Misplaced Pages

Platform Invocation Services

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Platform Invocation Services , commonly referred to as P/Invoke , is a feature of Common Language Infrastructure implementations, like Microsoft 's Common Language Runtime , that enables managed code to call native code .

#530469

65-406: Managed code, such as C# or VB.NET, provides native access to classes, methods, and types defined within the libraries that make up the .NET Framework. While the .NET Framework provides an extensive set of functionality, it may lack access to many lower level operating system libraries normally written in unmanaged code or third party libraries also written in unmanaged code. P/Invoke is the technique

130-473: A binary search can be used to find a function. The index of the found name is then used to look up the ordinal in the Export Ordinal table. In 16-bit Windows, the name table was not sorted, so the name lookup overhead was much more noticeable. It is also possible to bind an executable to a specific version of a DLL, that is, to resolve the addresses of imported functions at compile-time. For bound imports,

195-529: A .DRV extension that provided custom implementations of the same drawing API through a unified device driver interface (DDI), and the Drawing (GDI) and GUI (USER) APIs were merely the function calls exported by the GDI and USER, system DLLs with .EXE extension. This notion of building up the operating system from a collection of dynamically loaded libraries is a core concept of Windows that persists as of 2015 . DLLs provide

260-486: A DLL at compile-time. Delphi C 'Example.lib' file must be included (assuming that Example.dll is generated) in the project before static linking. The file 'Example.lib' is automatically generated by the compiler when compiling the DLL. Not executing the above statement would cause linking error as the linker would not know where to find the definition of AddNumbers . The DLL file 'Example.dll' may also have to be copied to

325-406: A DLL is usually shared among all the processes that use the DLL; that is, they occupy a single place in physical memory, and do not take up space in the page file . Windows does not use position-independent code for its DLLs; instead, the code undergoes relocation as it is loaded, fixing addresses for all its entry points at locations which are free in the memory space of the first process to load

390-412: A DLL runs in the memory space of the calling process and with the same access permissions, which means there is little overhead in their use, but also that there is no protection for the calling program if the DLL has any sort of bug. The DLL technology allows for an application to be modified without requiring consuming components to be re-compiled or re-linked. A DLL can be replaced so that the next time

455-646: A file: ExtractIcon function signature in the Windows API: P/Invoke C# code to invoke the ExtractIcon function: This next complex example shows how to share an Event between two processes in the Windows platform : CreateEvent function signature: P/Invoke C# code to invoke the CreateEvent function: There are a number of tools which are designed to aid in the production of P/Invoke signatures. Writing

520-669: A process running under a guest account can in this way corrupt another process running under a privileged account. This is an important reason to avoid the use of shared sections in DLLs. If a DLL is compressed by certain executable packers (e.g. UPX ), all of its code sections are marked as read and write, and will be unshared. Read-and-write code sections, much like private data sections, are private to each process. Thus DLLs with shared data sections should not be compressed if they are intended to be used simultaneously by multiple programs, since each program instance would have to carry its own copy of

585-445: A programmer can use to access functions in these libraries. Calls to functions within these libraries occur by declaring the signature of the unmanaged function within managed code, which serves as the actual function that can be called like any other managed method. The declaration references the library's file path and defines the function parameters and return in managed types that are most likely to be implicitly marshaled to and from

650-487: A result, a programmer with only managed code experience will need to brush up on programming concepts such as pointers, structures, and passing by reference to overcome some of the obstacles in using P/Invoke. Two variants of P/Invoke currently in use are: When using P/Invoke, the CLR handles DLL loading and conversion of the unmanaged previous types to CTS types (also referred to as parameter marshalling ). To perform this,

715-536: A run-time error if the DLL file cannot be found. The developer can catch the error and handle it appropriately. When creating DLLs in VB, the IDE will only allow creation of ActiveX DLLs, however methods have been created to allow the user to explicitly tell the linker to include a .DEF file which defines the ordinal position and name of each exported function. This allows the user to create

SECTION 10

#1732851482531

780-474: A single address space . Every program was meant to co-operate by yielding the CPU to other programs so that the graphical user interface (GUI) could multitask and be maximally responsive. All operating-system level operations were provided by the underlying operating system: MS-DOS . All higher-level services were provided by Windows Libraries "Dynamic Link Library". The Drawing API , Graphics Device Interface (GDI),

845-449: A standard Windows DLL using Visual Basic (Version 6 or lower) which can be referenced through a "Declare" statement. Microsoft Visual C++ (MSVC) provides several extensions to standard C++ which allow functions to be specified as imported or exported directly in the C++ code; these have been adopted by other Windows C and C++ compilers, including Windows versions of GCC . These extensions use

