flat assembler
Message board for the users of flat assembler.
Index
> Windows > Relocations in PE |
Author |
|
Tomasz Grysztar 25 Jul 2003, 17:44
I'll explain it on the example: lets take that lea eax,[edi+label+1] instruction, where the label points to some place in the PE image. With the default base address of 400000h and RVA of that label equal to 1000h (RVA is an address relative to the beginning of PE image in memory, that is to base address) this instruction will be assembled to 8D-87-01-10-40-00 bytes. First two are the instruction code for lea eax,[edi+imm32] and later four bytes define that imm32 value - it's base address + RVA of label + 1 = 401001h. Also, when fixups data is generated for that PE, the RVA address of that imm32 in the code is stored there. Now when the PE loader can load program at the default base, it uses that data to fix the code loaded under different address. If program has been loaded at address 500000h, it calculates the difference between that address and the default base address, and then adds that difference to every imm32 whose RVA address has been stored in the fixups table. This way that 401001h value will be changed to 501001h. You should also note that lea eax,[edi-label] cannot be fixed like that, because in this case we would need to substract the difference instead of adding it.
|
|||
25 Jul 2003, 17:44 |
|
Joshua 25 Jul 2003, 19:07
Thanks for the explanation
|
|||
25 Jul 2003, 19:07 |
|
pelaillo 09 Oct 2003, 14:18
Privalov, the former explanation works only for PE dlls. When loading a PE exe file, the loader does not calculate relocations.
Am I missing something An example (from your dll example): If assembled as DLL it works. If assembled as EXE it doesn't work because of relocations. Thanks Code: format PE GUI 4.0 ;DLL entry DllEntryPoint include '%include%\win32a.inc' section '.data' code readable executable ;added msg db 'Error description',0 ;added section '.code' code readable executable ;... proc ShowErrorMessage, hWnd,dwError .lpBuffer dd ? enter lea eax,[.lpBuffer] invoke FormatMessage,FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM,0,[dwError],LANG_NEUTRAL,eax,0,0 invoke MessageBox,[hWnd],[.lpBuffer],msg,MB_ICONERROR+MB_OK ;changed invoke LocalFree,[.lpBuffer] return ;... section '.idata' import data readable writeable ;... section '.edata' export data readable ;... section '.reloc' fixups data discardable |
|||
09 Oct 2003, 14:18 |
|
Tomasz Grysztar 09 Oct 2003, 15:25
Relocations can also be used for executables - for example Win32s needs them AFAIK. And it can't happend that anything won't work "because of relocations", what do you mean?
|
|||
09 Oct 2003, 15:25 |
|
pelaillo 09 Oct 2003, 15:51
1. Take your errormsg.asm
2. Add a data section with a sz string to be passed as title for the message box. 3. Assemble it and execute ShowErrorMessage function. It would work properly! 4. Assemble it as an exe and try to execute the same function. The value pushed as the title passed to User32.MessageBoxA function has not been relocated. The fig. shows the module loaded as dll
|
||||||||||
09 Oct 2003, 15:51 |
|
pelaillo 09 Oct 2003, 15:53
And this shows the module as exe PE.
|
||||||||||
09 Oct 2003, 15:53 |
|
Tomasz Grysztar 09 Oct 2003, 16:40
Well it seems from your example that for some reason Windows doesn't use relocation info from the files that don't have DLL flag.
|
|||
09 Oct 2003, 16:40 |
|
Betov 09 Oct 2003, 17:48
No, Win32 does not relocate PEs, unless the specified Address would be something fancyfull (not the usual 0400000, but something lower...).
Only DLLs require the .reloc Section. This is only needed for the DLLs Data, bacause, one single DLL may be used for (by) severaal different runing Applications. In such case, an image of the DLL Data is made available for each Aplication (... as you say ... as far as i can know... ). RosAsm never emit any .reloc, but for DLLs. For PE Drivers, ... i don't know at all... but i suppose it is un-needed as well. Betov. |
|||
09 Oct 2003, 17:48 |
|
pelaillo 10 Oct 2003, 09:32
It is a sad thing because the Plug-in scheme proposed by Privalov becomes harder to implement. Currently I am implementing it relocating manually, but it is annoying.
|
|||
10 Oct 2003, 09:32 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.