DLL的默认基址是0x10000000,但EXE的默认基址是0x00400000。为什么EXE特别值?4 兆字节
有什么特别之处它与x86上单页目录条目映射的地址空间量和1987年
的设计决策有关。对EXE基地址的唯一技术要求是它是一个64KB的倍数。但基地址的一些选择比其他选择更好。
选择基址的目的是最小化模块必须重新定位的可能性。这意味着不会与地址空间中已有的东西发生冲突(这将迫使您重新定位),也不会与稍后可能到达地址空间的东西发生冲突(迫使他们重新定位)。对于可执行文件,不会与稍后可能到达的内容发生冲突部分意味着避免地址空间的区域往往填充DLL。由于操作系统本身将DLL置于高地址并且非操作系统DLL的默认基址为0x10000000,这意味着可执行文件的基址应该低于0x10000000,并且越低,您拥有的空间越大在开始与DLL冲突之前。但是你能走多远?
第一部分意味着你也想避免已经存在的东西。Windows NT在低地址时没有很多东西。唯一已经存在的是一个PAGE_NOACCESS映射为零的页面,以便捕获空指针访问。因此,在Windows NT上,您可以将可执行文件基于0x00010000,并且许多应用程序都是这样做的。
但是在Windows 95上,已经存在很多东西。Windows 95虚拟机管理器将第一个64 KB的物理内存永久映射到第一个64 KB的虚拟内存,以避免CPU错误。(Windows 95 必须解决许多CPU错误固件错误。)此外,整个第一兆字节的虚拟地址空间映射到活动虚拟机的逻辑地址空间。(Nitpickers:实际上略高于一兆字节。)x86处理器的virtual-8086模式需要这种映射行为。
Windows 95与其前身Windows 3.1一样,在一个特殊的虚拟机(称为系统虚拟机)中运行Windows,为了兼容性,它仍然通过16位代码路由各种各样的东西,以确保诱饵以正确的方式嘎嘎作响。因此,即使CPU正在运行Windows应用程序(而不是基于MS-DOS的应用程序),它仍然保持虚拟机映射处于活动状态,因此它不必进行页面重映射(以及来自昂贵的TLB刷新)与它)每一次它需要去到MS-DOS兼容层。
好的,所以第一兆字节的地址空间已经不在了。那另外三兆呢?
现在我们回到文章顶部的那个小提示。
为了快速进行上下文切换,Windows 3.1虚拟机管理器将每个VM上下文“舍入”到4 MB。这样做可以通过简单地更新页面目录中的单个32位值来执行内存上下文切换。(Nitpickers:你还必须标记实例数据页面,但这只是翻了十几个位。)这种舍入导致我们失去3兆字节的地址空间,但考虑到有4千兆字节的地址空间,损失少了超过十分之一的百分比被认为是显着的绩效改善的公平权衡。(特别是因为当时没有任何应用程序接近开始划破这个限制的表面。你的整个计算机首先只有2MB的RAM!)
此内存映射已转移到Windows 95中,并进行了一些调整以处理32位Windows应用程序的单独地址空间。因此,可执行文件可以在Windows 95上加载的最低地址是4MB,即0x00400000。
极客琐事:为防止Win32应用程序访问MS-DOS兼容性区域,平面数据选择器实际上是一个向下扩展选择器,它停在4MB边界。(类似地,16位Windows应用程序中的空指针会导致访问冲突,因为空选择器无效。它不会访问中断向量表。)
链接器选择0x0400000可执行文件的默认基址,以便生成的二进制文件可以在Windows NT和Windows 95上无需重定位加载。没有人真正关心Windows 95的目标,所以原则上,链接器人员可以选择不同的现在是默认基地址。但除了使图表看起来更漂亮之外,没有真正的动机去做,特别是因为ASLR无论如何都让整个问题都没有实际意义。此外,如果他们改变它,那么人们会问,“为什么一些可执行文件的基地址为0x04000000,一些可执行文件的基地址为0x00010000?”

