I am curious to know how the Loader maps DLL into Process Address Space. How does the loader do that magic?
Solution
What level of detail are you looking for? On the basic level, all dynamic linkers work pretty much the same way:
Dynamic libraries are compiled to relocatable code (using relative jumps instead of absolute, for example).
The linker finds an appropriately-sized empty space in the memory map of the application, and reads the DLL's code and any static data into that space.
The dynamic library contains a table of offsets to the start of each exported function, and calls to the DLL's functions in the client program are patched at load-time with a new destination address, based on where the library was loaded.
Most dynamic linker systems have some system for setting a preferred base address for a particular library. If a library is loaded at its preferred address, then the relocation in steps 2 and 3 can be skipped.