What does MapViewOfFile return? [duplicate]

问题

This question already has an answer here:

Closed 7 years ago.

Possible Duplicate:
Why won't the loader load at the desired location

"MapViewOfFile", does this function map a file into the virtual memory and return the base address of the mapped memory?? If yes, then the following code should output 0X400000, beacuse by default, exe's are loaded at this location, but the output is 0X360000. Why??

#include<iostream>
#include<Windows.h>
#include<stdio.h>
#include<WinNT.h>


int main()
{


HANDLE  hFile,hFileMapping;
LPVOID lpFileBase;


if((hFile = CreateFile(TEXT("c:\\linked list.exe"),GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0)) == INVALID_HANDLE_VALUE)
    std::cout<<"unable to open";

if((hFileMapping = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL)) == 0)
{
    CloseHandle(hFile);
    std::cout<<"unable to open for mapping";
}

if((lpFileBase = MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0))== 0)
{
    CloseHandle(hFile);
    CloseHandle(hFileMapping);
    std::cout<<"couldn't map view of file";
}

printf("%x\n",lpFileBase);

}

回答1:

The 0X400000 you researched has nothing to do with normal file mapping.

You can imagine MapViewOfFile as a malloc+memcpy of the file you are opening, nothing more (under the hood it is the reverse: malloc can use a slab'ed memory mapping). So MapViewOfFile normally just chooses an address where it can fit the file view's bytes continuously in memory.

What you probably want (since you are trying to map an .exe) is to create a new Process with it CreateProcess.

If you really need the file to be mapped at a specific address you can use MapViewOfFileEx, but there are no guarantees.

回答2:

Yes, MapViewOfFile returns the virtual memory base address where the image has been loaded. The value (content) of this address depends on whether the image has been successfully loaded at its predefined address (which has been setup by the linker) or whether the image has been relocated (because the desired, predefined address is already occupied or because the image has opt-in to support ASLR).

回答3:

To convert an RVA into a file offset, find a delta and use that. I assume you're trying to do something like look at where an RVA in the dataDirectory structure of a PE file points to, after memory-mapping the PE file? Look at the IMAGE_SECTION_HEADER struct:

typedef struct _IMAGE_SECTION_HEADER {  
BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];  
union {  
          DWORD   PhysicalAddress;  
          DWORD   VirtualSize;  
  } Misc;  
  DWORD   VirtualAddress;  
  DWORD   SizeOfRawData;  
  DWORD   PointerToRawData;  
  DWORD   PointerToRelocations;  
  DWORD   PointerToLinenumbers;  
  WORD    NumberOfRelocations;  
  WORD    NumberOfLinenumbers;  
  DWORD   Characteristics;  
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;  

You'll want to make a delta by finding the difference in the section's VirtualAddress and PointerToRawData value. Then, for an RVA into a given section, subract off the delta to get the file offset.

In my experience this is different for each section. So if you have an RVA into the second section listed in the section table, the delta will be different from the second section listed in the section table. For this it helps to have a function to determine what section an RVA points into. And you should edit your question to show that this is the question you're asking.

来源：https://stackoverflow.com/questions/9718616/what-does-mapviewoffile-return