Reputation: 6403
Data in executable file are on weird position
Few days ago I've started playing with PE format. I've done small PE loader which is able to load sections to memory according to their virtual addresses. For example I have section .text on virtual address 0x1000, or section .data on 0x2000. With my small assembly code, I've loaded PE file on some free location (0x10000) and I loaded PE sections from it's positions. So, section .text is on 0x11000 (0x10000 + 0x1000), .data is on 0x12000 etc... But when I referenced my data in assembly from .code location, I found out (in disassembly) that it's pointing to 0x402000. On internet I found something like image base which is specific for each type of image... But I don't understand how can be .exe loaded to 0x402000 when there are lots of executables running in Windows for example. Does anybody why is it so, how does it work and how can I teoretically implement it in my very basic system?
Please help.
Upvotes: 1
Views: 243
Answers (3)
Reputation: 179372
Virtual memory means that every single process on your computer can use the "same" addresses, since the address spaces of each process are independent. 0x400000 for process A is mapped to a different physical address than 0x400000 for process B by the OS, even if they are the same virtual address (different virtual address spaces).
The default base address for an executable is 0x400000. Your linker hardcodes that base address into the executable and will adjust address references appropriately. Your executable will be loaded at that address when the program is launched. Your assembler or linker should give you a way to change this default base address.
Note that DLLs, on the other hand, have to be loaded at unique addresses because they must coexist in the same process. For this reason, DLLs are normally relocatable, i.e. they can have any base address when loaded to cope with the requirement of putting them at a unique address. (Having multiple non-relocatable DLLs on a system can cause problems, but having multiple non-relocatable .exes on a system is no problem at all.)
Upvotes: 3
Reputation: 2572
Each executable runs in its own virtual address space. So even if two executables have the same image base of 0x400000, they reside/use different physical memory. Think of it as the base of the image base differs.
To get the image base of a module loaded into your running process you can use GetModuleHandle. It returns a handle to the module which incidently equals the image base. Alternatively you can get the image base from the ImageBase field in the PE Headers IMAGE_OPTIONAL_HEADER structure (see here).
Upvotes: 3
Reputation: 63190
This is a complicated subject, but because of virtual memory and hardware aided separation of processes, every process is loaded and it is given the impression that it has the entire address space to itself. Therefore all image bases can start at the same address, because the addresses in virtual memory can be mapped anywhere to memory, and the process has infinite memory as far as it is concerned.
Upvotes: 1
Related Questions
- Strange Value in EXE header
- why do all elements of the relocation table have an additional offset?
- About the relocation table in DOS EXE header
- Relocation in PE loader
- Why is the PE format position dependent?
- File locations in binary file incorrect
- Why value stored in PE file is reverse?
- Data in the data section of an exe
- Inconsistent function pointer address with what the debugger shows
- alignment of sections and memory within an EXE file