910-403: A supplement DLL and the corresponding C++ interface can be used in .NET. Common Language Runtime The Common Language Runtime ( CLR ), the virtual machine component of Microsoft .NET Framework , manages the execution of .NET programs. Just-in-time compilation converts the managed code (compiled intermediate language code) into machine instructions which are then executed on

975-437: A utility application that would import C++ header files and native DLL files and produce an interface assembly automatically turns out to be quite difficult. The main problem with producing such an importer/exporter for P/Invoke signatures is the ambiguity of some C++ function call parameter types. Brad Abrams has this to say on the subject: The problem lies with C++ functions like the following: What type should we use for

1040-556: Is an application which imports native DLLs and C++ .h files and exports fully formed and compiled P/Invoke interop DLLs. It overcomes the ambiguity problem by wrapping native pointer function parameters in PInvoker specific .NET interface classes. Instead of using standard .NET parameter types in P/Invoke method definitions ( char[] , string , etc.) it uses these interface classes in the P/Invoke function calls. For instance, if we consider

1105-406: Is called. If the DLL cannot be found or loaded, or the called function does not exist, the application will generate an exception , which may be caught and handled appropriately. If the application does not handle the exception, it will be caught by the operating system, which will terminate the program with an error message. The delayed loading mechanism also provides notification hooks , allowing

1170-419: Is common for internal functions to be exported by ordinal only. For most Windows API functions only the names are preserved across different Windows releases; the ordinals are subject to change. Thus, one cannot reliably import Windows API functions by their ordinals. Importing functions by ordinal provides only slightly better performance than importing them by name: export tables of DLLs are ordered by name, so

1235-451: Is decreasing. DLL files may be explicitly loaded at run-time, a process referred to simply as run-time dynamic linking by Microsoft, by using the LoadLibrary (or LoadLibraryEx ) API function. The GetProcAddress API function is used to look up exported symbols by name, and FreeLibrary – to unload the DLL. These functions are analogous to dlopen , dlsym , and dlclose in

1300-529: Is faster to link to the DLL directly. An experimental tool in MinGW called genlib can be used to generate import libs with MSVC-style symbols. Each function exported by a DLL is identified by a numeric ordinal and optionally a name. Likewise, functions can be imported from a DLL either by ordinal or by name. The ordinal represents the position of the function's address pointer in the DLL Export Address table. It

1365-555: Is free to interact with objects located on the managed heap and simultaneously any addressable native memory location. A managed heap resident object may be called, modified or constructed, using simple "object->field;" notation to assign values or specify method calls. Significant performance gains result from having eliminated any needless context switching, memory requirements are reduced (shorter stacks). This comes with new challenges: These references specify solutions for each of these issue if they are encountered. A primary benefit

SECTION 20

#1732851482531

1430-455: Is much smaller as it only contains symbols referring to the actual DLL, to be processed at link-time. Both nevertheless are Unix ar format files. Linking to dynamic libraries is usually handled by linking to an import library when building or linking to create an executable file. The created executable then contains an import address table (IAT) by which all DLL function calls are referenced (each referenced DLL function contains its own entry in

1495-402: Is processed by the linker, rather than the compiler, and thus it is not specific to C++. DLL compilation will produce both DLL and LIB files. The LIB file (import library) is used to link against a DLL at compile-time; it is not necessary for run-time linking. Unless the DLL is a Component Object Model (COM) server, the DLL file must be placed in one of the directories listed in

1560-482: Is simply called the .NET runtime . Dynamic-link library A dynamic-link library ( DLL ) is a shared library in the Microsoft Windows or OS/2 operating system . A DLL can contain executable code (functions), data , and resources , in any combination. A DLL file often has file extension .dll , but can have any file extension. Developers can choose to use a file extension that describes

1625-415: Is that a DLL cannot be run directly since the operating system requires an entry point to start execution. Windows provides a utility program (RUNDLL.EXE/RUNDLL32.EXE) to execute a function exposed by a DLL. Since they have the same format, an EXE can be used as a DLL. Consuming code can load an EXE via the same mechanism as loading a DLL. The first versions of Microsoft Windows ran programs together in

1690-508: Is the elimination of the structure declaration, the order of field declaration and alignment issues are not present in the context of C++ Interop. This first simple example shows how to get the version of a particular DLL : DllGetVersion function signature in the Windows API : P/Invoke C# code to invoke the DllGetVersion function: The second example shows how to extract an icon in

