Windows map DLL 是否指向不同进程中的相同虚拟地址?
[英]Does Windows map DLLs to the same virtual address in different processes?
问题描述
Say two processes are using Kernel32.dll, does Windows map the DLLs to the same virtual address space in both processes?
假设两个进程正在使用 Kernel32.dll,那么 Windows map DLL 是否指向两个进程中的相同虚拟地址空间? If not, how does paging mechanism end up using the same physical address where the DLL is in fact loaded for both processes?如果不是,分页机制如何最终使用相同的物理地址,实际上为两个进程加载了 DLL? I tried finding this info in the windows internals book but didn't find anything我尝试在 windows internals book 中找到此信息,但没有找到任何信息
1 个解决方案
解决方案1
5 已采纳 2022-03-20 11:50:55
TL;DR: No, it might be loaded somewhere else in another process. TL;DR:不,它可能会在另一个进程的其他地方加载。
Ntdll and Kernel32 are special and always load at the same address so it is better to focus on something else, Shell32 for example. Ntdll 和 Kernel32 是特殊的,并且总是在相同的地址加载,所以最好专注于其他东西,例如 Shell32。
A dll has what is known as a preferred base address and this is stored in the PE header ( ImageBase ). dll 具有所谓的首选基地址,该地址存储在 PE header ( ImageBase ) 中。 The loader will first attempt to load the dll at this address.加载程序将首先尝试在此地址加载 dll。 If that address range is free then loading will succeed with no extra work required.如果该地址范围是空闲的,那么加载将成功,不需要额外的工作。
If the address is not free then the loader has to load it somewhere else.如果该地址不可用,则加载程序必须将其加载到其他地方。 Loading at a different address usually requires relocation information and if this was removed during linking ( /FIXED ) then loading will fail, If there was space somewhere else to load the dll. the loader will use the relocation information to patch the given locations in the dll with the new base address, Because dlls are loaded as copy-on-write.在不同的地址加载通常需要重定位信息,如果在链接 ( /FIXED ) 期间将其删除,则加载将失败,如果其他地方有空间加载 dll。加载程序将使用重定位信息修补给定位置dll 具有新的基地址,因为 dll 是作为写时复制加载的。 this will cause extra memory usage compared to loading at the preferred address since each memory page that needed a patch is now a private copy in the process, This means that the answer to your question is no.与在首选地址加载相比,这将导致额外的 memory 使用,因为每个需要补丁的 memory 页面现在都是进程中的私有副本,这意味着您的问题的答案是否定的。 a dll might not load at the same address in a different process if that process already has something else loaded there.如果该进程已经加载了其他内容,则 dll 可能不会加载到不同进程中的同一地址。
So far I have only talked about the loader.到目前为止,我只谈到了装载机。 The loader is implemented in Ntdll as normal usermode code and is not involved with how a file mapped into memory actually works.加载程序在 Ntdll 中作为普通用户模式代码实现,不涉及映射到 memory 的文件的实际工作方式。 Memory mapped files (known as Sections internally in NT) is a co-operation between the operating system kernel and the CPU hardware. Memory 映射文件(在 NT 内部称为 Sections)是操作系统 kernel 和 CPU 硬件之间的合作。 This is a whole topic in of itself but the important thing to know is that physical memory and the page/swap file mechanism is completely disconnected from how a usermode process accesses its virtual memory pages.这本身就是一个完整的主题,但重要的是要知道物理 memory 和页面/交换文件机制与用户模式进程访问其虚拟 memory 页面的方式完全脱节。 The kernel can map a physical memory page to zero, one, or multiple places in a processes virtual memory and the CPU will automatically translate when a virtual page is accessed by the process. kernel 可以 map 一个物理页面 memory 到进程虚拟 memory 中的零个、一个或多个位置,当进程访问虚拟页面时,CPU 将自动转换。
As a final note, ASLR does complicate things a little bit but the "offset" only changes on reboot and should not have an impact on this specific question in current implementations.最后一点,ASLR 确实使事情变得有点复杂,但“偏移量”仅在重新启动时发生变化,并且不应该对当前实现中的这个特定问题产生影响。 In theory Windows could change this in the future and always load things at different addresses in different processes but this is unlikely to happen because of the copy-on-write downsides.理论上 Windows 可以在未来改变这一点,并始终在不同进程的不同地址加载东西,但由于写时复制的缺点,这不太可能发生。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.