I just learned ImageBase is specified in PE format,and OS will load it to the exact position for .EXE , then comes the question:
what if two .EXE is requiring the same ImageBase location?
views:
39answers:
2
+1
A:
Incase of 2 EXE's, they have Completely Different Address Spaces...Every Executable has its own space.
This means, every time you execute an EXE, it is assigned its own independent 4GB (on 32bit systems, although the process can use just part of it, the rest goes the kernel.) worth address space. It's Virtual Address Space. It's different from your Physical Memory.
So there's no conflict.
Technically, a PE can load just about anywhere, but it's usually 0x4000000
Now, Lets say you have an EXE and it loads a couple of DLL's (which happen to have the same ImageBase)...In this case, The first DLL loads fine, the second one gets relocated (or "rebased"). Each DLL has a .reloc Section which contains data about updating references within the code.
st0le
2010-09-18 08:56:52
How can there be no conflict when both `EXE` are loaded to `0x4000000`?
COMer
2010-09-18 09:12:06
@COMer, i refined the answer, hope it's clear now.
st0le
2010-09-18 09:26:00
@StOle,what about the address in visual studio's "Disassembly Window", is it virtual address or physical memory?
COMer
2010-09-18 09:34:30
@harper, It's Virtual. Think about it this way, Processes will have 4GB Address spaces even if you have `256MB` RAM. This is possible because of Virtual Memory (/Paging).
st0le
2010-09-18 09:36:47
A:
you can use Process Explorer to see the value the ImageBase and Base addresses of any running application (with its DLLs). Based on these values you can see whether rebasing has taken place.
marc ochsenmeier
2010-09-18 09:55:05