Dynamic-link library (DLL) is
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
's implementation of the
shared library
In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, pre-written code and subr ...
concept in the
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
and
OS/2
OS/2 (Operating System/2) is a series of computer operating systems, initially created by Microsoft and IBM under the leadership of IBM software designer Ed Iacobucci. As a result of a feud between the two companies over how to position OS/2 ...
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
s. These libraries usually have the
file extension
A filename extension, file name extension or file extension is a suffix to the name of a computer file (e.g., .txt, .docx, .md). The extension indicates a characteristic of the file contents or its intended use. A filename extension is typically d ...
DLL
,
OCX
(for libraries containing
ActiveX
ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...
controls), or
DRV
(for legacy
system drivers).
The file formats for DLLs are the same as for Windows
EXE
Exe or EXE may refer to:
* .exe, a file extension
* exe., abbreviation for executive
Places
* River Exe, in England
* Exe Estuary, in England
* Exe Island, in Exeter, England
Transportation and vehicles
* Exe (locomotive), a British locomotive
...
files – that is,
Portable Executable
The Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary fo ...
(PE) for
32-bit
In computer architecture, 32-bit computing refers to computer systems with a processor, memory, and other major system components that operate on data in 32-bit units. Compared to smaller bit widths, 32-bit computers can perform large calculation ...
and
64-bit
In computer architecture, 64-bit Integer (computer science), integers, memory addresses, or other Data (computing), data units are those that are 64 bits wide. Also, 64-bit central processing unit, CPUs and arithmetic logic unit, ALUs are those ...
Windows, and
New Executable
The New Executable (abbreviated NE or NewEXE) is a 16-bit .exe file format, a successor to the DOS MZ executable format. It was used in Windows 1.0–3.x, Windows 9x, multitasking MS-DOS 4.0, OS/2 1.x, and the OS/2 subset of Windows NT up to ver ...
(NE) for
16-bit
16-bit microcomputers are microcomputers that use 16-bit microprocessors.
A 16-bit register can store 216 different values. The range of integer values that can be stored in 16 bits depends on the integer representation used. With the two mos ...
Windows. As with EXEs, DLLs can contain
code
In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communication ...
,
data
In the pursuit of knowledge, data (; ) is a collection of discrete values that convey information, describing quantity, quality, fact, statistics, other basic units of meaning, or simply sequences of symbols that may be further interpreted ...
, and
resources
Resource refers to all the materials available in our environment which are technologically accessible, economically feasible and culturally sustainable and help us to satisfy our needs and wants. Resources can broadly be classified upon their a ...
, in any combination.
Data
files with the same
file format
A file format is a standard way that information is encoded for storage in a computer file. It specifies how bits are used to encode information in a digital storage medium. File formats may be either proprietary or free.
Some file formats ...
as a DLL, but with different file extensions and possibly containing only resource sections, can be called ''resource DLLs''. Examples of such DLLs include ''
icon
An icon () is a religious work of art, most commonly a painting, in the cultures of the Eastern Orthodox, Oriental Orthodox, and Catholic churches. They are not simply artworks; "an icon is a sacred image used in religious devotion". The most ...
libraries'', sometimes having the extension
ICL
, and
font
In metal typesetting, a font is a particular size, weight and style of a typeface. Each font is a matched set of type, with a piece (a "sort") for each glyph. A typeface consists of a range of such fonts that shared an overall design.
In mod ...
files, having the extensions
FON
and
FOT
.
Background
The first versions of
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
ran programs together in a single
address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.
For software programs to save and retrieve st ...
. Every program was meant to co-operate by yielding the CPU to other programs so that the
graphical user interface
The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
(GUI) could multitask and be maximally responsive. All operating-system level operations were provided by the underlying operating system:
MS-DOS
MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few ope ...
. All higher-level services were provided by Windows Libraries "Dynamic Link Library". The Drawing
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standa ...
,
Graphics Device Interface
The Graphics Device Interface (GDI) is a legacy component of Microsoft Windows responsible for representing graphical objects and transmitting them to output devices such as monitors and printers. Windows apps use Windows API to interact with GDI ...
