Home > Software engineering >  DLL are loaded at the same address, why is it designed like that?
DLL are loaded at the same address, why is it designed like that?

Time:05-28

In Windows the same DLL are loaded in the same address across processes, e.g advapi32.dll

WmiPrvSE.exe:

enter image description here

svchost.exe:

enter image description here

Since windows has ASLR enabled, why is it designed like that?

CodePudding user response:

ASLR randomizes the load address offset when the machine boots, it is not random per-process. ASLR protects you from code injected by a webpage etc. not from processes already running on your machine.

Loading at the same address in every process is advantageous for page sharing but not guaranteed by the OS. Low-level libraries are more likely to load at the same address and advapi32 is pretty low-level.

Page link:https//www.codepudding.com/Softwareengineering/422937.html

Prev:VBA copy and paste in increment row number
Next:How to remove these lines between Row children
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding