当我在我的进程中加载 dll 时,该 dll 如何解析它导入的函数地址? 我尝试在 GetProcAddress 和 LdrGetProcedureAddress 上设置断点,但它并没有在那里中断。
请有人解释。
最佳答案
加载 DLL 时,如果需要,加载程序将更新所有地址以反射(reflect)加载 DLL 的基地址。
http://msdn.microsoft.com/en-us/magazine/bb985014.aspx :
When creating a DLL, the linker assumes that the DLL will load at a particular address. Certain pieces of the code and data contain hardcoded addresses that are only correct if the DLL loads at the preferred address. However, at runtime it's possible that the operating system may have to load the DLL at a different memory location.
To handle the situation where the OS has to move the DLL, the linker adds base relocations to the DLL. Base relocations are addresses that require modification so that they contain the correct address for where the DLL loaded in memory. The more base relocations a DLL has, the more time the OS needs to process them and to load the DLL. A properly based DLL loads at its preferred address, and can skip processing the base relocation records.
如今,将 DLL 的基地址随机化作为一种安全措施更为常见,上面的文章早于此。另见:
关于c++ - DLL 如何解析它的 IAT?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10677731/