(GDI), was implemented in a DLL called
GDI.EXE
, the user interface in
USER.EXE
. These extra layers on top of DOS had to be shared across all running Windows programs, not just to enable Windows to work in a machine with less than a megabyte of RAM, but to enable the programs to co-operate with each other. The code in GDI needed to translate drawing commands to operations on specific devices. On the display, it had to manipulate pixels in the frame buffer. When drawing to a printer, the API calls had to be transformed into requests to a printer. Although it could have been possible to provide hard-coded support for a limited set of devices (like the
Color Graphics Adapter
The Color Graphics Adapter (CGA), originally also called the ''Color/Graphics Adapter'' or ''IBM Color/Graphics Monitor Adapter'', introduced in 1981, was IBM's first color graphics card for the IBM PC and established a de facto computer display ...
display, the HP LaserJet
Printer Command Language
Printer Command Language, more commonly referred to as PCL, is a page description language (PDL) developed by Hewlett-Packard as a printer protocol and has become a ''de facto'' industry standard. Originally developed for early inkjet printers ...
), Microsoft chose a different approach. GDI would work by loading different pieces of code, called "
device driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s", to work with different output devices.
The same architectural concept that allowed GDI to load different device drivers is that which allowed the
Windows shell
The Windows shell is the graphical user interface for the Microsoft Windows operating system. Its readily identifiable elements consist of the desktop, the taskbar, the Start menu, the task switcher and the AutoPlay feature. On some versions of W ...
to load different Windows programs, and for these programs to invoke API calls from the shared USER and GDI libraries. That concept was "dynamic linking".
In a conventional non-shared
static library
In computer science, a static library or statically-linked library is a set of routines, external functions and variables which are resolved in a caller at compile-time and copied into a target application by a compiler, linker, or binder, produci ...
, sections of code are simply added to the calling program when its executable is built at the "linking" phase; if two programs call the same routine, the routine is included in both the programs during the linking stage of the two. With dynamic linking, shared code is placed into a single, separate file. The programs that call this file are connected to it at run time, with the operating system (or, in the case of early versions of Windows, the OS-extension), performing the binding.
For those early versions of Windows (1.0 to 3.11), the DLLs were the foundation for the entire GUI. As such, display drivers were merely DLLs with a .DRV extension that provided custom implementations of the same drawing API through a unified
device driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
interface (DDI), and the Drawing (GDI) and GUI (USER) APIs were merely the function calls exported by the GDI and USER, system DLLs with .EXE extension.
This notion of building up the operating system from a collection of dynamically loaded libraries is a core concept of Windows that persists .
DLLs provide the standard benefits of
shared libraries
In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, pre-written code and subr ...
, such as
modularity
Broadly speaking, modularity is the degree to which a system's components may be separated and recombined, often with the benefit of flexibility and variety in use. The concept of modularity is used primarily to reduce complexity by breaking a sy ...
. Modularity allows changes to be made to code and data in a single self-contained DLL shared by several applications without any change to the applications themselves.
Another benefit of modularity is the use of generic interfaces for plug-ins. A single interface may be developed which allows old as well as new modules to be integrated seamlessly at run-time into pre-existing applications, without any modification to the application itself. This concept of dynamic extensibility is taken to the extreme with the
Component Object Model, the underpinnings of
ActiveX
ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. ...
.
In Windows 1.x, 2.x and 3.x, all Windows applications shared the same address space as well as the same memory. A DLL was only loaded once into this address space; from then on, all programs using the library accessed it. The library's data was shared across all the programs. This could be used as an indirect form of
inter-process communication
In computer science, inter-process communication or interprocess communication (IPC) refers specifically to the mechanisms an operating system provides to allow the processes to manage shared data. Typically, applications can use IPC, categori ...
, or it could accidentally corrupt the different programs. With the introduction of
32-bit
In computer architecture, 32-bit computing refers to computer systems with a processor, memory, and other major system components that operate on data in 32-bit units. Compared to smaller bit widths, 32-bit computers can perform large calculation ...
libraries in
Windows 95
Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturin ...
, every process ran in its own address space. While the DLL code may be shared, the data is private except where shared data is explicitly requested by the library. That said, large swathes of
Windows 95
Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturin ...
