLL can be specified in the imports table and the Windows Loader will map the DLL automatically or the LoadLibrary() Win32 API call can be used. These are called implicit linking and explicit linking respectively. Both these types can be seen in action using Dependency Walker available from http://www.dependencywalker.com/. The CLR, Visual BASIC 6 and the /delayload feature of MSVC6 all use explicit linking to call DLL functions.

We can quite happily call LoadLibrary() from C# to load a DLL into our address space. The problem comes when we try to call a function in the DLL. Win32 provides the GetProcAddress() function to return the memory address of a function exported from the given DLL and we can easily obtain this memory address, but we can do nothing with it. It is simply an integer. The CLR provides no way to jump to this location in memory, passing appropriate parameters too.

The CLR does allow us to do the reverse and pass a pointer to a managed function to a DLL using the delegate keyword, but there is no way to specify that a value returned from an unmanaged API call should be treated as a delegate. Perhaps we may see this in .Net version 2, but for now we need to find another way to call the function.

Going low-level

One solution would be to write a small C++ DLL which merely forwards the call on. In other words, the C++ DLL is acting as a proxy for our intended function. The downside is that a new C++ DLL would have to be created every time a different DLL function needs to be called. The proxy function needs the exact number of parameters that the real function takes. Every C# programmer needs to know C++ to be able to do this.

A much better solution is to write a small, reusable DLL in x86 assembly language which can forward function calls to any location. This is trivial to write if we know a bit about how Win32 DLLs are called. All DLLs are called using the stdcall calling convention. This means that parameters are pushed onto the stack beginning at the right-most parameter. Thus, the first in the parameter list will be at the top of the stack. The return address is then placed on the stack and control is transferred to the callee. It is the callee's responsibility to pop all the parameters off the stack and not fiddle with more registers than absolutely necessary.

Consider the following function declaration:

[DllImport("Invoke", CharSet=CharSet.Unicode)]
public extern static int InvokeFunc(int funcptr, int hwnd, 
                                    string message, string title, int flags);
It is implemented in a DLL called Invoke.dll and has the export name InvokeFunc. It also takes five parameters, of which the last four are the exact parameters taken by the MessageBox() function. The first parameter is an address of a function. We will leave the implementation of InvokeFunc for now and look at code which can call this.
int hmod=LoadLibrary("User32");
int funcaddr=GetProcAddress(hmod, "MessageBoxW");
int result=InvokeFunc(funcaddr, 0, "Hello World", 
                      ".Net dynamic export invocation", 1 /*MB_OKCANCEL*/);
Console.WriteLine("Result of invocation is " + result);

FreeLibrary(hmod);
This code loads the DLL into our process space, finds the address of a function we wish to call, then uses our special InvokeFunc() function to call a function through a function pointer.

Screenshot of Dependency Walker watching this taking place

In the screenshot above, notice how GetProcAddress() is being used to find the address of GetProcAddress()! This is because PInvoke uses GetProcAddress to find the address of any function specified by the DllImport attribute.

InvokeFunc Implementation

As we discussed earlier, the stdcall calling conventions places parameters onto the stack in reverse order. Thus, our function pointer will be at the top of the stack because it is first in the parameter list. If we can take this parameter off the stack, then jump to that location in memory, it would be the equivalent of calling that function without the intermediate proxy function.

The following fragment of x86 assembler achieves this

pop ecx		; save return address
pop edx		; Get function pointer
push ecx	; Restore return address
jmp edx		; Transfer control to the function pointer
Because we've used a jmp instruction rather than a call instruction, control will be transferred directly from the called function back to the CLR, passing any return value directly back.

Conclusion

Everything needed to compile and run this code is included with Visual Studio .Net. The x86 DLL built can be reused for calling any function pointer, not just a function with a specific signature and is only 2,560 bytes.

It turns out that if you are not running .Net on Windows XP, there is a DLL with an equivalent proxy function to the one we built. That DLL is msjava.dll, which of course is missing from Windows XP due to the Microsoft-Sun agreement on Java technology. msjava.dll provides an export with the name call() which duplicates this functionality.

License

This article, along with any associated source code and files, is licensed under The BSD License

Share

About the Author

Richard Birkby
Web Developer
United Kingdom United Kingdom
Richard Birkby is a software engineer from London, UK, specializing in .Net. Richard has coded for many different sized companies from small venture-capital funded start-ups, to multi-national corporations (ie Microsoft). When he's not programming, he enjoys driving his sports car or eating curry (although never at the same time!).
 
Richard helps run CurryPages.com and has several other covert ventures in development. Stay tuned!

Comments and Discussions

 
QuestionHow to work on X64? Pinmember4398850681-Oct-13 22:46 
AnswerRe: How to work on X64? Pinmemberahmed zahmed11-Oct-13 0:14 
QuestionLoading unmanaged DLL from memory PinmemberFlyersWeb5-Nov-12 10:19 
AnswerRe: Loading unmanaged DLL from memory PinmemberShawn-USA5-Aug-13 15:11 
SuggestionDynamically calling an unmanaged dll from .NET (C#) PinmemberDamavand2-Mar-12 4:08 
Dynamically calling an unmanaged dll from .NET (C#) by JonathanSwift
 
This sample is in response to a question left on my previous post, namely how to call an unmanaged dll from managed code when the dll in question isn't known until runtime (for instance, the path is stored in the registry, or an xml file, etc etc).
 
