Why are they used to call functions in DLLs?
Why can’t I call them using their absolute address?
After all, aren’t they all loaded to my 4GB address space?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Why are they used to call functions in DLLs?
Why can’t I call them using their absolute address?
After all, aren’t they all loaded to my 4GB address space?
Relative calling is used for intra-modular calls, calling direct memory addresses is certainly possible though (this is done with quite a bit with WinAPI functions):
This is mainly due to the fact that windows dlls can’t be reallocated (plus they sit in a special address space, as each app has its own ‘view’ of the system dll’s), but user dlls can easily reallocate (especially with ASLR). see wikipedia’s article on this as well.
Also, don’t confuse indirect symbol table calls(aka inter-modular calls) with purely relative calls. if your calling functions outside of the current module, you’ll get a relative call to the absolute address stored in the symbol table:
or a better, real-world version:
All of this pretty much depends on your compiler as well, some my do direct calls to symbols for everything, some will only do it for system dlls and/or COM interfaces.
Just btw, on 32bit x86, you technically don’t have 4gb available in userland apps, its generally 3gb.