,
Windows 98
Windows 98 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. The second operating system in the 9x line, it is the successor to Windows 95, and was released to ...
and
Windows Me
Windows Millennium Edition, or Windows Me (marketed with the pronunciation of the pronoun "me"), is an operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. It is the successor to Windo ...
were built from 16-bit libraries, which limited the performance of the
Pentium Pro
The Pentium Pro is a sixth-generation x86 microprocessor developed and manufactured by Intel and introduced on November 1, 1995. It introduced the P6 microarchitecture (sometimes termed i686) and was originally intended to replace the original P ...
microprocessor when launched, and ultimately limited the stability and scalability of the DOS-based versions of Windows.
Although DLLs are the core of the Windows architecture, they have several drawbacks, collectively called "
DLL hell In computing, DLL Hell is a term for the complications that arise when one works with dynamic-link libraries (DLLs) used with Microsoft Windows operating systems, particularly legacy 16-bit editions, which all run in a single memory space.
DLL Hel ...
".
[
]
Microsoft promotes
.NET Framework
The .NET Framework (pronounced as "''dot net"'') is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until bein ...
as one solution to the problems of DLL hell, although they now promote virtualization-based solutions such as
Microsoft Virtual PC
Windows Virtual PC (successor to Microsoft Virtual PC 2007, Microsoft Virtual PC 2004, and Connectix Virtual PC) is a virtualization program for Microsoft Windows. In July 2006, Microsoft released the Windows version free of charge. In August ...
and
Microsoft Application Virtualization
Microsoft Application Virtualization (also known as App-V; formerly Softricity SoftGrid) is an application virtualization and application streaming solution from Microsoft. It was originally developed by Softricity, a company based in Boston, Mas ...
, because they offer superior isolation between applications. An alternative mitigating solution to DLL hell has been to implement
side-by-side assembly
Side-by-side assembly (SxS, or WinSxS on Microsoft Windows) technology is a standard for executable files in Windows 98 Second Edition, Windows 2000, and later versions of Windows that attempts to alleviate problems (collectively known as "DLL ...
.
Features
Since DLLs are essentially the same as EXEs, the choice of which to produce as part of the linking process is for clarity, since it is possible to export functions and data from either.
It is not possible to directly execute a DLL, since it requires an EXE for the operating system to load it through an
entry point
In computer programming, an entry point is the place in a program where the execution of a program begins, and where the program has access to command line arguments.
To start a program's execution, the loader or operating system passes contro ...
, hence the existence of utilities like RUNDLL.EXE or RUNDLL32.EXE which provide the entry point and minimal framework for DLLs that contain enough functionality to execute without much support.
DLLs provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled. From the application development point of view, Windows and OS/2 can be thought of as a collection of DLLs that are upgraded, allowing applications for one version of the OS to work in a later one, provided that the OS vendor has ensured that the interfaces and functionality are compatible.
DLLs execute in the memory space of the calling process and with the same access permissions, which means there is little overhead in their use, but also that there is no protection for the calling program if the DLL has any sort of bug.
Memory management
In
Windows API
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations th ...
, DLL files are organized into ''
sections
Section, Sectioning or Sectioned may refer to:
Arts, entertainment and media
* Section (music), a complete, but not independent, musical idea
* Section (typography), a subdivision, especially of a chapter, in books and documents
** Section sig ...
''. Each section has its own set of attributes, such as being writable or read-only, executable (for code) or non-executable (for data), and so on.
The code in a DLL is usually shared among all the processes that use the DLL; that is, they occupy a single place in physical memory, and do not take up space in the
page file
In computer operating systems, memory paging is a memory management scheme by which a computer stores and retrieves data from secondary storage for use in main memory. In this scheme, the operating system retrieves data from secondary storag ...