TL; DR:快速进行上下文切换。

The default base address for a DLL is 0x10000000, but the default base address for an EXE is 0x00400000. Why that particular value for EXEs? What’s so special about 4 megabytes
It has to do with the amount of address space mapped by a single page directory entry on an x86 and a design decision made in 1987.
The only technical requirement for the base address of an EXE is that it be a multiple of 64KB. But some choices for base address are better than others.
The goal in choosing a base address is to minimize the likelihood that modules will have to be relocated. This means not colliding with things already in the address space (which will force you to relocate) as well as not colliding with things that may arrive in the address space later (forcing themto relocate). For an executable, the not colliding with things that may arrive later part means avoiding the region of the address space that tends to fill with DLLs. Since the operating system itself puts DLLs at high addresses and the default base address for non-operating system DLLs is 0x10000000, this means that the base address for the executable should be somewhere below 0x10000000, and the lower you go, the more room you have before you start colliding with DLLs. But how low can you go?
The first part means that you also want to avoid the things that are already there. Windows NT didn’t have a lot of stuff at low addresses. The only thing that was already there was a PAGE_NOACCESS page mapped at zero in order to catch null pointer accesses. Therefore, on Windows NT, you could base your executable at 0x00010000, and many applications did just that.
But on Windows 95, there was a lot of stuff already there. The Windows 95 virtual machine manager permanently maps the first 64KB of physical memory to the first 64KB of virtual memory in order to avoid a CPU erratum. (Windows 95 had to work around a lot of CPU bugs and firmware bugs.) Furthermore, the entire first megabyte of virtual address space is mapped to the logical address space of the active virtual machine. (Nitpickers: actually a little more than a megabyte.) This mapping behavior is required by the x86 processor’s virtual-8086 mode.
Windows 95, like its predecessor Windows 3.1, runs Windows in a special virtual machine (known as the System VM), and for compatibility it still routes all sorts of things through 16-bit code just to make sure the decoy quacks the right way. Therefore, even when the CPU is running a Windows application (as opposed to an MS-DOS-based application), it still keeps the virtual machine mapping active so it doesn’t have to do page remapping (and the expensive TLB flush that comes with it) every time it needs to go to the MS-DOS compatibility layer.
Okay, so the first megabyte of address space is already off the table. What about the other three megabytes?
Now we come back to that little hint at the top of the article.
In order to make context switching fast, the Windows 3.1 virtual machine manager “rounds up” the per-VM context to 4MB. It does this so that a memory context switch can be performed by simply updating a single 32-bit value in the page directory. (Nitpickers: You also have to mark instance datapages, but that’s just flipping a dozen or so bits.) This rounding causes us to lose three megabytes of address space, but given that there was four gigabytes of address space, a loss of less than one tenth of one percent was deemed a fair trade-off for the significant performance improvement. (Especially since no applications at the time came anywhere near beginning to scratch the surface of this limit. Your entire computer had only 2MB of RAM in the first place!)
This memory map was carried forward into Windows 95, with some tweaks to handle separate address spaces for 32-bit Windows applications. Therefore, the lowest address an executable could be loaded on Windows 95 was at 4MB, which is 0x00400000.
Geek trivia: To prevent Win32 applications from accessing the MS-DOS compatibility area, the flat data selector was actually an expand-down selector which stopped at the 4MB boundary. (Similarly, a null pointer in a 16-bit Windows application would result in an access violation because the null selector is invalid. It would not have accessed the interrupt vector table.)
The linker chooses a default base address for executables of 0x0400000 so that the resulting binary can load without relocation on both Windows NT and Windows 95. Nobody really cares much about targeting Windows 95 any more, so in principle, the linker folks could choose a different default base address now. But there’s no real incentive for doing it aside from making diagrams look prettier, especially since ASLR makes the whole issue moot anyway. And besides, if they changed it, then people would be asking, “How come some executables have a base address of 0x04000000 and some executables have a base address of 0x00010000?”

TL;DR: To make context switching fast.

为什么0x00400000是可执行文件的默认基址?EXE base address start with 400000H,Why is 0x00400000 the default base address for an executable?的更多相关文章

  1. 使用Intellij Idea生成可执行文件jar,开关exe文件步骤

    确保其Java代码是没有问题的,在IDEA常执行的,然后.按以下步骤: 步骤一:打开File -> Project Structure -> Artifacts,例如以下图 步骤二:点击& ...

  2. kubernetes 简介:kube-dns 和服务发现

    服务发现 kubernetes 提供了 service 的概念可以通过 VIP 访问 pod 提供的服务,但是在使用的时候还有一个问题:怎么知道某个应用的 VIP?比如我们有两个应用,一个 app,一 ...

