问题
I just learned ImageBase is specified in PE format,and OS will load it to the exact position for .EXE , then comes the question:
what if two .EXE is requiring the same ImageBase location?
回答1:
Incase of 2 EXE's, they have Completely Different Address Spaces...Every Executable has its own space.
This means, every time you execute an EXE, it is assigned its own independent 4GB (on 32bit systems, although the process can use just part of it, the rest goes the kernel.) worth address space. It's Virtual Address Space. It's different from your Physical Memory.
So there's no conflict.
Technically, a PE can load just about anywhere, but the default ImageBase is 0x400000.
Now, Lets say you have an EXE and it loads a couple of DLL's (which happen to have the same ImageBase)...In this case, The first DLL loads fine, the second one gets relocated (or "rebased"). Each DLL has a .reloc Section which contains data about updating references within the code.
回答2:
you can use Process Explorer to see the value the ImageBase and Base addresses of any running application (with its DLLs). Based on these values you can see whether rebasing has taken place.
来源:https://stackoverflow.com/questions/3740976/about-imagebase-of-exe-in-windows