daisy
Reputation: 23511
DLL are loaded at the same address, why is it designed like that?
In Windows the same DLL are loaded in the same address across processes, e.g advapi32.dll
WmiPrvSE.exe:
svchost.exe:
Since windows has ASLR enabled, why is it designed like that?
Upvotes: 1
Views: 1019
Answers (1)
Anders
Reputation: 101666
ASLR randomizes the load address offset when the machine boots, it is not random per-process. ASLR protects you from code injected by a webpage etc. not from processes already running on your machine.
Loading at the same address in every process is advantageous for page sharing but not guaranteed by the OS. Low-level libraries are more likely to load at the same address and advapi32 is pretty low-level.
Upvotes: 3
Related Questions
- How loader maps DLL into Process Address Space
- In what order are locations searched to load referenced DLLs?
- Does Windows map DLLs to the same virtual address in different processes?
- How does Windows handle multiple DLLs loaded in memory without position independent code?
- Is DLL always have the same Base Address?
- System DLLs address space
- On windows, why are there different addresses for the same module?
- Executable loads same dll as already loaded dll
- DLLs reloaded to their preferred address
- Could we have 2 DLLs with the same name being loaded in one process