为什么函数的地址每次运行都会改变? [英] Why does the address of a function change with every run?

问题描述

我正在努力将地址映射到其符号以进行调试(获取调用堆栈).MS dbghelp.dll可以从地址中识别符号(请参见 SymFromAddr ，

I'm struggling with mapping addresses to their symbols for debugging purposes (getting the callstack). The MS dbghelp.dll can tell the symbol from an address (see SymFromAddr, MSDN). However, it doesn't work and I wonder how this could ever work, because addresses seem to change with every run of the program:

#include <iostream>
void Foo() {}

int _tmain(int argc, _TCHAR* argv[])
{
    const long unsigned int addr = reinterpret_cast<long unsigned int>(&Foo);
    std::cout << "Address: " << std::hex << addr << std::endl;
    return 0;
}

输出:

D:\dev\Sandbox\Debug>Sandbox.exe
Address: 901320
D:\dev\Sandbox\Debug>Sandbox.exe
Address: ce1320
D:\dev\Sandbox\Debug>Sandbox.exe
Address: 3a1320
D:\dev\Sandbox\Debug>Sandbox.exe
Address: 3f1320

另一个程序如何从堆栈跟踪中读取地址并将其映射到函数?对我来说，这听起来像魔术.在链接的文档中找不到任何内容，该内容表明我必须从地址中减去某些内容.

How could a different program ever read address like from a stacktrace and map it to functions? This sounds like magic to me. I didn't find anything in the linked documentation which says I would have to subtract something from the address or whatever.

据我了解，由于我们克服了实模式，因此每个进程无论如何都具有虚拟内存空间，因此不再需要为加载地址掷骰子.我会理解在使用DLL而不是主要可执行文件的情况下绝对地址的不确定性.

In my understanding since we overcome the real-mode every process has a virtual memory space anyway, so no need to roll the dice for a load address any more. I would understand uncertainties of absolute address in case of DLLs, but not the main executable.

在Win7上使用VS2008进行了尝试.

Tried on Win7 with VS2008.

推荐答案

地址空间布局随机化

这篇关于为什么函数的地址每次运行都会改变?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！