|
|
Dynamic Link Library (DLL)
Dynamic link library or DLL, is Microsoft's
implementation of the shared library concept in the Microsoft Windows
and OS/2 operating systems. These libraries usually have the file
extension DLL, OCX (for libraries containing ActiveX controls), or DRV
(for legacy system drivers). The file formats for DLLs are the same as
for Windows EXE files that is, Portable Executable (PE) for 32-bit and
64-bit Windows, and New Executable (NE) for 16-bit Windows. As with
EXEs,
DLLs can contain code, data, and resources, in any combination. |
| |
|
|
|
|
|
In the broader sense of
the term, any data file with the same file format can be called a
resource DLL. Examples of such DLLs include icon libraries, sometimes
having the extension ICL, and font files, having the extensions FON and
FOT.
In Win32, the DLL files are organized into sections. Each section has
its own set of attributes, such as being writable or read-only,
executable (for code) or non-executable (for data), and so on.
The code in a DLL is usually shared among all the processes that use the
DLL; that is, they occupy a single place in physical memory, and do not
take up space in the page file. If the physical memory occupied by a
code section is to be reclaimed, its contents are discarded, and later
reloaded directly from the DLL file as necessary.
|
|
|
|
In contrast to code sections,
the data sections of a DLL are usually private; that is, each process using
the DLL has its own copy of all the DLL's data. Optionally, data sections
can be made shared, allowing inter-process communication via this shared
memory area. However, because user restrictions do not apply to the use of
shared DLL memory, this creates a security hole; namely, one process can
corrupt the shared data, which will likely cause all other sharing processes
to behave undesirably. For example, a process running under a guest account
can in this way corrupt another process running under a privileged account.
This is an important reason to avoid the use of shared sections in DLLs.
If a DLL is compressed by certain executable packers (e.g. UPX), all of its
code sections are marked as read-and-write, and will be unshared.
Read-and-write code sections, much like private data sections, are private
to each process. Thus DLLs with shared data sections should not be
compressed if they are intended to be used simultaneously by multiple
programs, since each program instance would have to carry its own copy of
the DLL, resulting in increased memory consumption. |
|
|
