Menu
I disassembled a DLL and see there some functions. I found the function that I need and it's address is 0x10001340.
Would this address stay the same, if I load this dll into my application? So would it be possible for me to call that function by it's address from my application?
I am asking because I am not sure: what if when this dll loaded, some function in the main application already has the same address? So maybe the functions inside a dll can change addresses when loading or etc.
735
If a DLL is written in one of the . NET languages and if you only want to view what functions, there is a reference to this DLL in the project. Then doubleclick the DLL in the references folder and then you will see what functions it has in the OBJECT EXPLORER window.
You can use load-time dynamic linking or run-time dynamic linking in your DLL in the same way as in the executable. The only restriction is not to call LoadLibrary from your DllMain function to avoid deadlocks.
The pages are only loaded into physical memory once for all processes, even though they may have the page mapped to different address in their virtual address space.
A better way to do it is to use GetModuleInformation(). The first field of the MODULEINFO structure you pass will contain the base address of the DLL. Though according to the documentation of MODULEINFO: The load address of a module is the same as the HMODULE value.
On Windows dlls have a preferential load address, but the loader is able to change all those references if it notices that such portion of the virtual address space is already used. This process is called "rebasing".
The "default" base address is specified at linking time (/BASE with the Microsoft linker), and it can be useful to set it to something different than the default if you plan to use the dll alongside with another one with the same base address; this speeds up the loading process, since the loader doesn't have to rebase one of the dlls at each load. (IIRC there are also tools that are able to rebase an existing dll and save the result on disk)
It's good to keep in mind that, from Windows Vista onwards, dlls compiled with a specified flag are loaded always at a random base address to avoid some kind of exploits.
151
It is extremely unlikely that you'll end up with the same address. The default /BASE argument for the linker for DLLs is 0x10000000, that's how your entrypoint ended up at that address. But there are many DLLs that are linked using the default setting, only one can actually get loaded at that address. All the other ones that get loaded later need to be re-based.
You could come up with a better value for /BASE, it is however never a guarantee that you get the load address you ask for.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