1755-411: Is used in the function declaration to signal the DLL name, followed by name to name the symbol (if different) or index to identify the index. In Visual Basic (VB), only run-time linking is supported; but in addition to using LoadLibrary and GetProcAddress API functions, declarations of imported functions are allowed. When importing DLL functions through declarations, VB will generate

1820-452: The CLR : P/Invoke is useful for using standard (unmanaged) C or C++ DLLs . It can be used when a programmer needs to have access to the extensive Windows API , as many functions provided by the Windows libraries lack available wrappers . When a Win32 API is not exposed by the .NET Framework the wrapper to this API must be written manually. Writing P/Invoke wrappers can be difficult and error prone. Using native DLLs means that

1885-492: The CPU of the computer. The CLR provides additional services including memory management , type safety , exception handling , garbage collection , security and thread management . All programs written for the .NET Framework, regardless of programming language , are executed in the CLR. All versions of the .NET Framework include CLR. The CLR team was started June 13, 1998. CLR implements

1950-447: The POSIX standard API. The procedure for explicit run-time linking is the same in any language that supports pointers to functions , since it depends on the Windows API rather than language constructs. Normally, an application that is linked against a DLL’s import library will fail to start if the DLL cannot be found, because Windows will not run the application unless it can find all of

2015-620: The Virtual Execution System (VES) as defined in the Common Language Infrastructure (CLI) standard, initially developed by Microsoft itself. A public standard defines the Common Language Infrastructure specification. During the transition from legacy .NET technologies like the .NET Framework and its proprietary runtime to the community-developed .NET Core , the CLR was dubbed CoreCLR . Today, it

Platform Invocation Services - Misplaced Pages Continue

2080-404: The Windows shell to load different Windows programs, and for these programs to invoke API calls from the shared USER and GDI libraries. That concept was "dynamic linking". In a conventional non-shared static library , sections of code are simply added to the calling program when its executable is built at the "linking" phase; if two programs call the same routine, the routine is included in both

2145-460: The linker saves the timestamp and checksum of the DLL to which the import is bound. At run-time, Windows checks to see if the same version of library is being used, and if so, Windows bypasses processing the imports. Otherwise, if the library is different from the one which was bound to, Windows processes the imports in a normal way. Bound executables load somewhat faster if they are run in the same environment that they were compiled for, and exactly

2210-428: The DLL's code. If some programs (or their combination of already-loaded DLLs) do not have those addresses free, then an additional physical copy of the DLL's code will need to be created, using a different set of relocated entry points. If the physical memory occupied by a code section is to be reclaimed, its contents are discarded, and later reloaded directly from the DLL file as necessary. In contrast to code sections,

2275-407: The DLL, resulting in increased memory consumption. Like static libraries, import libraries for DLLs are noted by the .lib file extension. For example, kernel32.dll , the primary dynamic library for Windows's base functions such as file creation and memory management, is linked via kernel32.lib . The usual way to tell an import library from a proper static library is by size: the import library

2340-431: The DLL. In older versions of Windows, in which all running processes occupied a single common address space, a single copy of the DLL's code would always be sufficient for all the processes. However, in newer versions of Windows which use separate address spaces for each program, it is only possible to use the same relocated copy of the DLL in multiple programs if each program has the same virtual addresses free to accommodate

2405-427: The DLLs that the application may need. However an application may be linked against an import library to allow delayed loading of the dynamic library. In this case, the operating system will not try to find or load the DLL when the application starts; instead, a stub is included in the application by the linker which will try to find and load the DLL through LoadLibrary and GetProcAddress when one of its functions

2470-705: The IAT). At run-time, the IAT is filled with appropriate addresses that point directly to a function in the separately loaded DLL. In Cygwin/MSYS and MinGW, import libraries are conventionally given the suffix .dll.a , combining both the Windows DLL suffix and the Unix ar suffix. The file format is similar, but the symbols used to mark the imports are different ( _head_foo_dll vs __IMPORT_DESCRIPTOR_foo ). Although its GNU Binutils toolchain can generate import libraries and link to them, it

2535-644: The PATH environment variable, in the default system directory, or in the same directory as the program using it. COM server DLLs are registered using regsvr32.exe, which places the DLL's location and its globally unique ID ( GUID ) in the registry. Programs can then use the DLL by looking up its GUID in the registry to find its location or create an instance of the COM object indirectly using its class identifier and interface identifier. The following examples show how to use language-specific bindings to import symbols for linking against

2600-467: The above example code, PInvoker would produce a .NET P/Invoke function accepting a .NET interface class wrapping the native char * pointer. The construction of this class could be from a string or from a char [] array. The actual native memory structure for both is the same, but the respective interface class constructors for each type will populate the memory in different ways. The responsibility for deciding what .NET type needs to be passed into

