flat assembler
Message board for the users of flat assembler.

Index > Windows > .reloc section

Author
Thread Post new topic Reply to topic
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 06 Feb 2018, 01:23
Code:
section '.reloc' fixups data readable discardable     


Q1: is this section related to windows programming, or general fasm programming?

Q2: what should be under this section? or it should be empty?

Q3: what is the purpose of this section? how do i use it and what will i get from it?

_________________
Asm For Wise Humans
Post 06 Feb 2018, 01:23
View user's profile Send private message Reply with quote
alexfru



Joined: 23 Mar 2014
Posts: 80
alexfru 06 Feb 2018, 03:31
A1: Windows.
A2: FASM will fill it. You don't need to do anything special about it.
A3: It contains fixups/relocations, without which the executable can only be loaded by Windows at a fixed address in memory. You can research relocation to see its benefits.
Post 06 Feb 2018, 03:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 06 Feb 2018, 04:48
In a system that uses page translation (i.e. all versions of Windows since NT) the fixups section isn't needed. But if you want to take advantage of ASLR then you'll need fixups for that.

It is also possible to write code that is 100% relocatable with no fixed addresses, and thus no fixups generated. It is tricky to do in 32-bit code, and easier to do in 64-bit code. But the Windows loader likes to fail if you have an empty fixups section. Usually you can generate a dummy fixups section to bypass the problem with the loader.
Post 06 Feb 2018, 04:48
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 06 Feb 2018, 05:07
A2: FASM will fill it.
thats nice, thanks.

revolution, the things you mentioned are way above my knowledge/understanding level.
i want to learn more, anyway thank you so much revolution.
Post 06 Feb 2018, 05:07
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 06 Feb 2018, 07:47
alexfru wrote:
A1: Windows.
A2: FASM will fill it. You don't need to do anything special about it.
A3: It contains fixups/relocations, without which the executable can only be loaded by Windows at a fixed address in memory. You can research relocation to see its benefits.

what does it affect? my data or my code?

then does it make static or dynamic?

sorry tho, i have some difficulties to understand your wording.

_________________
Asm For Wise Humans
Post 06 Feb 2018, 07:47
View user's profile Send private message Reply with quote
alexfru



Joined: 23 Mar 2014
Posts: 80
alexfru 06 Feb 2018, 07:58
Ali.A wrote:
alexfru wrote:
A1: Windows.
A2: FASM will fill it. You don't need to do anything special about it.
A3: It contains fixups/relocations, without which the executable can only be loaded by Windows at a fixed address in memory. You can research relocation to see its benefits.

what does it affect? my data or my code?

Addresses in both. Without it, addresses are fixed. With it, Windows is likely to place your program at different addresses every time you run it. You probably don't need to know more at this time.

Ali.A wrote:
then does it make static or dynamic?

I don't know what you're talking about.
Post 06 Feb 2018, 07:58
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 06 Feb 2018, 10:38
i think you are wrong, when debugging my program it appears that it have module addresses for my code.
which means they are static and they dont change, in other words not dynamic.

but my data unde section .data are dynamic, each time i load the program the address change.

with exception for section .bss which contains static data addresses.
Post 06 Feb 2018, 10:38
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 06 Feb 2018, 12:18
There is no documentation about what address Windows loads programs into when you have a .relocs section. Usually Windows just loads your program at the same address it was compiled for. But since MS don't say what happens, then it is not guaranteed to always be there. If ASLR is active then Windows might decide to relocate it, or it might decide not to. Both would be okay according to the spec.
Post 06 Feb 2018, 12:18
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2565
Furs 06 Feb 2018, 18:40
relocs are needed mostly for 32-bit dlls. Think of absolute addressing. Consider:
Code:
mov eax, some_dll_global_var    
This is essentially a:
Code:
mov eax, immediate    
instruction, with 'immediate' filled by the linker (or FASM).

Now, a DLL gets mapped/loaded into a process' addressing space. Each process has a different address space. However, what should the address of some_dll_global_var be? By default, this is based on the base address of the DLL.

However, depending on the process, this "base address" could be taken by something else. So, the dll has to be relocated to a different base address. But then our mov eax will be wrong since it will point to original absolute base address.

.reloc section stores relocations: offsets relative to the DLL's base address. In this case, one of the relocations will point to the mov eax instruction's immediate and directly change the immediate in the code. The Windows loader then goes through all such offsets, and adjusts them by the difference between the new base address and the default one. (yes, it does change the code itself before it's set to "read only", changes the immediate in this case). The format is a bit complicated, but you don't have to know that now.


Most executables don't need relocations because they are always loaded at the same address. However, ASLR (randomized base address, basically) requires relocations, for obvious reasons, even for executables.
Post 06 Feb 2018, 18:40
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 07 Feb 2018, 01:55
ok guys i have a question:

- what api is responsible for get imae base address?
Post 07 Feb 2018, 01:55
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 1228
Location: Belarus
DimonSoft 07 Feb 2018, 08:12
Ali.A wrote:
ok guys i have a question:

- what api is responsible for get imae base address?

You may try GetModuleHandle. The HMODULE it returns is actually the image base address since 32-bit versions of Windows.
Post 07 Feb 2018, 08:12
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 732
Ali.Z 07 Feb 2018, 13:47
thank you.
Post 07 Feb 2018, 13:47
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.