hi.
i have a few questions about dlls in different OSs.

let's start with win9x:
system dlls (kernel32.dll, gdi32.dll, user32.dll, ...) are loaded into
-- shared memory --, right? so all programs use the "same dll" if they access a system dll. i mean they don't use a copy of the real dll in their own process space, they all use the same dll in shared memory. is that correct so far?
but what if a program modifies some code in a system dll in shared memory. does win9x have this "feature" called "copy on write"? if no, the changes made to the dll will affect all apps using this dll, right? if yes, it will be just like in winnt (talking about this later), right?

"normal dlls" (dlls which are loaded dynamically by a special program at startup) will be loaded only into the loading process's address space, right? it won't be loaded into shared memory, or will it?
so if another program wanted to modify such a dll, it would have to do this by using WriteProcessMemory, and the changes will only affect the process which has this dll loaded (this is logical), right?


now what about winnt?
system dlls will be loaded into shared memory as well, right? but if a program modifies such a dll, copy on write will take affect: the dll will be copied from shared memory to the process's address space and the changes to the dll will be made to this copy. so the changes will only affect this one process, right?

and normal dlls are just like in win9x, right?
Posted on 2001-12-12 12:12:41 by darester
system dlls (kernel32.dll, gdi32.dll, user32.dll, ...) are loaded into
-- shared memory --, right? so all programs use the "same dll" if they access a system dll. i mean they don't use a copy of the real dll in their own process space, they all use the same dll in shared memory. is that correct so far?


no...that is not correct..they don't use a copy of the real dll, but the loaded image, which should be write-protected, but in the case of Win9x the "copy protection" is like non-existent.


but what if a program modifies some code in a system dll in shared memory. does win9x have this "feature" called "copy on write"? if no, the changes made to the dll will affect all apps using this dll, right? if yes, it will be just like in winnt (talking about this later), right?


it will affect all apps using it, right.


"normal dlls" (dlls which are loaded dynamically by a special program at startup) will be loaded only into the loading process's address space, right? it won't be loaded into shared memory, or will it?
so if another program wanted to modify such a dll, it would have to do this by using WriteProcessMemory, and the changes will only affect the process which has this dll loaded (this is logical), right?


right


now what about winnt?
system dlls will be loaded into shared memory as well, right? but if a program modifies such a dll, copy on write will take affect: the dll will be copied from shared memory to the process's address space and the changes to the dll will be made to this copy. so the changes will only affect this one process, right?
and normal dlls are just like in win9x, right?

maybe, but I don't think you can modify kernel or other system dll in winnt even in your own process.
Posted on 2001-12-12 14:34:56 by DZA