. Windows does not use
position-independent code
In computing, position-independent code (PIC) or position-independent executable (PIE) is a body of machine code that, being placed somewhere in the primary memory, executes properly regardless of its absolute address. PIC is commonly used for ...
for its DLLs; instead, the code undergoes
relocation as it is loaded, fixing addresses for all its entry points at locations which are free in the memory space of the first process to load the DLL. In older versions of Windows, in which all running processes occupied a single common address space, a single copy of the DLL's code would always be sufficient for all the processes. However, in newer versions of Windows which use separate address spaces for each program, it is only possible to use the same relocated copy of the DLL in multiple programs if each program has the same virtual addresses free to accommodate the DLL's code. If some programs (or their combination of already-loaded DLLs) do not have those addresses free, then an additional physical copy of the DLL's code will need to be created, using a different set of relocated entry points. If the physical memory occupied by a code section is to be reclaimed, its contents are discarded, and later reloaded directly from the DLL file as necessary.
In contrast to code sections, the data sections of a DLL are usually private; that is, each process using the DLL has its own copy of all the DLL's data. Optionally, data sections can be made shared, allowing
inter-process communication
In computer science, inter-process communication or interprocess communication (IPC) refers specifically to the mechanisms an operating system provides to allow the processes to manage shared data. Typically, applications can use IPC, categori ...
via this shared memory area. However, because user restrictions do not apply to the use of shared DLL memory, this creates a
security hole
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
; namely, one process can corrupt the shared data, which will likely cause all other sharing processes to behave undesirably. For example, a process running under a guest account can in this way corrupt another process running under a privileged account. This is an important reason to avoid the use of shared sections in DLLs.
If a DLL is compressed by certain
executable packers (e.g.
UPX), all of its code sections are marked as read and write, and will be unshared. Read-and-write code sections, much like private data sections, are private to each process. Thus DLLs with shared data sections should not be compressed if they are intended to be used simultaneously by multiple programs, since each program instance would have to carry its own copy of the DLL, resulting in increased memory consumption.
Import libraries
Like static libraries, import libraries for DLLs are noted by the
.lib
file extension. For example,
kernel32.dll
The Microsoft Windows operating system supports a form of shared libraries known as "dynamic-link libraries", which are code libraries that can be used by multiple processes while only one copy is loaded into memory. This article provides an ove ...
, the primary dynamic library for Windows's base functions such as file creation and memory management, is linked via
kernel32.lib
. The usual way to tell an import library from a proper static library is by size: the import library is much smaller as it only contains symbols referring to the actual DLL, to be processed at link-time. Both nevertheless are Unix
ar format files.
Linking to dynamic libraries is usually handled by linking to an import library when building or linking to create an executable file. The created executable then contains an import address table (IAT) by which all DLL function calls are referenced (each referenced DLL function contains its own entry in the IAT). At run-time, the IAT is filled with appropriate addresses that point directly to a function in the separately loaded DLL.
In Cygwin/MSYS and MinGW, import libraries are conventionally given the suffix
.dll.a
, combining both the Windows DLL suffix and the Unix ar suffix. The file format is similar, but the symbols used to mark the imports are different (
_head_foo_dll
vs
__IMPORT_DESCRIPTOR_foo
). Although its
GNU Binutils
The GNU Binary Utilities, or , are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code.
Tools
They were originally written by programmers at Cygnus Solutions.
...
toolchain can generate import libraries and link to them, it is faster to link to the DLL directly. An experimental tool in MinGW called genlib can be used to generate import libs with MSVC-style symbols.
Symbol resolution and binding
Each function exported by a DLL is identified by a numeric ordinal and optionally a name. Likewise, functions can be imported from a DLL either by ordinal or by name. The ordinal represents the position of the function's address pointer in the DLL Export Address table. It is common for internal functions to be exported by ordinal only. For most Windows API functions only the names are preserved across different Windows releases; the ordinals are subject to change. Thus, one cannot reliably import Windows API functions by their ordinals.
Importing functions by ordinal provides only slightly better performance than importing them by name: export tables of DLLs are ordered by name, so a
binary search
In computer science, binary search, also known as half-interval search, logarithmic search, or binary chop, is a search algorithm that finds the position of a target value within a sorted array. Binary search compares the target value to the m ...
can be used to find a function. The index of the found name is then used to look up the ordinal in the Export Ordinal table. In 16-bit Windows, the name table was not sorted, so the name lookup overhead was much more noticeable.
