Relocations for PE exeutables

Relocations for PE exeutables

Post by Jacky Lu » Sat, 26 Jul 2003 20:54:16



I'm just building a PE disassembler using DJGPP. As discussed in the PE
document found in wotsit.org written by LUEVELSMEYER, there is a paragraph
that I'm wondering if it always holds true. It says something like if you
want to find a particular byte to disassemble in a file, you don't need to
load the code into memory, you just work it out with some calculations. e.g.
"if the executation starts at RVA 0x1560, and want to disassemble the code
starting there. To find the address in the "file" (emphasis), you will have
to find out the sections in RAM are aligned to 4096 bytes and the ".code"
section starts at RVA 0x1000 in RAM is 16384 bytes long; then you know that
RVA 0x1560 is at offset 0x560 in that section (it sounds like a guess,
sounds no true v2loadimage happening) Find out that the sections are aligned
to 512-byte-borders in the file and that ".code" begins at offset 0x800 in
the file, and you know that the code execution start is at byte
0x800+0x560=0xd60 in the file" I quoted it from the article, the location
seems to me like a wild guess.To my understanding, it means just that
(disassembling without loading). I'm just wondering if there is a relocation
for any types of segments, without loading it, can it give you the correct
results of where a segment jump jumps to, or referring to the correct data?
like DOS programs, a relocation is really important, but does it always hold
true for PE programs?
Thanks
Jack
 
 
 

1. Creating Win32 excutable files (PE format)

Are there any tools for djgpp so that I can create Win32 excutable files (PE
format)? It doesn't matter if it still only runs in a console window, but as
long as it can access the systems DLL (like DX or GL).

Thanx 4 any help :)

2. Accessing thread-specific storage within signal handlers

3. PE executable format

4. 600 dpi laserprinter -- HP or Apple?

5. New EXE header-formats (NE/PE/LE/LX) - Detailled Description needed !!

6. OO-Browser does not understand Lisp defstruct options?

7. COFF - relocation entries

8. aRGHh!!

9. Relocation.

10. Relocation and linking

11. Relocation and linking (fwd)

12. The .EXE programs's relocation-header

13. dos .exe relocation