Hello everyone,
Some study these days about address of exported function in DLL. It is
appreciated if you could review and comment.
(for C++ DLL/EXE only)
1.Inside DLL
For the DLL itself, in its build process, it has to decide the address
of each function in the result binary file (.dll), right? I think each
exported function in the dll biinary file has a definite absolute
address, which is based on the default load base address of the DLL,
right?
2. Inside EXE
For the EXE, which utilizes the DLL, since there may be DLL rebase,
which changes the base load address of the DLL into EXE process space,
the address of the exported function of the DLL is not known until EXE
load time and the final rebased address of the exported function of the
DLL is put into the IAT of EXE.
In other words, the same function of the DLL, may have different
address in different EXEs, which loads the DLL into related process
space of EXE.
So, all the places where invokes the dllexported function, will use a
function pointer to point to the IAT entry of the related dllexported
function to form a indirection level function call. No address of DLL
exported function is known and written to the EXE binary until load time
address fix-up.
My understanding of (1) and (2) correct? Any comments?
thanks in advance,
George
--
George3
------------------------------------------------------------------------
Posted via
http://www.codecomments.com
------------------------------------------------------------------------