Apologies if this sample seems a little hurried, but I have another presentation to write and so time is short!
 
So let's begin.
 
To start and to refresh our memories, let's create a very basic C++ dll that does very little..... your code should resemble the following (check out my previous post for more info on this):
 
Header file
extern "C" __declspec(dllexport) int MultiplyByTen(int numberToMultiply);
 
Source code file
#include "DynamicDLLToCall.h"

int MultiplyByTen(int numberToMultiply)
{
        int returnValue = numberToMultiply * 10;
        return returnValue;
} 
As you can probably infer from the function name, an int is passed into this function and it will return the number passed in multiplied by ten. Told you it would be simple.
 
Now comes the more interesting part, actually calling this dll dynamically from your C# source code. There are two Win32 functions that are going to help us do this:
 
1) LoadLibrary - returns a handle to the dll in question
2) GetProcAddress - obtain the address of an exported function within the previously loaded dll
 
The rest is rather simple. We use LoadLibrary and GetProcAddress to get the address of the function within the dll we want to call, and then we use the GetDelegateForFunctionPointer static method within the Marshal class to assign this address to a C# delegate that we define. Take a look at the following C# code:
 
static class NativeMethods
{
        [DllImport("kernel32.dll")]
        public static extern IntPtr LoadLibrary(string dllToLoad);
 
        [DllImport("kernel32.dll")]
        public static extern IntPtr GetProcAddress(IntPtr hModule, string procedureName);
 

        [DllImport("kernel32.dll")]
        public static extern bool FreeLibrary(IntPtr hModule);
}
 
class Program
{
        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate int MultiplyByTen(int numberToMultiply);
 
        static void Main(string[] args)
        {
                IntPtr pDll = NativeMethods.LoadLibrary(@"PathToYourDll.DLL");
                //oh dear, error handling here
                //if (pDll == IntPtr.Zero)

                IntPtr pAddressOfFunctionToCall = NativeMethods.GetProcAddress(pDll, "MultiplyByTen");
                //oh dear, error handling here
                //if(pAddressOfFunctionToCall == IntPtr.Zero)

                MultiplyByTen multiplyByTen = (MultiplyByTen)Marshal.GetDelegateForFunctionPointer(
                                                                                        pAddressOfFunctionToCall,
                                                                                        typeof(MultiplyByTen));
 
                int theResult = multiplyByTen(10);
 
                bool result = NativeMethods.FreeLibrary(pDll);
                //remaining code here

                Console.WriteLine(theResult);
        }
} 
 
The only item worthy of note is the UnmanagedFunctionPointer attribute, which was introduced to version 2.0 of the .NET framework, check out the docs online for more information.
 
Hope this helps.
GeneralRe: Dynamically calling an unmanaged dll from .NET (C#) PinmemberRichard Birkby2-Mar-12 6:09 
QuestionI had to change the makefile a bit to path to Csc.exe Pinmemberdcarl66117-Aug-11 6:19 
GeneralLoading User dlls PinmemberDebojyoti Majumder14-Jan-11 1:46 
QuestionCreate invoke.dll on 64-bit machines PinmemberAlexander Pikus3-Oct-10 3:58 
AnswerRe: Create invoke.dll on 64-bit machines Pinmember4398850681-Oct-13 13:47 
GeneralDon't do this any more PinmemberMoxxis7-Jun-10 8:42 
Questionwithout asm? PinmemberUnruled Boy18-Dec-09 1:59 
GeneralEasy way (.Net Marshaling) PinmemberJonyRocketCZ25-Nov-09 3:42 
GeneralRe: Easy way (.Net Marshaling) PinmemberRichard Birkby25-Nov-09 3:49 
GeneralRe: Easy way (.Net Marshaling) PinmemberUnruled Boy18-Dec-09 1:58 
Questioncall fun when not add references Pinmemberhuuchau8419-Mar-09 19:07 
AnswerExcellent article Pinmemberdefconhaya7-Mar-09 4:03 
GeneralRe: Excellent article Pinmember4398850681-Oct-13 13:49 
GeneralDynamicly load a DLL functions PinmemberMember 453941111-Feb-09 6:41 
QuestionLINK: error LNK2001: unresolved external symbol _DLLMain Pinmembernate alwine12-Nov-08 11:33 
QuestionDLLImport Pinmembergclopes18-Sep-08 7:24 
QuestionHow to compile code written in assembler language? PinmemberMember 6628769-Jul-08 22:19 
GeneralIs it possible to elevate this process for Vista Pinmemberyincekara11-Jun-08 6:12 
GeneralCompile time linking of dll Pinmemberharsh290414-Apr-08 22:31 
GeneralRe: Compile time linking of dll PinmemberMike_Silver_A2-Oct-08 0:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140821.2 | Last Updated 13 Nov 2001
Article Copyright 2001 by Richard Birkby
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid