I'm now reading the PE FILE SPEC. "RVA" "VA" "BaseAddress" "Preferred base address", I can't figure them out.
Thx in advance.
I'm now reading the PE FILE SPEC. "RVA" "VA" "BaseAddress" "Preferred base address", I can't figure them out.
Thx in advance.
VA: Virtual address. The location of an object in virtual memory
RVA: Relative virtual address. The location of an object, relative to the base address
Base address: The virtual address at which a DLL is loaded
Preferred base address: The virtual address at which a DLL should be loaded if no relocations are to be performed
Example. foobar.dll has a preferred base address of 0x78000000. If the DLL is loaded at that particular address, then no relocation processing is necessary. If it loads at some non-preferred address (for instance, because something else is already located at 0x78000000), then the runtime linker will need to perform relocations. Suppose there is a variable inside the DLL, which is located at an RVA of 0x1000. This means that it has a VA of base_address + 0x1000. If the DLL was loaded at the preferred base, this address will be 0x78000000 + 0x1000 == 0x78001000. Otherwise, it will be at some other address.
DLLs are always loaded at an address which is a multiple of 64k -- that is, the last four digits of the base address are always zero, even if loaded in a non-preferred location.
Code://try //{ if (a) do { f( b); } while(1); else do { f(!b); } while(1); //}
That's impressive. Thanks very much.
I read the PE File spec again and I found this:
IMAGE_FILE_RELOCS_STRIPPED 0x0001 Image only, Windows CE, Windows NT and above. Indicates that the file does not contain base relocations and must therefore be loaded at its preferred base address. If the base address is not available, the loader reports an error. Operating systems running on top of MS-DOS (Win32s™) are generally not able to use the preferred base address and so cannot run these images. However, beginning with version 4.0, Windows will use an application’s preferred base address. The default behavior of the linker is to strip base relocations from EXEs.
Microsoft Portable Executable and Common Object File Format Specification
Microsoft Corporation
Revision 6.0 - February 1999
What's the mean of this "Indicates that the file does not contain base relocations"? if the file contains, where could i find it!
foobar.dll has a preferred base address of 0x78000000. You mean that the address of 0x78000000 is the address in the virtual memory space specified by the loader?
The relocations are contained in the RELOC section. You can see it by dumping the section headers with the dumpbin utility. If the IMAGE_FILE_RELOCS_STRIPPED flag is set, it means this section does not exist. Without the reloc section, the loader cannot load the DLL at a non-preferred base address (because it doesn't know how to do the required fixups).Originally Posted by icefight
It is the DLL which specifies that number. The loader simply looks at that and tries to put the DLL in that location. If it can't, it will have to perform relocations.foobar.dll has a preferred base address of 0x78000000. You mean that the address of 0x78000000 is the address in the virtual memory space specified by the loader?
Code://try //{ if (a) do { f( b); } while(1); else do { f(!b); } while(1); //}
Oh,I get it.
Thanks very much,brewbuck.
I appreciate your helping me.