It is also possible to ''bind'' an executable to a specific version of a DLL, that is, to resolve the addresses of imported functions at compile-time. For bound imports, the
linker
Linker or linkers may refer to:
Computing
* Linker (computing), a computer program that takes one or more object files generated by a compiler or generated by an assembler and links them with libraries, generating an executable program or shar ...
saves the timestamp and checksum of the DLL to which the import is bound. At run-time, Windows checks to see if the same version of library is being used, and if so, Windows bypasses processing the imports. Otherwise, if the library is different from the one which was bound to, Windows processes the imports in a normal way.
Bound executables load somewhat faster if they are run in the same environment that they were compiled for, and exactly the same time if they are run in a different environment, so there is no drawback for binding the imports. For example, all the standard Windows applications are bound to the system DLLs of their respective Windows release. A good opportunity to bind an application's imports to its target environment is during the application's installation. This keeps the libraries "bound" until the next OS update. It does, however, change the checksum of the executable, so it is not something that can be done with signed programs, or programs that are managed by a configuration management tool that uses checksums (such as
MD5 checksums) to manage file versions. As more recent Windows versions have moved away from having fixed addresses for every loaded library (for security reasons), the opportunity and value of binding an executable is decreasing.
Explicit run-time linking
DLL files may be explicitly loaded at run-time, a process referred to simply as ''run-time dynamic linking'' by Microsoft, by using the
LoadLibrary
(or
LoadLibraryEx
) API function. The
GetProcAddress
API function is used to look up exported symbols by name, and
FreeLibrary
– to unload the DLL. These functions are analogous to
dlopen
,
dlsym
, and
dlclose
in the
POSIX
The Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines both the system- and user-level application programming interf ...
standard API.
The procedure for explicit run-time linking is the same in any language that supports
pointers to functions, since it depends on the
Windows API
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations th ...
rather than language constructs.
Delayed loading
Normally, an application that is linked against a DLL’s import library will fail to start if the DLL cannot be found, because Windows will not run the application unless it can find all of the DLLs that the application may need. However an application may be linked against an import library to allow delayed loading of the dynamic library.
In this case, the operating system will not try to find or load the DLL when the application starts; instead, a stub is included in the application by the linker which will try to find and load the DLL through
LoadLibrary
and
GetProcAddress
when one of its functions is called. If the DLL cannot be found or loaded, or the called function does not exist, the application will generate an
exception, which may be caught and handled appropriately. If the application does not handle the exception, it will be caught by the operating system, which will terminate the program with an error message.
The delayed loading mechanism also provides notification
hooks, allowing the application to perform additional processing or
error handling
In computing and computer programming, exception handling is the process of responding to the occurrence of ''exceptions'' – anomalous or exceptional conditions requiring special processing – during the execution of a program. In general, an ...
when the DLL is loaded and/or any DLL function is called.
Compiler and language considerations
Delphi
In a source file, the keyword
library
is used instead of
program
. At the end of the file, the functions to be exported are listed in
exports
clause.
Delphi
Delphi (; ), in legend previously called Pytho (Πυθώ), in ancient times was a sacred precinct that served as the seat of Pythia, the major oracle who was consulted about important decisions throughout the ancient classical world. The oracle ...
does not need
LIB
files to import functions from DLLs; to link to a DLL, the
external
keyword is used in the function declaration to signal the DLL name, followed by
name
to name the symbol (if different) or
index
to identify the index.
Microsoft Visual Basic
In
Visual Basic Visual Basic is a name for a family of programming languages from Microsoft. It may refer to:
* Visual Basic .NET (now simply referred to as "Visual Basic"), the current version of Visual Basic launched in 2002 which runs on .NET
* Visual Basic (cl ...
(VB), only run-time linking is supported; but in addition to using
LoadLibrary
and
GetProcAddress
API functions, ''declarations'' of imported functions are allowed.
When importing DLL functions through declarations, VB will generate a run-time error if the
DLL
file cannot be found. The developer can catch the error and handle it appropriately.
When creating DLLs in VB, the IDE will only allow creation of ActiveX DLLs, however methods have been created to allow the user to explicitly tell the linker to include a .DEF file which defines the ordinal position and name of each exported function. This allows the user to create a standard Windows DLL using Visual Basic (Version 6 or lower) which can be referenced through a "Declare" statement.
