flat assembler
Message board for the users of flat assembler.

Index > Windows > Relocations in PE

Author
Thread Post new topic Reply to topic
Joshua



Joined: 12 Jul 2003
Posts: 56
Location: Belgium
Joshua 25 Jul 2003, 17:09
Privalov,

I have a question:
Since you can do 'lea eax,[edi+label]', doesn't this give problems with relocations also? If it doesn't, then does 'lea eax,[edi+label+1]'? These both assemble so i assume there isn't a prob with relocation. Is it then perhaps possible to include 100000000h-label as a seperate definition in the relocation structure? This way 'lea eax,[edi-label] should compile too and we wouldn't need the workaround, but more likely i'm completely missing everything. Just thought i'd ask...
Post 25 Jul 2003, 17:09
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8349
Location: Kraków, Poland
Tomasz Grysztar 25 Jul 2003, 17:44
I'll explain it on the example: lets take that lea eax,[edi+label+1] instruction, where the label points to some place in the PE image. With the default base address of 400000h and RVA of that label equal to 1000h (RVA is an address relative to the beginning of PE image in memory, that is to base address) this instruction will be assembled to 8D-87-01-10-40-00 bytes. First two are the instruction code for lea eax,[edi+imm32] and later four bytes define that imm32 value - it's base address + RVA of label + 1 = 401001h. Also, when fixups data is generated for that PE, the RVA address of that imm32 in the code is stored there. Now when the PE loader can load program at the default base, it uses that data to fix the code loaded under different address. If program has been loaded at address 500000h, it calculates the difference between that address and the default base address, and then adds that difference to every imm32 whose RVA address has been stored in the fixups table. This way that 401001h value will be changed to 501001h. You should also note that lea eax,[edi-label] cannot be fixed like that, because in this case we would need to substract the difference instead of adding it.
Post 25 Jul 2003, 17:44
View user's profile Send private message Visit poster's website Reply with quote
Joshua



Joined: 12 Jul 2003
Posts: 56
Location: Belgium
Joshua 25 Jul 2003, 19:07
Thanks for the explanation
Post 25 Jul 2003, 19:07
View user's profile Send private message Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo 09 Oct 2003, 14:18
Privalov, the former explanation works only for PE dlls. When loading a PE exe file, the loader does not calculate relocations.
Am I missing something Question

An example (from your dll example):
If assembled as DLL it works. If assembled as EXE it doesn't work because of relocations.

Thanks

Code:
format PE GUI 4.0 ;DLL
entry DllEntryPoint

include '%include%\win32a.inc'

section '.data' code readable executable ;added
msg db 'Error description',0 ;added

section '.code' code readable executable
;...
proc ShowErrorMessage, hWnd,dwError
  .lpBuffer dd ?
        enter
        lea     eax,[.lpBuffer]
        invoke  FormatMessage,FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM,0,[dwError],LANG_NEUTRAL,eax,0,0
        invoke  MessageBox,[hWnd],[.lpBuffer],msg,MB_ICONERROR+MB_OK ;changed
        invoke  LocalFree,[.lpBuffer]
        return
;...
section '.idata' import data readable writeable
;...
section '.edata' export data readable
;...
section '.reloc' fixups data discardable
    
Post 09 Oct 2003, 14:18
View user's profile Send private message Yahoo Messenger Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8349
Location: Kraków, Poland
Tomasz Grysztar 09 Oct 2003, 15:25
Relocations can also be used for executables - for example Win32s needs them AFAIK. And it can't happend that anything won't work "because of relocations", what do you mean?
Post 09 Oct 2003, 15:25
View user's profile Send private message Visit poster's website Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo 09 Oct 2003, 15:51
1. Take your errormsg.asm
2. Add a data section with a sz string to be passed as title for the message box.
3. Assemble it and execute ShowErrorMessage function. It would work properly!
4. Assemble it as an exe and try to execute the same function. The value pushed as the title passed to User32.MessageBoxA function has not been relocated.

The fig. shows the module loaded as dll


Description:
Filesize: 9.01 KB
Viewed: 11493 Time(s)

dll.png


Post 09 Oct 2003, 15:51
View user's profile Send private message Yahoo Messenger Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo 09 Oct 2003, 15:53
And this shows the module as exe PE.


Description: module loaded as exe
Filesize: 8.26 KB
Viewed: 11491 Time(s)

exe.png


Post 09 Oct 2003, 15:53
View user's profile Send private message Yahoo Messenger Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8349
Location: Kraków, Poland
Tomasz Grysztar 09 Oct 2003, 16:40
Well it seems from your example that for some reason Windows doesn't use relocation info from the files that don't have DLL flag.
Post 09 Oct 2003, 16:40
View user's profile Send private message Visit poster's website Reply with quote
Betov



Joined: 17 Jun 2003
Posts: 98
Betov 09 Oct 2003, 17:48
No, Win32 does not relocate PEs, unless the specified Address would be something fancyfull (not the usual 0400000, but something lower...).

Only DLLs require the .reloc Section. This is only needed for the DLLs Data, bacause, one single DLL may be used for (by) severaal different runing Applications. In such case, an image of the DLL Data is made available for each Aplication (... as you say Wink ... as far as i can know... Smile ).

RosAsm never emit any .reloc, but for DLLs. For PE Drivers, ... i don't know at all... but i suppose it is un-needed as well.


Betov.
Post 09 Oct 2003, 17:48
View user's profile Send private message Visit poster's website Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo 10 Oct 2003, 09:32
It is a sad thing because the Plug-in scheme proposed by Privalov becomes harder to implement. Currently I am implementing it relocating manually, but it is annoying.
Post 10 Oct 2003, 09:32
View user's profile Send private message Yahoo Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.