I am having a question about a function of a windows DLL that always has the same address for all versions or is it dynamic?
Example a function of user32.dll
.
This excerpt from Wikipedia answers my question. The address I was referring to is the address of the bytes located inside the DLL, the address of the function at runtime it dynamic.
You can edit the machine code using hexadecimal editors, such as for example the "debug" that runs on Windows DOS. With these programs you can see the code not in binary but in hexadecimal, as shown below in this screenshot of DOS with the debug open by editing the "v.exe" program: (key for commands and d for dump )
C:\Utility>debug v.exe
-d 0 100
0E3D:0000 CD 20 FF 9F 00 9A F0 FE-1D F0 4F 03 F0 07 8A 03 . ........O.....
0E3D:0010 F0 07 17 03 F0 07 DF 07-01 01 01 00 02 FF FF FF ................
0E3D:0020 FF FF FF FF FF FF FF FF-FF FF FF FF BD 0D 4C 01 ..............L.
0E3D:0030 D0 0C 14 00 18 00 3D 0E-FF FF FF FF 00 00 00 00 ......=.........
0E3D:0040 05 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0E3D:0050 CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20 .!...........
0E3D:0060 20 20 20 20 20 20 20 20-00 00 00 00 00 20 20 20 .....
0E3D:0070 20 20 20 20 20 20 20 20-00 00 00 00 00 00 00 00 ........
0E3D:0080 00 0D 76 2E 65 78 65 0D-44 4F 57 53 5C 73 79 73 ..v.exe.DOWS\sys
0E3D:0090 74 65 6D 33 32 5C 64 6F-73 78 0D 0D 64 61 20 72 tem32\dosx..da r
0E3D:00A0 65 64 65 20 28 63 61 72-72 65 67 61 72 20 61 6E ede (carregar an
0E3D:00B0 74 65 73 20 64 6F 20 64-6F 73 78 2E 65 78 65 29 tes do dosx.exe)
In the example above, the memory address ( segment: offset ), center the hexadecimal code and right as would be the text in ASCII. More efficient than all this would be get a dedicated program for machine code manipulation.