|
|
|
|
|
|
by asveikau
1628 days ago
|
|
|
That's not true. You're not considering different virtual addresses backed by the same pages. Yes, the loader will create file-backed memory mappings and not redundantly store read-only parts. However, it is free to load it at a different address in each process. This can happen via ASLR, or if the mapping is already claimed by the time the module loads. They may get the same base address repeatedly in multiple processes and work most of the time, but it's not guaranteed. |
|
|
> That's not true. You're not considering different virtual addresses backed by the same pages.
technically I suppose, but PEs don't tend to be relocatable, so if it mapped it in at different virtual addresses that would be extremely unlikely to be backed by the same pages as much of the just-mapped-in code would need relocs