Why do I need the relocation information inside the exe file?

Started by Sergiu FUNIERU, February 26, 2010, 02:47:50 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

clive

#15
February 26, 2010, 08:31:12 PM
Yes, time to grab the wooden stakes..

Other areas of consideration are EXE files that export functionality, or are otherwise co-loaded into the same address space as another EXE (ie not the same logical address, but in the same task context).

This is why I used "probably" and "maybe", sure 99.99% of all applications will not need relocations, but there are some specific situations where it maybe important/appropriate. I thought about the 0.01% and then considered the number of people out of the populous who user assembler to write Win32 apps.

Finally consider that Microsoft changes what it is doing from time to time, what they do today is not what they did in 1993, and 2GB of memory may look like a pitiful amount in 2013. 64K should be enough for anyone, right?

-Clive
It could be a random act of randomness. Those happen a lot as well.

BlackVortex

#16
February 26, 2010, 08:34:17 PM
That's why I used quotation marks when I said "always"

2gbs is a pitiful amount today

clive

#17
February 26, 2010, 08:59:46 PM
Quote from: BlackVortex on February 26, 2010, 08:34:17 PM
2gbs is a pitiful amount today

But hopefully your applications are still smaller than that, kind of half imagining a bloated Microsoft "Hello World!" app starting at 2GB. Grab the stakes quickly...

-Clive
It could be a random act of randomness. Those happen a lot as well.

hutch--

#18
February 27, 2010, 01:30:55 AM
Funny enough I have actually found a use for leaving the OS loader to resolve conflicting DLL load addresses in a test piece recently. Its relatively easy to set up a random order to load DLLs with LoadLibrary()/GetProcAddress() so if they all default to the same load address the OS loader plops each DLL where it best fits n the order that the caller makes the calls.

Its a technique to dynamically alter the load address of various bits of code that an application uses to add a bit more misery to the life of people who want to perform in memory patching.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

BlackVortex

#20
February 27, 2010, 04:47:18 PM
Skilled mem patchers do everything dynamically. getting the base of a module is easy.
Dll rebasing is also happening all the time in normal operation. In my trainers, I never miss ...

A better approach would be to make important code parts relocatable (delta offset etc etc) and then you can decrypt-load them where you want, use memory page protection to hinder writing and as soon as it's finished executing, deallocate the page used. And check important APIs for software breakpoints. Also, you can use the exception handler trick to check for hardware breakpoints.

Vortex

#21
February 28, 2010, 09:45:45 AM
You will need the relocation information if you wish to load and run PEs from memory.

BogdanOntanu

#22
February 28, 2010, 11:51:26 AM
You will also need relocations in executables for ASLR (Address Space Layout Randomization)
Ambition is a lame excuse for the ones not brave enough to be lazy.
http://www.oby.ro
Print
Go Up Pages 1 2
User actions