在Windows下的动态加载库的地址范围 [英] Address range of a dynamically loaded library under Windows
问题描述
我有一个工作程序加载插件与 LoadLibrary 。
I have a working program that loads plugins with LoadLibrary.
新要求:在代码的某个时刻,我给了一个指针,我需要测试这个指针是否指向插件的代码或静态数据。
New requirement: at some point in the code, I'm given a pointer, and I need to test whether this pointer points into the code or static data of a plugin.
bool is_pointer_into_plugin(void *p, HMODULE h);
同样,我需要检索指针指向的插件(如果有的话)。我还需要知道指针是否指向主程序的代码或静态数据(理想情况下区分只读和读写区域)。
Equivalently, I need to retrieve the plugin into which a pointer points, if any. I also need to know if the pointer points into the main program's code or static data (and ideally, distinguish between read-only and read-write areas).
HMODULE plugin_containing_pointer(void *p);
同样,我需要能够检索插件所在的范围(地址和大小)映射。我还需要这个主程序的信息。
Equivalently, I need to be able to retrieve the extent (address and size) at which a plugin is mapped. I also need this information for the main program.
如何实现 is_pointer_into_plugin 或 plugin_containing_pointer 或相当的东西?
How can I implement is_pointer_into_plugin, or plugin_containing_pointer, or something equivalent?
我可以将呼叫更改为 LoadLibrary if必要。查找应尽可能相当快,加载时代码不需要很快。在单独的进程中运行插件并通过共享内存进行通信不是一种选择。该程序必须运行在Windows XP及以上(和Linux,但这是另一个问题)。
I can change the call to LoadLibrary if necessary. The lookup should be reasonably fast as possible, the load-time code doesn't need to be fast. Running the plugins in separate processes and communicating through shared memory is not an option. The program must run on Windows XP and up (and Linux, but that's another question).
我需要的信息或多或少是Sysinternals实用程序 listdlls 报告,所以我试图找出它的实现。我看到使用建议 ://msdn.microsoft.com/en-us/library/windows/desktop/ms684280%28v=vs.85%29.aspxrel =nofollow noreferrer> NtQueryInformationProcess 以检索 PEB 结构链接到 LDR_DATA_TABLE_ENTRY 。看起来很有希望,但是:
The information I need is more or less what the Sysinternals utility listdlls reports, so I tried to find out how it's implemented. I saw a suggestion of using NtQueryInformationProcess to retrieve a PEB structure which links to a LDR_DATA_TABLE_ENTRY. Looks promising, but:
- 我可以看到一个
DllBase作为每个DLL的起始地址(是吗?),但没有大小。 -
NtQueryInformationProcess的文档将其标记为不可移植,但是我并没有提出任何替代方案。 - 在我的系统上,
PEB中的唯一字段是BeingDebugged和SessionId加上一些保留 N字节数组 - 不是一个好兆头。
- I can see a
DllBasewhich looks like it might be the starting address of each DLL (is it?), but no size. - The documentation of
NtQueryInformationProcessmarks it as unportable, but doesn't suggest an alternative for what I'm trying to do. - On my system, the only fields in
PEBareBeingDebuggedandSessionId, plus someReservedNbyte arrays — not a good sign.
如何枚举插件的地址范围,或测试是否指针在插件中,或者确定指针指向哪个插件?
How can I enumerate the address range of the plugins, or test whether a pointer is within a plugin, or determine which plugin a pointer points into?
推荐答案
GetModuleHandleEx 使用 GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS 标志将告诉您哪个模块指针指向。从那里你可以学习模块头来找出哪个部分。但整个运动闻起来很有趣。为什么你关心指针指向哪个插件?
GetModuleHandleEx with the GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS flag will tell you which module a pointer points into. From that you can study the module headers to figure out which section. But the entire exercise smells funny. Why do you care which plugin a pointer points to?
这篇关于在Windows下的动态加载库的地址范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
