A note about LoadLibrary

[donkey]

I have gotten a couple of emails regarding my debug macros use of LoadLibrary and thought it might do to clarify how Windows handles the LoadLibrary function as there seem to be some misconceptions out there. I've been asked why I use LoadLibrary in some cases multiple times for the same DLL and wouldn't that lead to huge memory requirements. The answer is no, it won't. When LoadLibrary is executed the PE loader searches the process memory to see if the module is already loaded, if it is Windows will return a handle for the loaded module, if it is not found only then does Windows search for and load the DLL. For example the following code:

Code Select Expand

invoke LoadLibrary,offset szntdll
PrintDec(eax)
invoke LoadLibrary,offset szntdll
PrintDec(eax)
invoke LoadLibrary,offset szntdll
PrintDec(eax)
invoke LoadLibrary,offset szntdll
PrintDec(eax)

Yields the following handles for ntdll.dll

Code Select Expand

Line 69: (eax) = 2005860352 (0x778F0000)
Line 71: (eax) = 2005860352 (0x778F0000)
Line 73: (eax) = 2005860352 (0x778F0000)
Line 75: (eax) = 2005860352 (0x778F0000)

So you can safely use LoadLibrary to load the same DLL multiple times without a problem. The reason for its multiple use in my library is that I have no idea when building the library which functions will be used and before I try to get an API address I need to make sure its dll is loaded, in order to do that I explicitly load the dll before getting the address for each function.

[dedndave]

one thing you forgot to mention, Edgar
that is the "reference count"

The system maintains a per-process reference count on all loaded modules.
Calling LoadLibrary increments the reference count. Calling the FreeLibrary
or FreeLibraryAndExitThread function decrements the reference count.
The system unloads a module when its reference count reaches zero or
when the process terminates (regardless of the reference count).

i am sure the reference count does not use a lot of memory - lol
but, it is worth mentioning

[baltoro]

...If you want to get an idea of what is going on behind the scenes when you call LoadLibrary,...this listing of blog entries about the NT DLL Loader, written by one of Microsoft's Windows XP engineers is excellent: How the NT Loader Works (2005)

:eek ...And, just to add some irrelevant data to the discussion,...here are acouple of asinine blog entries from Raymond Chen:
Your Program Loads Libraries by Their Short Name and You Don't Even Realize It (May 2011)
AppInit_DLLs should be renamed Deadlock_Or_Crash_Randomly_DLLs (Dec 2007)

[donkey]

one thing you forgot to mention, Edgar
that is the "reference count"

The system maintains a per-process reference count on all loaded modules.
Calling LoadLibrary increments the reference count. Calling the FreeLibrary
or FreeLibraryAndExitThread function decrements the reference count.
The system unloads a module when its reference count reaches zero or
when the process terminates (regardless of the reference count).

i am sure the reference count does not use a lot of memory - lol
but, it is worth mentioning

Hi Dave, used to mean something in Win16 but hasn't since 32 bit Windows came along. The reference count is set to 0 when you exit anyway so however many you add to it is really a moot point unless you plan to unload the DLL during the run of your program, a situation that is rare in actual practice.