Why?
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Tue Apr 9 18:05:47 UTC 2024
On 10/04/2024 5:22 AM, Richard (Rikki) Andrew Cattermole wrote:
> On 10/04/2024 5:18 AM, Walter Bright wrote:
>> BTW, I recall that executable files are not read into memory and then
>> jumped to. They are memory-mapped files, this is so the executable can
>> start up much faster. Pieces of the executable are loaded in on
>> demand, although the OS will speculatively load in pieces, too.
>
> That doesn't sound right.
>
> Address randomization, Windows remapping of symbols at runtime (with
> state that is kept around so you can do it later), all suggest it isn't
> like that now.
It appears to have been true as of Windows 2000.
https://learn.microsoft.com/en-us/archive/msdn-magazine/2002/march/windows-2000-loader-what-goes-on-inside-windows-2000-solving-the-mysteries-of-the-loader
See: LdrpMapDll
However I don't think those two features may have existed at the time.
As of Windows Internals 5, the cache manager uses 256kb blocks as part
of memory mapping (very useful information that!). Would be worth double
checking that this is the default for std.mmap.
So it seems I'm half right, there is no way Windows could be memory
mapping binaries when address randomization is turned on for a given
block that has rewrites for symbol locations, but it may be memory
mapping large blocks of data if it doesn't.
More information about the Digitalmars-d
mailing list