DLL without exported functions?

10
votes

I've snooped around a little bit in MS-Office DLLs, and I noticed that some of the DLLs don't have any exported functions. What I don't quite understand, how an application can use these DLLs without any functions exported ?!

I mean, the dllmain() does get executed on LoadLibrary(), but whats the point? Why would anyone create a DLL without exported functions?

thanks! :-)

5
c++dlldllexport
Do they happen to have any embedded resources? Sometimes it's for the embedded icons, images, etc., e.g. C:\Windows\System32\imageres.dll - user541686
@Mehrdad - The DLLs doesn't contain any resources.. @ildjarn - From when I know COM servers must at least export DllRegisterServer() & DllUnregisterServer(), am I right? - TCS
@TCS - no resources whatsoever? I find that very odd. - Mark Ransom
Managed DLLs don't have any exports. They can implement COM servers too, using mscoree.dll as the bootstrapper. Kinda pointless to not mention the DLL name. - Hans Passant
@Hans - its not managed (.Net). Funny thing about microsoft, They tell the whole world to use .Net, but they continue to develop in C++ :-) - TCS

5 Answers

3
votes

One way of dealing with versions of a program destined for different languages is to put all of the resources into a language DLL. The DLL doesn't contain any code, just resources that have been translated to a target language. When the main program starts up, all it needs to do is load the proper language DLL.

3
votes

I haven't looked at the DLLs in question; but it's possible in something like MSOffice Microsoft have done this to obfuscate the DLL to make it more difficult to debug / reverse engineer.

However, as you ask how would you use such a DLL? Well if the application knows the layout of the DLL then it can create a function pointer with the address of a known function and call it.

If you really want to dig further you could objdump the DLL and look for standard C / C++ ABI function prologues & epilogues and possibly work out where the functions start.

2
votes

When you call LoadLibrary the DLL gets call of its DllMain. That is DLL entry point. It is called on process attach and thread attach. So you do have entry point.

As soon as it has at least one entry point then it can create instance of some interface (e.g. factory) an set it in e.g. TLS variables where other modules will pickup them.

So you can can have COM alike system of interfaces that are not exposed outside except to the application. Something like that - many over variations are possible.

2
votes

Resources

The DLL likely has resources, like string tables, images, icons, etc., used by the rest of Office.

1
votes

Always possible that they just don't export them as C interfaces. A DLL isn't magic, it's just bits and bytes, and nothing says that you can't get code out of a DLL if you don't ask Windows for it. I believe that .NET takes this approach- they save metadata in the DLL that tells the CLR what's in it, instead of making .NET functions available by the normal GetProcAddress approach. Unless you explicitly ask for it.