How do runtime loadable kernel modules know the addresses of core kernel functions?

Question

I would be interested in answers for both Linux and NT (or any other for that matter)

Edit:

Thanks Laurion for the answer.

More information here:

• http://www.symantec.com/connect/articles/dynamic-linking-linux-and-windows-part-one
• http://www.symantec.com/connect/articles/dynamic-linking-linux-and-windows-part-two

Answer 1

Having written a loader for both windows kernel (and windows userspace) before: it works the same way. essentially all binaries have something called IAT (eg, http://msdn.microsoft.com/en-us/magazine/cc301808.aspx this is the eternal classic paper). When the loader allocated memory for the DLL it will copy the DLL there, and read the IAT of the DLL for all the symbols that it needs (by name), and then lookup the names in the export section of the Windows core DLL (eg, kernel32.dll), and fill it up with the address read. all the needed files will have to be read and address fillup, before the DLL can continue execution.

Linux works the same way too.....be it userspace or kernel. ELF structure call it relocation table.

http://www.bravegnu.org/gnu-eprog/linker.html

Hope that help :-) (the details are similar for x86 arch).

Answer 2

The runtime loader normally fixes up references to imported functions when the module is loaded. It looks at the table of imported functions and puts in the proper address. The module uses the imported functions through an indirection table.