[英]How do runtime loadable kernel modules know the addresses of core kernel functions?
I would be interested in answers for both Linux and NT (or any other for that matter)我会对 Linux 和 NT(或任何其他相关问题)的答案感兴趣
Edit:编辑:
Thanks Laurion for the answer.感谢劳里恩的回答。
More information here:更多信息在这里:
The runtime loader normally fixes up references to imported functions when the module is loaded.运行时加载器通常会在加载模块时修复对导入函数的引用。 It looks at the table of imported functions and puts in the proper address.
它查看导入函数表并输入正确的地址。 The module uses the imported functions through an indirection table.
该模块通过间接表使用导入的函数。
Having written a loader for both windows kernel (and windows userspace) before: it works the same way.之前为 windows kernel(和 windows 用户空间)编写了加载程序:它的工作方式相同。 essentially all binaries have something called IAT (eg, http://msdn.microsoft.com/en-us/magazine/cc301808.aspx this is the eternal classic paper).
基本上所有的二进制文件都有一个叫做 IAT 的东西(例如, http://msdn.microsoft.com/en-us/magazine/cc301808.aspx这是永恒的经典论文)。 When the loader allocated memory for the DLL it will copy the DLL there, and read the IAT of the DLL for all the symbols that it needs (by name), and then lookup the names in the export section of the Windows core DLL (eg, kernel32.dll), and fill it up with the address read.
When the loader allocated memory for the DLL it will copy the DLL there, and read the IAT of the DLL for all the symbols that it needs (by name), and then lookup the names in the export section of the Windows core DLL (eg , kernel32.dll),并用读取的地址填充它。 all the needed files will have to be read and address fillup, before the DLL can continue execution.
在 DLL 可以继续执行之前,必须读取所有需要的文件并填充地址。
Linux works the same way too.....be it userspace or kernel. Linux 的工作方式也相同.....无论是用户空间还是 kernel。 ELF structure call it relocation table.
ELF 结构称之为重定位表。
http://www.bravegnu.org/gnu-eprog/linker.html http://www.bravegnu.org/gnu-eprog/linker.html
Hope that help:-) (the details are similar for x86 arch).希望有所帮助:-)(x86 拱门的细节类似)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.