How does a DLL actually share?

Question

How does a DLL actually share?

After examining several DLLs that I have on my Windows machine (for example, KERNEL32.DLL), I noticed that none of their sections, even the read-only section, had the IMAGE_SCN_MEM_SHARED flag set.

DLLs are displayed from the .dll file, therefore, only when you read the file page, it is copied to physical memory, but still, if you can say on the same page that kernel32.dll is accessed by both process A and process B, then the page will exist twice in physical memory. I ask for the veracity of this last statement.

If the .text or .rodata segment in which they were created, they will be copied only to physical memory, even if ASLR is turned on, because what ASLR does is to randomize the base of the module when it is first loaded (with the corresponding repositories used), but the next process, which loads this module before rebooting the system, will receive the module with the same address so that it can share .text and .rodata in the same way.

These are all the assumptions I made, please correct me.

Thank!

+4

c ++ memory-management shared-memory dll winapi

miguel Dec 24 '16 at 18:20

source share

1 answer

Mats Petersson · Accepted Answer · 2016-12-24T19:14:26+0000

, , , (- ). , ( DLL), vtable/function, ( ) , , , . "".

, , DLL , / . , , ( ). , , DLL .

, . , , DLL ( , DLL ), , DLL. - , DLL, , (, , , ). , , "", , , , . -, - , , , , , "" (, , ).

, - , ( 4 ) , , . . " " DLL ( " thunk" ), DLL , , , .

"" , DLL . , ASLR, DLL , DLL (, DLL, , , , , " , " ) - , .

IMAGE_SCN_MEM_SHARED, , , DLL . , IMAGE_SCN_MEM_SHARED DLL EXE , , " , " (, , , () DLL. , , , , [ , ].

How does a DLL actually share?

More articles: