Windows下的动态加载库的地址范围 [英] Address range of a dynamically loaded library under Windows
问题描述
我有一个加载插件与<一个工作程序href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx\"><$c$c>LoadLibrary.
I have a working program that loads plugins with LoadLibrary.
新要求:在该code某些时候,我给一个指针,而我需要测试是否该指针指向到一个插件的code或静态数据
New requirement: at some point in the code, I'm given a pointer, and I need to test whether this pointer points into the code or static data of a plugin.
bool is_pointer_into_plugin(void *p, HMODULE h);
等价,我需要检索插件成一个指针指向,如果有的话。我还需要知道,如果指针指向到主程序中的code或静态数据(理想情况下,只读和读写区域区分)。
Equivalently, I need to retrieve the plugin into which a pointer points, if any. I also need to know if the pointer points into the main program's code or static data (and ideally, distinguish between read-only and read-write areas).
HMODULE plugin_containing_pointer(void *p);
等效地,我需要能够检索在该插件被映射的程度(地址和大小)。我还需要这些信息的主要程序。
Equivalently, I need to be able to retrieve the extent (address and size) at which a plugin is mapped. I also need this information for the main program.
我如何能实现 is_pointer_into_plugin 或 plugin_containing_pointer ,或一些相同呢?
How can I implement is_pointer_into_plugin, or plugin_containing_pointer, or something equivalent?
我可以改变,如果需要调用调用LoadLibrary 。查找应该相当快地,负载时间code不需要要快。运行在单独的进程插件,并通过共享内存通信是不是一种选择。该程序必须运行在Windows XP及以上(和Linux,但是这是<一个href=\"http://stackoverflow.com/questions/12589443/address-range-of-a-dynamically-loaded-library-under-linux\">another问题)。
I can change the call to LoadLibrary if necessary. The lookup should be reasonably fast as possible, the load-time code doesn't need to be fast. Running the plugins in separate processes and communicating through shared memory is not an option. The program must run on Windows XP and up (and Linux, but that's another question).
我需要的信息是多了还是少了什么Sysinternals的工具 listdlls的 报告,所以我试图找出它是如何实现的。我看到了一个<一个href=\"http://forum.sysinternals.com/listdlls-functionality-or-source-$c$c_topic21678.html\">suggestion使用<一个href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/ms684280%28v=vs.85%29.aspx\"><$c$c>NtQueryInformationProcess检索<一href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/aa813706%28v=vs.85%29.aspx\"><$c$c>PEB结构链接到一个<一个href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/aa813708%28v=vs.85%29.aspx\"><$c$c>LDR_DATA_TABLE_ENTRY.看起来很有希望,但是:
The information I need is more or less what the Sysinternals utility listdlls reports, so I tried to find out how it's implemented. I saw a suggestion of using NtQueryInformationProcess to retrieve a PEB structure which links to a LDR_DATA_TABLE_ENTRY. Looks promising, but:
- 我可以看到一个
DllBase这看起来可能是每个DLL(是吗?)的起始地址,但没有大小。 -
NtQueryInformationProcess的文件标记为不可移植,但并不意味着什么,我试图做一个选择。 - 在我的系统,在
PEB的唯一字段是BeingDebugged和的SessionID,再加上一些保留的 N 的字节数组 - 不是一个好兆头
- I can see a
DllBasewhich looks like it might be the starting address of each DLL (is it?), but no size. - The documentation of
NtQueryInformationProcessmarks it as unportable, but doesn't suggest an alternative for what I'm trying to do. - On my system, the only fields in
PEBareBeingDebuggedandSessionId, plus someReservedNbyte arrays — not a good sign.
我怎么能列举插件的地址范围,或者测试一个指针是否是一个插件内,或确定哪些插件一个指针指向到?
How can I enumerate the address range of the plugins, or test whether a pointer is within a plugin, or determine which plugin a pointer points into?
推荐答案
的 GetModuleHandleEx 与 GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS 标志将告诉你哪些模块一个指针指向成。从可以学习模块头找出哪些部分。但是整套动作的气味好笑。为什么你关心哪个插件指针指向?
GetModuleHandleEx with the GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS flag will tell you which module a pointer points into. From that you can study the module headers to figure out which section. But the entire exercise smells funny. Why do you care which plugin a pointer points to?
这篇关于Windows下的动态加载库的地址范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