C and C++
Microsoft
Visual C++
Microsoft Visual C++ (MSVC) is a compiler for the C, C++ and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available in both tria ...
(MSVC) provides several extensions to standard
C++
C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
which allow functions to be specified as imported or exported directly in the C++ code; these have been adopted by other Windows
C and C++ compilers, including Windows versions of
GCC. These extensions use the attribute
__declspec
before a function declaration. Note that when C functions are accessed from C++, they must also be declared as
extern "C"
in C++ code, to inform the compiler that the C linkage should be used.
Besides specifying imported or exported functions using
__declspec
attributes, they may be listed in IMPORT or EXPORTS section of the
DEF
file used by the project. The
DEF
file is processed by the linker, rather than the compiler, and thus it is not specific to C++.
DLL compilation will produce both
DLL
and
LIB
files. The
LIB
file (import library) is used to link against a DLL at compile-time; it is not necessary for run-time linking. Unless the DLL is a
Component Object Model (COM) server, the
DLL
file must be placed in one of the directories listed in the PATH environment variable, in the default system directory, or in the same directory as the program using it. COM server DLLs are registered using regsvr32.exe, which places the DLL's location and its globally unique ID (
GUID
A universally unique identifier (UUID) is a 128-bit label used for information in computer systems. The term globally unique identifier (GUID) is also used.
When generated according to the standard methods, UUIDs are, for practical purposes, uni ...
) in the registry. Programs can then use the DLL by looking up its GUID in the
registry Registry may refer to:
Computing
* Container registry, an operating-system-level virtualization registry
* Domain name registry, a database of top-level internet domain names
* Local Internet registry
* Metadata registry, information system for re ...
to find its location or create an instance of the COM object indirectly using its class identifier and interface identifier.
Programming examples
Using DLL imports
The following examples show how to use language-specific bindings to import symbols for linking against a DLL at compile-time.
Delphi
program Example;
// import function that adds two numbers
function AddNumbers(a, b : Double): Double; StdCall; external 'Example.dll';
// main program
var
R: Double;
begin
R := AddNumbers(1, 2);
Writeln('The result was: ', R);
end.
C
Example.lib file must be included (assuming that Example.dll is generated) in the project (Add Existing Item option for Project!) before static linking. The file Example.lib is automatically generated by the compiler when compiling the DLL. Not executing the above statement would cause
linking error as the linker would not know where to find the definition of AddNumbers. The DLL Example.dll may also have to be copied to the location where the .exe file would be generated by the following code.
#include
#include
// Import function that adds two numbers
extern "C" __declspec(dllimport) double AddNumbers(double a, double b);
int main(int argc, char *argv[])
Using explicit run-time linking
The following examples show how to use the run-time loading and linking facilities using language-specific Windows API bindings.
Note that all of the four samples are vulnerable to
DLL preloading attacks, since example.dll can be resolved to a place unintended by the author (the current working directory goes ''before'' system library locations), and thus to a malicious version of the library. See the reference for Microsoft's guidance on safe library loading: one should use in to remove the current-directory lookup before any libraries are loaded.
Microsoft Visual Basic
Option Explicit
Declare Function AddNumbers Lib "Example.dll" _
(ByVal a As Double, ByVal b As Double) As Double
Sub Main()
Dim Result As Double
Result = AddNumbers(1, 2)
Debug.Print "The result was: " & Result
End Sub
Delphi
program Example;
uses Windows;
var
AddNumbers:function (a, b: integer): Double; StdCall;
LibHandle:HMODULE;
begin
LibHandle := LoadLibrary('example.dll');
if LibHandle <> 0 then
AddNumbers := GetProcAddress(LibHandle, 'AddNumbers');
if Assigned(AddNumbers) then
Writeln( '1 + 2 = ', AddNumbers( 1, 2 ) );
Readln;
end.