2665-543: The ambiguity problem is solved by the application picking one particular .NET type to use in the P/Invoke method signature and if necessary the user can change this to the required type. The P/Invoke Wizard uses a similar method to the Microsoft Interop Assistant in that it accepts native C++ .h file code and produces C# (or VB.NET) code for you to paste into your .NET application code. It also has options for which framework you wish to target: .NET Framework for

Platform Invocation Services - Misplaced Pages Continue

2730-481: The application itself. This concept of dynamic extensibility is taken to the extreme with the Component Object Model , the underpinnings of ActiveX . In Windows 1.x, 2.x and 3.x, all Windows applications shared the same address space as well as the same memory. A DLL was only loaded once into this address space; from then on, all programs using the library accessed it. The library's data was shared across all

2795-541: The application runs it uses the new DLL version. To work correctly, the DLL changes must maintain backward compatibility . Even the operating system can be upgraded since it is exposed to the applications via DLLs. System DLLs can be replaced so that the next time the applications run, they use the new system DLLs. In Windows API , DLL files are organized into sections . Each section has its own set of attributes, such as being writable or read-only, executable (for code) or non-executable (for data), and so on. The code in

2860-402: The application to perform additional processing or error handling when the DLL is loaded and/or any DLL function is called. In a source file, the keyword library is used instead of program . At the end of the file, the functions to be exported are listed in exports clause. Delphi does not need LIB files to import functions from DLLs; to link to a DLL, the external keyword

2925-471: The associated header files which are required by the tool to build a C# wrapper DLL. The P/Invoke signatures and data marshaling are generated by the application. The resulting C# wrapper has the similar interface of the C++ counterpart with the parameter type converted to the .NET code. This tool recognizes template classes which is not exported from the C++ DLL and instantiates the template class and export it in

2990-510: The attribute __declspec before a function declaration. Note that when C functions are accessed from C++, they must also be declared as extern "C" in C++ code, to inform the compiler that the C linkage should be used. Besides specifying imported or exported functions using __declspec attributes, they may be listed in IMPORT or EXPORTS section of the DEF file used by the project. The DEF file

3055-404: The checksum of the executable, so it is not something that can be done with signed programs, or programs that are managed by a configuration management tool that uses checksums (such as MD5 checksums) to manage file versions. As more recent Windows versions have moved away from having fixed addresses for every loaded library (for security reasons), the opportunity and value of binding an executable

3120-629: The content of the file such as .ocx for ActiveX controls and .drv for a legacy (16-bit) device driver . A DLL that contains only resources can be called a resource DLL . Examples include the icon library , sometimes having extension .icl , and font library having extensions .fon and .fot . The file format of a DLL is the same as for an executable (a.k.a. EXE ), but different versions of Windows use different formats. 32-bit and 64-bit Windows versions use Portable Executable (PE), and 16-bit Windows versions use New Executable (NE). The main difference between DLL and EXE

3185-411: The current working directory from the DLL search path. The Python ctypes binding will use POSIX API on POSIX systems. The Component Object Model (COM) defines a binary standard to host the implementation of objects in DLL and EXE files. It provides mechanisms to locate and version those files as well as a language-independent and machine-readable description of the interface. Hosting COM objects in

3250-413: The current working directory is looked up before the system library directories), and thus to a malicious version of the library. See the reference for Microsoft's guidance on safe library loading: one should use SetDefaultDllDirectories in kernel32 to remove both the application directory and the current working directory from the DLL search path, or use SetDllDirectoryW in kernel32 to remove

3315-487: The data sections of a DLL are usually private; that is, each process using the DLL has its own copy of all the DLL's data. Optionally, data sections can be made shared, allowing inter-process communication via this shared memory area. However, because user restrictions do not apply to the use of shared DLL memory, this creates a security hole ; namely, one process can corrupt the shared data, which will likely cause all other sharing processes to behave undesirably. For example,

SECTION 50

#1732851482531

3380-466: The desktop or .NET Compact Framework for Windows Mobile smart devices (and Windows CE). xInterop C++ .NET Bridge is a windows application to created C# wrapper for native C++ DLLs and C++ bridge to access .NET assemblies, it comes with a C#/.NET library which wraps the standard C++ classes, such as string, iostream, etc., C++ classes and objects can be accessed from .NET. This tool generates C# wrapper DLLs with source code from existing native C++ DLLs and

