Timeline for Program with no dependencies
Current License: CC BY-SA 3.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 25, 2013 at 17:04 | comment | added | PhoeniX | @peter ferrie of cause as it is loaded only once and mapped to other processes after that. The thing I was referring here is that you cannot (should not) hard code the kernel32.dll base address into the executable itself. | |
| May 25, 2013 at 15:41 | comment | added | peter ferrie | @MMavipc that behavior was introduced in Windows XP, to avoid the crashing problem when a process did not import from kernel32.dll, and so it was not loaded explicitly.@ph0sec that's not exactly correct, either - ASLR applies only to the first time that kernel32.dll (and ntdll.dll, too) is loaded. After that, it is at a common address across all processes. | |
| May 25, 2013 at 6:53 | comment | added | PhoeniX | @MMavipc regarding the same address is not always right as in the Vista and Win 7 family, the ASLR was introduced to brake this assumption. | |
| May 25, 2013 at 6:47 | comment | added | Avery3R | @ph0sec yep, the windows loader always loads in kernel32.dll as well, and always at the same address. | |
| May 25, 2013 at 6:25 | comment | added | PhoeniX | So, kernel32.dll will be always loaded into the processes event if the PE image does not reference it anywhere in the code? | |
| May 24, 2013 at 22:02 | history | answered | Avery3R | CC BY-SA 3.0 |