How does the CLR boot when the managed module starts? As far as I know, in Windows XP +, the OS itself recognizes the CLR header, when creating a process, loads the MSCorEE.dll into memory and calls the required method in it, which organizes the loading of the CLR. To run on Windows under XP, the IAT contains the entry mscoree!_CorExeMain . How it works? Record from itself represents nothing except as an indication of the imported function. After all, it is necessary to call her.

    1 answer 1

    If you take a .NET exe file and look in the disassembler / debugger, you can see that the EntryPoint module contains a simple JMP in mscoree._CorExeMain . This is not just an import, it is a direct call to this function.

    • Those. entry point does not contain bytecode? - D .Stark
    • one
      No, how can it contain bytecode if it should be a valid native exe-file. - Zergatul
    • Another interesting thing: how does the CLR create domains? Since these are isolated sections in which a particular .NET executable file is executed, how do they physically look? The CLR cannot break the process memory as it wants. The process has a specific structure defined by the OS. - D .Stark
    • I know that in fact, three domains are initially created: System, Shared and Default. Shared downloads domain-independent assemblies. So, what is this assembly? Should I specifically like to indicate that the assembly needs to be loaded into the SharedDomain or are all the assemblies loaded by default there? How does the interaction with the assembly code in SharedDomain occur? - D .Stark
    • @ D.Stark I don’t know how it works, better ask a separate question - Zergatul