C
#include
#include
// DLL function signature
typedef double (*importFunction)(double, double);
int main(int argc, char **argv)
Python
The Python ctypes binding will use POSIX API on POSIX systems.
import ctypes
my_dll = ctypes.cdll.LoadLibrary("Example.dll")
# The following "restype" method specification is needed to make
# Python understand what type is returned by the function.
my_dll.AddNumbers.restype = ctypes.c_double
p = my_dll.AddNumbers(ctypes.c_double(1.0), ctypes.c_double(2.0))
print("The result was:", p)
Component Object Model
The
Component Object Model (COM) defines a binary standard to host the implementation of
objects
Object may refer to:
General meanings
* Object (philosophy), a thing, being, or concept
** Object (abstract), an object which does not exist at any particular time or place
** Physical object, an identifiable collection of matter
* Goal, an ...
in DLL and EXE files. It provides mechanisms to locate and version those files as well as a language-independent and machine-readable description of the interface. Hosting COM objects in a DLL is more lightweight and allows them to share resources with the client process. This allows COM objects to implement powerful back-ends to simple GUI front ends such as Visual Basic and ASP. They can also be programmed from scripting languages.
DLL hijacking
Due to a
vulnerability
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally."
A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
commonly known as DLL hijacking, DLL spoofing, DLL preloading or binary planting, many programs will load and execute a malicious DLL contained in the same folder as a data file opened by these programs. The vulnerability was discovered by Georgi Guninski in 2000.
In August 2010 it gained worldwide publicity after ACROS Security rediscovered it again and many hundreds of programs were found vulnerable.
Programs that are run from unsafe locations, i.e. user-writable folders like the ''Downloads'' or the ''Temp'' directory, are almost always susceptible to this vulnerability.
See also
*
Dependency Walker, a utility which displays exported and imported functions of DLL and EXE files
*
Dynamic library
In computing, a dynamic linker is the part of an operating system that loads and links the shared libraries needed by an executable when it is executed (at "run time"), by copying the content of libraries from persistent storage to RAM, filling ...
*
Library (computing)
In computer science, a library is a collection of non-volatile memory, non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, Code r ...
*
Linker (computing)
In computing, a linker or link editor is a computer system program that takes one or more object files (generated by a compiler or an assembler) and combines them into a single executable file, library file, or another "object" file.
A simpler ...
*
Loader (computing)
In computer systems a loader is the part of an operating system that is responsible for loading programs and libraries. It is one of the essential stages in the process of starting a program, as it places programs into memory and prepares them ...
*
Moricons.dll {{Refimprove, date=November 2023
Moricons.dll is a dynamic-link library file containing icons.
The file was first distributed with Windows 3.0 and contained the icons for launching many popular DOS applications of the time, such as WordPerfect a ...
*
Object file
An object file is a computer file containing object code, that is, machine code output of an assembler or compiler. The object code is usually relocatable, and not usually directly executable. There are various formats for object files, and the ...
*
Shared library
In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, pre-written code and subr ...
*
Static library
In computer science, a static library or statically-linked library is a set of routines, external functions and variables which are resolved in a caller at compile-time and copied into a target application by a compiler, linker, or binder, produci ...
*
DLL Hell In computing, DLL Hell is a term for the complications that arise when one works with dynamic-link libraries (DLLs) used with Microsoft Windows operating systems, particularly legacy 16-bit editions, which all run in a single memory space.
DLL Hel ...
References
* Hart, Johnson. ''Windows System Programming Third Edition''. Addison-Wesley, 2005. .
* Rector, Brent et al. ''Win32 Programming''. Addison-Wesley Developers Press, 1997. .
External links
dllexport, dllimporton MSDN
Dynamic-Link Librarieson MSDN
Dynamic-Link Library Securityon MSDN
Dynamic-Link Library Search Orderon MSDN
Microsoft Security Advisory: Insecure library loading could allow remote code executionWhat is a DLL?on Microsoft support site
Dynamic-Link Library Functionson MSDN
Microsoft Portable Executable and Common Object File Format SpecificationMicrosoft specification for dll filesMS09-014: Addressing the Safari Carpet Bomb vulnerabilityMore information about the DLL Preloading remote attack vectorAn update on the DLL-preloading remote attack vectorLoad Library Safely
{{DEFAULTSORT:Dynamic-Link Library
Computer file formats
Computer libraries
Windows administration
Articles with example C code