  3. uboot的readme

    ## (C) Copyright 2000 - 2008# Wolfgang Denk, DENX Software Engineering, wd@denx.de.## See file CREDI ...

  4. 如何在Uniapp中访问CabloyJS后端API管理系统

    介绍 CabloyJS是一款免费开源的NodeJS全栈开发框架,采用前后端分离设计,具备开箱即用的后台管理系统 Cabloy-SDK是专门为Uniapp应用量身定制的前端SDK,用于便捷的访问Cabl ...

  5. CabloyJS一站式助力微信、企业微信、钉钉开发 - 钉钉篇

    前言 现在软件开发不仅要面对前端碎片化,还要面对后端碎片化.针对前端碎片化,CabloyJS提供了pc=mobile+pad的跨端自适应方案,参见:自适应布局:pc = mobile + pad 在这 ...

  6. CabloyJS一站式助力微信、企业微信、钉钉开发 - 企业微信篇

    前言 现在软件开发不仅要面对前端碎片化,还要面对后端碎片化.针对前端碎片化,CabloyJS提供了pc=mobile+pad的跨端自适应方案,参见:自适应布局:pc = mobile + pad 在这 ...

  7. CabloyJS一站式助力微信、企业微信、钉钉开发 - 微信篇

    前言 现在软件开发不仅要面对前端碎片化,还要面对后端碎片化.针对前端碎片化,CabloyJS提供了pc=mobile+pad的跨端自适应方案,参见:自适应布局:pc = mobile + pad 在这 ...

  8. 旧书重温:0day2【2】 实验:三种获取kernel32.dll基址的方法

    0x01 找kernel32基地址的方法一般有三种: 暴力搜索法.异常处理链表搜索法.PEB法. 0x02 基本原理 暴力搜索法是最早的动态查找kernel32基地址的方法.它的原理是几乎所有的win ...

  9. 利用PyInstaller打包exe文件

    前言 平常我们通过Python写完一些小脚本之后,如果使用不频繁的话,一般会选择在DOS界面直接跑脚本,或者在IDE中运行.但当我们需要频繁使用某些脚本,或者在没有Python环境的机器上也能顺利运行 ...

随机推荐

  1. httprunner学习10-测试报告ExtentReport

    前言 httprunner默认生成的报告不怎么美观,里面还有第二套报告模板extent_report_template.html. extent_report_template 使用 hrun -h ...

  2. sublime设置默认字体样式

    因电脑配置的不同,还有个人喜好的不同,有时候想用自己喜欢的字体来写代码,想用自己习惯的字号大小来显示代码.这些又该怎样设置呢? 本节主要介绍下如何设置字体大小和样式 (1)点菜单栏 “Preferen ...

  3. Alibaba Java Coding Guidelines,以后我的Java代码规范,就靠它了

    前言 对于Java代码规范,业界有统一的标准,不少公司对此都有一定的要求.但是即便如此,庞大的Java使用者由于经验很水平的限制,未必有规范编码的意识,而且即便经验丰富的老Java程序员也无法做到时刻 ...

  4. 201671010438王奕晗实验十四 团队项目评审&课程学习总结

    个人学习总结博客 项目 内容 这个作业属于哪个课程 任课教师博客主页链接 这个作业的要求在哪里 作业链接地址 作业学习目标 完成个人软件心得总结 一.结合本学期课程学习内容,对比<实验一 软件工 ...

  5. vue 实战总结

    相对angular 和react ,本人比较喜欢vue,现在的工作项目也在用vue,前两个有朋友在问我在使用vue中有没有遇到一些很难解决的问题,一下我也只能说出一两个,所以索性就抽时间总结一下我在项 ...

  6. Ubuntu只读文件系统修复方法

    首先备份重要数据 fsck.ext4 -p /dev/sdb5 reboot

  7. 在jsp中获取SpringSecurity中已登录的用户的用户名

    1.先引入secrity的标签库 <%@ taglib prefix="security" uri="http://www.springframework.org/ ...

  8. xunit.core 控制台输出日志

    参考链接: https://www.cnblogs.com/dudu/p/9391959.html http://landcareweb.com/questions/15813/xunit-netbu ...

  9. 提交代码报错 error: failed to push some refs to

    在本人想把本地的分支推送到远程仓库时,突然出现了错误提醒error: failed to push some refs to....心里一咯噔,推不上去这还得了,手比脑快地就去google了一下. 然 ...

  10. roughViz 一个可重用,功能强大的手绘图表组件

    前段时间介绍过一个chart.xkcd 的手绘图表组件,roughViz 是另外一个,同时也提供了 比较多的图表类型,api 参考文档也比较全 支持的图表类型 Bar Horizontal Bar D ...