我应该更改我的图像库吗?
在 Delphi 中,Image Base 链接器选项默认为 00400000。
根据帮助:
指定首选加载地址 编译后的图像。 这个值是 通常仅在编译时更改 DLL。 默认 = 400000
更改它对 EXE 没有影响吗? 效果会怎样呢? 该地址是相对于每个进程的吗?
In Delphi the Image Base linker option defaults to 00400000.
Per the help:
Specifies the preferred load address
of the compiled image. This value is
typically only changed when compiling
DLLs. Default = 400000
Is there no effect for changing it on EXE's? What would the effect be? Is the address relative to each process?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果可能的话,可执行映像(EXE 和 DLL,以及其他伪装成 DLL 的东西,如 BPL 和 OCX)由操作系统加载器加载到其首选加载地址(Image Base); 如果虚拟地址空间的该区域被保留用于其他目的(另一个映像、线程堆栈、堆分配),则操作系统加载程序将重新定位该映像。 重新定位映像涉及将其放置在地址空间中的其他位置,然后获取新加载地址和首选加载地址之间的差异,并将该差异添加到映像内的每个重定位修复中。 重定位修复指向可执行映像中代码或数据引用自身的所有位置,例如从全局变量加载值的代码,或绝对跳转到其他例程。
因为重定位涉及到操作系统修改镜像数据的内存版本,因此需要更长的时间,占用更多的I/O并提交更多的页面(需要对整个重定位的镜像进行分页),并且操作系统虚拟内存子系统将无法与已加载相同可执行映像的其他进程共享加载的映像(因为它在内存中会有所不同)。 因此,最好避免加载时重新定位。
按照 32 位 Windows 上的约定,可执行映像的首选地址是
$00400000,而其他 DLL(包括操作系统 DLL)则依赖此约定,因为没有可能与主可执行文件一致的默认加载地址。 因此,他们避免了搬迁。 事实上,重定位 EXE 映像的情况很少发生,因此通常可以从 EXE 映像中删除重定位数据而不会造成任何损害。对 DLL 进行更改是有意义的,以避免与任何默认操作系统 DLL 以及通常随 DLL/EXE 附带的任何其他 DLL 发生冲突。 由于更改 EXE 的地址会增加操作系统需要重新定位 DLL 的机会,因此不建议更改 EXE 加载地址。
特别是对于 DLL,以及可能运行多个实例的可执行文件,不建议使用像 UPX 这样的可执行图像压缩器,因为内存中解压缩的作用类似于重定位,以防止内存中映像在多个进程之间共享。
Executable images (EXEs and DLLs, and other things that are DLLs in disguise, like BPLs and OCXs) are loaded by the OS loader at their preferred load address (Image Base) if possible; if that area of the virtual address space is reserved for some other purpose (another image, a thread stack, heap allocation), then the OS loader will relocate the image. Relocating the image involves putting it somewhere else in the address space, then taking the difference between the new load address and the preferred load address and adding this difference to every relocation fixup inside the image. Relocation fixups point to all the places in the executable image where the code or data refers to itself, such as code loading values from global variables, or making absolute jumps to other routines.
Because relocation involves the OS modifying the in-memory version of the image data, it takes longer, it takes up more I/O and commits more pages (the entire image with relocations needs to be paged in), and the OS virtual memory subsystem won't be able to share the loaded image with other processes that have loaded the same executable image (since it will be different in-memory). Thus, it's desirable to avoid relocation upon loading.
The preferred address for executable images is
$00400000by convention on 32-bit Windows, and other DLLs (including OS DLLs) rely on this convention by not having default load addresses that are likely to coincide with the main executable. Thus they avoid relocation. In fact, relocating an EXE image is so infrequently done that the relocation data can often be stripped from EXE images without harm.Changing it for DLLs makes sense to avoid conflicting with any of the default OS DLLs and any other DLLs that normally ship with the DLL / EXE. Since changing it for an EXE increases the chances that the OS will need to relocate a DLL, it's not recommended that the EXE load address be changed.
Executable image compactors like UPX are not recommended for DLLs in particular, and for executables that may have many instances running, because the in-memory decompression acts like relocation in preventing the in-memory image from being shared between multiple processes.
更改 EXE 的映像库几乎没有用,除非您正在执行一些非常低级的肮脏黑客行为。
是的,每个进程都有自己的地址空间。
Change EXE's image base is almost useless unless you're doing some very low-level dirty hack.
Yes, each process has its own address space.