我们可以重新设置kernel32.dll的基础吗?这样两个进程的加载地址是不同的 [英] can we rebase kernel32.dll ? such that load address is different for two processes

问题描述

特别是我想知道kernel32.dll加载地址是否可以在同一会话中的两个进程不同? 我想使用createremote线程，所以只想知道在任何情况下远程进程中的kernel32加载地址是否可以不同于注入进程?

specifically i want to know if kernel32.dll load address can be different for two processes within the same session ? I want to use createremote thread so just wanted to know if kernel32 load address in remote process can be different from the injecting process in any scenario ?

推荐答案

出于安全原因，系统DLL被加载到随机地址(ASLRed)上，以使远程攻击者无法猜测系统上代码的位置在内存中(即远程攻击者无法猜测您计算机上的指针).

System DLLs are loaded at random addresses (ASLRed) for security reasons so that a remote attacker can't guess where bits of code on your system are living in memory (i.e. remote attackers can't guess pointers on your computer).

这是每次引导一次，因此，kernel32将在系统中所有进程中的相同地址处加载.

This happens once per boot, and hence kernel32 will be loaded at the same address in all processes across your system.

这篇关于我们可以重新设置kernel32.dll的基础吗?这样两个进程的加载地址是不同的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！