The idea is to create a single
.exe executable even if it uses dlls by embedding dlls as resources and somehow tricking Windows so that
LoadLibrary loads them from there.
Mark libraries as delay loaded and on startup extract them to a unique directory and add that directory to load library path (so that
LoadLibrary picks it up) or pre-load with
LoadLibrary and absolute path, which should work for delay loaded libs.
Another option is to use e.g. detours library to hook
LoadLibrary call. If the file name matches our library, use custom implementation of LoadLibrary. Or call original LoadLibrary first and only if it fails and name matches, load custom (that way it'll pick up library if it's on disk.
Writing custom LoadLibrary might be hard. Some links:
- http://www.rohitab.com/discuss/topic/39179-loadlibrary-replacement/ : simple implementation of LoadLibrary
- https://web.archive.org/web/20140416033522/http://blogs.msdn.com/b/mgrier/archive/2005/06/18/430402.aspx : how nt loader works
LoadLibrary is implemented with
Hook lower-level library used by LoadLibrary
LoadLibrary might be hard so what if we hooked just lower-level file access. Those seem to be
NtOpenFile and the ones for mapping file into memory like
NtMapViewOfSection. This is also difficult and would have to use undocumented structures.
Chrome has code for intercepting them: https://cs.chromium.org/chromium/src/sandbox/win/src/target_interceptions.cc?q=TargetNtMa&sq=package:chromium&g=0&l=27 (or search for