我想我的问题是关于 CLR装载机。我想了解 CorFlags.exe 背后的机制/32BIT+
功能。
我们知道,当启动一个在 64 位 Windows 上设置了 Any CPU 标志编译的程序集时,它会作为 64 位进程启动。如果在该程序集上运行 CorFlags/32BIT+
,它将作为 32 位进程启动。我认为这是一个令人着迷的功能。
我对此有很多疑问:
- 它是如何实现的?
- 操作系统加载程序是否参与其中?
- 是否可以构建一个根据需要加载 32 位或 64 位 CLR 的自定义应用程序(我猜是非托管应用程序)?
是否有文章、书籍、博客等解释此功能的内部工作原理?
最佳答案
我所知道的任何地方都没有对此进行详细记录,我只能向您指出相关的 MSDN 文章。是的,您的假设是正确的,Windows XP 及更高版本中的加载程序可以识别托管可执行文件。它会自动加载.NET加载程序垫片(c:\windows\system32\mscoree.dll),相关入口点是_CorValidateImage() 。链接的 MSDN 文章中的“备注”部分描述了将 32 位 .exe 文件转换为 64 位进程的机制:
In Windows XP and later versions, the operating system loader checks for managed modules by examining the COM Descriptor Directory bit in the common object file format (COFF) header. A set bit indicates a managed module. If the loader detects a managed module, it loads MsCorEE.dll and calls _CorValidateImage, which performs the following actions:
- Confirms that the image is a valid managed module.
- Changes the entry point in the image to an entry point in the common language runtime (CLR).
- For 64-bit versions of Windows, modifies the image that is in memory by transforming it from PE32 to PE32+ format.
- Returns to the loader when the managed module images are loaded.
For executable images, the operating system loader then calls the _CorExeMain function, regardless of the entry point specified in the executable. For DLL assembly images, the loader calls the _CorDllMain function.
_CorExeMain or _CorDllMain performs the following actions:
- Initializes the CLR.
- Locates the managed entry point from the assembly's CLR header.
- Begins execution.
The loader calls the _CorImageUnloading function when managed module images are unloaded. However, this function does not perform any action; it just returns.
关于clr - CorFlags.exe/32BIT+ 如何工作?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10389756/