Image Base Query

[RedXVII]

So im looking at the file format of a PE. I was curious to see what happened if i changed the "image base" of my .dll library (which was 10000000h) to that of my executable (00400000h) to see what happens. i load it in the debugger and i see that it shifted my library from 00400000h to 003E0000h; of course, they cant take up the same address space. Thats all very nice but what about hard coded global variables in the library eg.

mov [globalvar], eax

if i load the dll in a hex editor, i note that that when it is loaded into memory to the different address of 003E0000h, it seems that all the global pointers/addresses (like the example above) in the hex editor and similar are detected and corrected once its loaded into memory. But im trying to figure out how its actually done, ive come down to 2 thaughts, either 1) there an extra piece of nice hardware involved inside the processor that automatically corrects it or 2) the OS scans/picks through the program and replaces corrisponding global variable pointers with the new correct values. Can anyone tell me which one/whats really happening?

Thanks alot
RedXVII  :U

[sinsi]

That's why DLLs have a .reloc section, this is used if the DLL can't be loaded at its preferred address.

[Tedd]

When the PE is built there is (can be) an extra section called ".reloc" which gives the address, size, type, etc of those 'position dependent' values. So, when the loader finds it can't load your exe/dll where you want it to, it can do a bit of calculation, and rewrite all of those address references so they magically work again once the 'image' has been relocated.
(What sinsi said, but more verbose :toothy)

[RedXVII]

Oh right, i see. I thaught there was some sort of magic involved  :red

Thanks  :U