jal0
December 26th, 2002, 03:20
Hi,
Not sure if this is the right place to post this kind of thing, but the problem is similar to unpacking a dll, so here it goes.
I'm working on trying to port linux to the CASIO BE300 PDA, trying to reverse some of the DLL's which hold hardware device registers and such.
One of the things that makes this hard is that all of the system dlls, are in compressed form on the device and cannot be copied to my host PC (they can only be accessed though the kernel). By compressed, i mean that the file itself is in some proprietary format and compressed. It is also impossible to even open the dll as a binary file. The DLL's, are actually hardware drivers used by the kernel.
I had an idea to manually load the DLL in question, using LoadLibrary() (which hopefully will uncompress it), then dump it's in-memory image to file. I would then transfer this image to the pc where i would manually rebuild it.
In testing, using LoadLibrary() does indeed cause the DLL to be uncompressed and loaded into the current processes address space.
I guess what i am looking for is some sample code, pointers, or howto's on dumping a dll loaded into memory to a file. Then applying the proper fixups to recreate the dll.
Now most of the code that i have found on the seem to be is assembly language and targeted at some particular executable packer. But in my situation, once the DLL has been loaded, no further trickery is needed. Just the dump and fixup's as though it was a normal dll.
Any help in these matters would be greatly appreciated.
Thanks,
Jal0
Not sure if this is the right place to post this kind of thing, but the problem is similar to unpacking a dll, so here it goes.
I'm working on trying to port linux to the CASIO BE300 PDA, trying to reverse some of the DLL's which hold hardware device registers and such.
One of the things that makes this hard is that all of the system dlls, are in compressed form on the device and cannot be copied to my host PC (they can only be accessed though the kernel). By compressed, i mean that the file itself is in some proprietary format and compressed. It is also impossible to even open the dll as a binary file. The DLL's, are actually hardware drivers used by the kernel.
I had an idea to manually load the DLL in question, using LoadLibrary() (which hopefully will uncompress it), then dump it's in-memory image to file. I would then transfer this image to the pc where i would manually rebuild it.
In testing, using LoadLibrary() does indeed cause the DLL to be uncompressed and loaded into the current processes address space.
I guess what i am looking for is some sample code, pointers, or howto's on dumping a dll loaded into memory to a file. Then applying the proper fixups to recreate the dll.
Now most of the code that i have found on the seem to be is assembly language and targeted at some particular executable packer. But in my situation, once the DLL has been loaded, no further trickery is needed. Just the dump and fixup's as though it was a normal dll.
Any help in these matters would be greatly appreciated.
Thanks,
Jal0