Does a function of a Windows DLL have the same address?

0

I am having a question about a function of a windows DLL that always has the same address for all versions or is it dynamic?

Example a function of user32.dll .

This excerpt from Wikipedia answers my question. The address I was referring to is the address of the bytes located inside the DLL, the address of the function at runtime it dynamic.

You can edit the machine code using hexadecimal editors, such as for example the "debug" that runs on Windows DOS. With these programs you can see the code not in binary but in hexadecimal, as shown below in this screenshot of DOS with the debug open by editing the "v.exe" program: (key for commands and d for dump )

C:\Utility>debug v.exe
-d 0 100
0E3D:0000  CD 20 FF 9F 00 9A F0 FE-1D F0 4F 03 F0 07 8A 03   . ........O.....
0E3D:0010  F0 07 17 03 F0 07 DF 07-01 01 01 00 02 FF FF FF   ................
0E3D:0020  FF FF FF FF FF FF FF FF-FF FF FF FF BD 0D 4C 01   ..............L.
0E3D:0030  D0 0C 14 00 18 00 3D 0E-FF FF FF FF 00 00 00 00   ......=.........
0E3D:0040  05 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00   ................
0E3D:0050  CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20   .!...........
0E3D:0060  20 20 20 20 20 20 20 20-00 00 00 00 00 20 20 20           .....
0E3D:0070  20 20 20 20 20 20 20 20-00 00 00 00 00 00 00 00           ........
0E3D:0080  00 0D 76 2E 65 78 65 0D-44 4F 57 53 5C 73 79 73   ..v.exe.DOWS\sys
0E3D:0090  74 65 6D 33 32 5C 64 6F-73 78 0D 0D 64 61 20 72   tem32\dosx..da r
0E3D:00A0  65 64 65 20 28 63 61 72-72 65 67 61 72 20 61 6E   ede (carregar an
0E3D:00B0  74 65 73 20 64 6F 20 64-6F 73 78 2E 65 78 65 29   tes do dosx.exe)

In the example above, the memory address ( segment: offset ), center the hexadecimal code and right as would be the text in ASCII. More efficient than all this would be get a dedicated program for machine code manipulation.

    
asked by anonymous 29.08.2015 / 04:57

1 answer

1

Forget the address of the function. It is variable and does not matter. The fact of showing the same is a coincidence and can not be used as something guaranteed. You just have to know what function to use and in most cases what DLL it is to load it. Just this.

The most important thing about getting the address you already know. If it were fixed it would not need a function for this.

Only documented information. What is not documented, can change without you knowing.

The address at that time only matters in more advanced issues.

The question has changed, but the information remains the same. You can not trust the address of the function and you do not have to do this. When you need her address just ask the operating system to tell you where the address is with GetProcAddress .

    
29.08.2015 / 12:38