3445-734: The frame buffer. When drawing to a printer, the API calls had to be transformed into requests to a printer. Although it could have been possible to provide hard-coded support for a limited set of devices (like the Color Graphics Adapter display, the HP LaserJet Printer Command Language ), Microsoft chose a different approach. GDI would work by loading different pieces of code, called " device drivers ", to work with different output devices. The same architectural concept that allowed GDI to load different device drivers also allowed

3510-482: The function is therefore passed to the developer. Microsoft Interop Assistant is a free tool available with binaries and source code available for download on CodePlex . It is licensed under the Microsoft Limited Public License (Ms-LPL). It has two parts: Because this tool produces C# source code rather than a compiled dll the user is free to make any changes necessary to the code before use. So

3575-649: The location where the .exe file would be generated by the following code: The following examples show how to use the run-time loading and linking facilities using language-specific Windows API bindings. Note that all of the four samples are vulnerable to DLL preloading attacks , since example.dll can be resolved to a place unintended by the author (unless explicitly excluded the application directory goes before system library locations, and without HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch

3640-494: The parameter params in our P/Invoke signature ? This could be either a C++ null terminated string, or could be a char array or could be an output char parameter. So should we use string , StringBuilder , char [] or ref char  ? Regardless of this issue, there are a few tools available to make the production of P/Invoke signatures simpler. One of the tools listed below, xInterop C++ .NET Bridge has resolved this issue by implementing multiple overrides of

3705-557: The performance of the Pentium Pro microprocessor when launched, and ultimately limited the stability and scalability of the DOS-based versions of Windows. Although the DLL technology is core to the Windows architecture, it has drawbacks. DLL hell describes the bad behavior of an application when the wrong version of a DLL is consumed. Mitigation strategies include: The executable code of

3770-540: The programmer can no longer benefit from type safety and garbage collection as is usually provided in the .NET environment. When they are used improperly this may cause problems such as segmentation faults or memory leaks . Getting the exact signatures of the legacy functions for use in the .NET environment can be hard, which can result in such problems. For this purpose tools and websites exist to obtain such signatures, helping to prevent signature problems. [1] Other pitfalls include: When using C++/CLI, emitted CIL

3835-509: The programs during the linking stage of the two. With dynamic linking, shared code is placed into a single, separate file. The programs that call this file are connected to it at run time, with the operating system (or, in the case of early versions of Windows, the OS-extension), performing the binding. For those early versions of Windows (1.0 to 3.11), the DLLs were the foundation for the entire GUI. As such, display drivers were merely DLLs with

3900-487: The programs. This could be used as an indirect form of inter-process communication , or it could accidentally corrupt the different programs. With the introduction of 32-bit libraries in Windows 95 , every process ran in its own address space. While the DLL code may be shared, the data is private except where shared data is explicitly requested by the library. That said, large swathes of Windows 95 , Windows 98 and Windows Me were built from 16-bit libraries, which limited

3965-404: The same C++ method in .NET world, developers can then pick the correct one to make the call. PInvoke.net is a wiki containing P/Invoke signatures for a large number of standard Windows APIs. It is owned by Redgate Software and has around 50000 hits per month. The signatures are manually produced by users of the wiki. They can be searched using a free addin to Microsoft Visual Studio . PInvoker

SECTION 60

#1732851482531

4030-427: The same time if they are run in a different environment, so there is no drawback for binding the imports. For example, all the standard Windows applications are bound to the system DLLs of their respective Windows release. A good opportunity to bind an application's imports to its target environment is during the application's installation. This keeps the libraries "bound" until the next OS update. It does, however, change

4095-488: The standard benefits of shared libraries , such as modularity . Modularity allows changes to be made to code and data in a single self-contained DLL shared by several applications without any change to the applications themselves. Another benefit of modularity is the use of generic interfaces for plug-ins. A single interface may be developed which allows old as well as new modules to be integrated seamlessly at run-time into pre-existing applications, without any modification to

4160-542: The unmanaged types by the common language run-time (CLR). When the unmanaged data types become too complex for a simple implicit conversion from and to managed types, the framework allows the user to define attributes on the function, return, and/or the parameters to explicitly refine how the data should be marshaled so as not to lead to exceptions in trying to do so implicitly. There are many abstractions of lower-level programming concepts available to managed code programmers as compared to programming in unmanaged languages. As

4225-486: Was implemented in a DLL called GDI.EXE , the user interface in USER.EXE . These extra layers on top of DOS had to be shared across all running Windows programs, not just to enable Windows to work in a machine with less than a megabyte of RAM, but to enable the programs to co-operate with each other. The code in GDI needed to translate drawing commands to operations on specific devices. On the display, it had to manipulate pixels in

#530469