is that an RVA is relative to the beginning of the image when it is mapped as an
executable(meaning that distances are calculated using section alignment).
This means that if you just open an executable as a regular file and try to access
it, you might run into problems where RVAs won’t point to the right place.
This is because RVAs are computed using the file’s section alignment (which is
effectively its in-memory alignment), and not using the file alignment.Dynamically Linked Libraries
Dynamically linked libraries (DLLs) are a key feature in a Windows. The idea
is that a program can be broken into more than one executable file, where each
executable is responsible for one feature or area of program functionality. The
benefit is that overall program memory consumption is reduced because exe-
cutables are not loaded until the features they implement are required. Addi-
tionally, individual components can be replaced or upgraded to modify or
improve a certain aspect of the program. From the operating system’s stand-
point, DLLs can dramatically reduce overall system memory consumption
because the system can detect that a certain executable has been loaded into
more than one address space and just map it into each address space instead of
reloading it into a new memory location.
It is important to differentiate DLLs from build-time static libraries (.lib
files) that are permanently linked into an executable. With static libraries, the
code in the .libfile is statically linked right into the executable while it is
built, just as if the code in the .libfile was part of the original program source
code. When the executable is loaded the operating system has no way of
knowing that parts of it came from a library. If another executable gets loaded
that is also statically linked to the same library, the library code will essentially
be loaded into memory twice, because the operating system will have no idea
that the two executables contain parts that are identical.
Windows programs have two different methods of loading and attaching to
DLLs in runtime. Static linking (not to be confused with compile-time static
linking!) refers to a process where an executable contains a reference to
another executable within its import table. This is the typical linking method
that is employed by most application programs, because it is the most conve-
nient to use. Static linking is implementing by having each module list the
modules it uses and the functions it calls within each module (this is called the
import table). When the loader loads such an executable, it also loads all mod-
ules that are used by the current module and resolves all external references so
that the executable holds valid pointers to all external functions it plans on
calling.
Runtime linking refers to a different process whereby an executable can
decide to load another executable in runtime and call a function from that exe-
cutable. The principal difference between these two methods is that with96 Chapter 3