A function of a Windows DLL has the same address?

Question

A function of a Windows DLL has the same address?

Asked 9 years, 2 months ago

Viewed 119 times

0

I’m having a doubt a function of a windows DLL always has the same address for all versions or it is dynamic?

Example a function of user32.dll.

This excerpt from Wikipedia answers my question. The address I was referring to is the address of the bytes located within the DLL, the address of the function at dynamic runtime it.

You can edit machine code using hexadecimal editors such as for example the "debug" that runs on the Windows DOS. With these programs can be seen not in binary, but in hexadecimal, as shown below in this DOS screen capture with the debug open editing the program "v.exe": (key-up ? for commands and d for dump)

C:\Utility>debug v.exe
-d 0 100
0E3D:0000  CD 20 FF 9F 00 9A F0 FE-1D F0 4F 03 F0 07 8A 03   . ........O.....
0E3D:0010  F0 07 17 03 F0 07 DF 07-01 01 01 00 02 FF FF FF   ................
0E3D:0020  FF FF FF FF FF FF FF FF-FF FF FF FF BD 0D 4C 01   ..............L.
0E3D:0030  D0 0C 14 00 18 00 3D 0E-FF FF FF FF 00 00 00 00   ......=.........
0E3D:0040  05 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
0E3D:0050  CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20   .!...........
0E3D:0060  20 20 20 20 20 20 20 20-00 00 00 00 00 20 20 20           .....
0E3D:0070  20 20 20 20 20 20 20 20-00 00 00 00 00 00 00 00           ........
0E3D:0080  00 0D 76 2E 65 78 65 0D-44 4F 57 53 5C 73 79 73   ..v.exe.DOWS\sys
0E3D:0090  74 65 6D 33 32 5C 64 6F-73 78 0D 0D 64 61 20 72   tem32\dosx..da r
0E3D:00A0  65 64 65 20 28 63 61 72-72 65 67 61 72 20 61 6E   ede (carregar an
0E3D:00B0  74 65 73 20 64 6F 20 64-6F 73 78 2E 65 78 65 29   tes do dosx.exe)

In the above example the memory address is shown on the left (segment:offset), in the centre the hexadecimal code and to the right as would be the text in ASCII. More efficient than all this would be get a dedicated program for handling machine code.

Do you mean the address it is mapped in memory? Or the position of the function within the dll?

– Vinícius Gobbo A. de Oliveira

2015/08/29 at 03:09
for example a dll user32.dll and a function of any. in the system when I want to grab the address of this function it is Statica or dynamic? it may vary depending on windows version?

– MrHelp

2015/08/29 at 03:12
if I take the address of the function Getprocaddress(Getmodulehandle('user32.DLL'),'Showwindow') it returns me always the same address of the function . I can’t tell you for sure, because my doubt is this. but from what Voce said I’m pretty sure it’s the position of the function in.

– MrHelp

2015/08/29 at 03:22
found in wikipedia but wanted a better explanation{ Each function exported by a DLL is identified by an ordinal numeral and optionally a name. Similarly, functions can be imported from the DLL by both numeral and name}

– MrHelp

2015/08/29 at 03:48
Take a look at [tour]. You can accept an answer if it solved your problem. You can vote on every post on the site as well. Did any help you more? You need something to be improved?

– Maniero

2016/03/04 at 18:58

1 answer

Browser other questions tagged windows dll

You are not signed in. Login or sign up in order to post.

by Maniero • **444,682** points · Answer 1 · 2015-08-29T10:38:33+00:00

1

Forget the address of the function. It is variable and doesn’t matter. The fact that it shows the same is a coincidence and cannot be used as something guaranteed. You just have to know which function you want to use and in most cases which DLL it is to load it. That’s all.

Most important about getting the address you already know. If it were fixed you wouldn’t need a function for this.

Only documented information. What is not documented can change without you knowing.

The address at that time only matters in more advanced matters.

The question has changed, but the information remains the same. You can’t trust the function address and you have no reason to do this. When you need her address just ask the operating system to tell you where the address is GetProcAddress().

but the address of the function position within the dll it can change?

– MrHelp

2015/08/29 at 16:44
The function predisposes from different addresses, A function can not be executed in the same address, because it is not only a library that will be used normally.

– Mega

2015/08/29 at 16:48
I don’t know what you’re talking about or the relevance of it. If you need additional information, explain what you want.

– Maniero

2015/08/29 at 16:48
friend if Voce opened the dll in a hexadecimal editor Voce will see the address of each instruction, is that position I’m referring to ... as the friend up there said I’m meaning is the address of the function mapped within the dll the position in the hexadecimal editor

– MrHelp

2015/08/29 at 16:56
No, you don’t see any address there. Now I’m thinking that this question is even programming. Mega is talking about something else. If you can not clarify better what the doubt is, I will close the question. At most you that in which sequence bytes the code is in the file. This is not relevant for programming and is not something reliable. The answer already says this.

– Maniero

2015/08/29 at 17:04
as it is not relevant for programming ? I am trying to clarify my question, and as Voce now said is the sequence of bytes that is in the file that I am referred to , this sequence can be changed at runtime ?

– MrHelp

2015/08/29 at 17:10
can overcome my doubt , the address it is dynamic actually is the bytes that I am referring to inside the dll , at runtime

– MrHelp

2015/08/29 at 17:15
and there is yes address of bytes that it is located without more !

– MrHelp

2015/08/29 at 17:17
I think the DLL can specify a "favorite address" that accelerates the program load if there are no conflicts, but nothing guarantees that the address will not be relocated.

– epx

2015/08/31 at 03:38

Show 4 more comments