CorFlags.exe/32BIT +如何工作? [英] How does CorFlags.exe /32BIT+ work?

问题描述

我想我的问题是关于 CLR 加载程序的.我想了解 CorFlags.exe 功能.

I guess my question is about the CLR Loader. I want to understand the mechanics behind CorFlags.exe /32BIT+ functionality.

我们知道，当启动在64位Windows上设置了 Any CPU 标志的程序集时，它将作为64位进程启动.如果在该程序集上运行CorFlags /32BIT+，它将作为32位进程启动.我认为这是一个令人着迷的功能.

We know that when one starts an assembly compiled with the Any CPU flag set on 64-bit Windows, it starts as a 64-bit process. If one run CorFlags /32BIT+ on that assembly, it will start as a 32-bit process. I think this is a fascinating feature.

我对此有很多疑问:

1. 如何实施?
2. OS Loader是否参与其中?
3. 是否可以构建一个自定义应用程序(我猜是非托管应用程序)，该应用程序可以随意加载32位或64位CLR?

是否有文章，书籍，博客等说明此功能的内部运作方式?

Is there an article, book, blog, etc that explains the inner workings of this feature?

推荐答案

在我所知的任何地方，这都没有得到很好的记录，我只能将您引向相关的MSDN文章.是的，您的假设是正确的，Windows XP及更高版本中的加载程序具有托管可执行文件的意识.它会自动加载.NET加载程序填充程序(c:\ windows \ system32 \ mscoree.dll)，相关入口点为

This isn't well documented in any place I know of, I can only point you to a relevant MSDN article. Yes, your assumption is correct, the loader in Windows XP and up has awareness of managed executables. It automatically loads the .NET loader shim (c:\windows\system32\mscoree.dll), the relevant entrypoint is _CorValidateImage(). The Remarks section in the linked MSDN article describes the mechanism that turns a 32-bit .exe file into a 64-bit process:

在Windows XP和更高版本中，操作系统加载程序通过检查公共对象文件格式(COFF)头中的COM描述符目录位来检查托管模块.设置的位表示受管模块.如果加载程序检测到托管模块，它将加载MsCorEE.dll并调用_CorValidateImage，它执行以下操作:

In Windows XP and later versions, the operating system loader checks for managed modules by examining the COM Descriptor Directory bit in the common object file format (COFF) header. A set bit indicates a managed module. If the loader detects a managed module, it loads MsCorEE.dll and calls _CorValidateImage, which performs the following actions:

• 确认该映像是有效的托管模块.
• 将图像中的入口点更改为公共语言运行库(CLR)中的入口点.
• 对于Windows的64位版本，通过将其从PE32格式转换为PE32 +格式来修改内存中的图像.
• 在加载受管模块映像时返回到加载器.

• Confirms that the image is a valid managed module.
• Changes the entry point in the image to an entry point in the common language runtime (CLR).
• For 64-bit versions of Windows, modifies the image that is in memory by transforming it from PE32 to PE32+ format.
• Returns to the loader when the managed module images are loaded.

对于可执行映像，操作系统加载程序然后调用 _CorExeMain函数，而不考虑可执行文件中指定的入口点.对于DLL程序集映像，加载程序调用_CorDllMain 功能.

For executable images, the operating system loader then calls the _CorExeMain function, regardless of the entry point specified in the executable. For DLL assembly images, the loader calls the _CorDllMain function.

_CorExeMain或_CorDllMain执行以下操作:

_CorExeMain or _CorDllMain performs the following actions:

• 初始化CLR.
• 从程序集的CLR标头中找到托管入口点.
• 开始执行.

• Initializes the CLR.
• Locates the managed entry point from the assembly's CLR header.
• Begins execution.

受管模块时，加载程序将调用_CorImageUnloading函数 图像被卸载.但是，此功能不执行任何操作 行动;它只是返回.

The loader calls the _CorImageUnloading function when managed module images are unloaded. However, this function does not perform any action; it just returns.

这篇关于CorFlags.exe/32BIT +如何工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！