Reputation: 105
can we rebase kernel32.dll ? such that load address is different for two processes
specifically i want to know if kernel32.dll load address can be different for two processes within the same session ? I want to use createremote thread so just wanted to know if kernel32 load address in remote process can be different from the injecting process in any scenario ?
Upvotes: 3
Views: 2538
Answers (2)
Reputation: 6743
System DLLs are loaded at random addresses (ASLRed) for security reasons so that a remote attacker can't guess where bits of code on your system are living in memory (i.e. remote attackers can't guess pointers on your computer).
This happens once per boot, and hence kernel32 will be loaded at the same address in all processes across your system.
Upvotes: 0
Reputation: 22030
Kernel32.dll has the same base address on all processes to allow exactly what you'd like to do. Read: Why are certain DLLs required to be at the same base address system-wide?
Upvotes: 2
Related Questions
- Can a process load two DLLs with exactly the same name?
- Can the same DLL data be shared by 2 different processes?
- Multiple LoadLibrary for copies of the same DLL
- The confusing base address between kernel32.dll and kernelbase.dll
- Can I use two incompatible versions of the same DLL in the same process?
- Loading same instance of a dll in multiple process
- Could we have 2 DLLs with the same name being loaded in one process
- Load 2 versions of the same DLL in the same process
- Loading two instances of a shared library
- Is there a way to change the preferred base address of a dll once it's compiled?