Thread: relative virtual addresses confusion

  1. #1
    Registered User
    Join Date
    Oct 2009
    Posts
    8

    relative virtual addresses confusion

    hey i have a bit confusion about relative virtual address i understand it first but then again thought about it and got confused hopefully someone will calarify to me what's it's this is about

    suppose rva in iat section it uses rva right ? then it uses that address to calculate real content of the file ok so here why doesn't it just jmp at the address of that function directly instead of using a temp like variable ? also as far as i understand it's used for iat tables or it got other uses ? Please someone calarify to me what's it uses in details

  2. #2
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by MrNoobah View Post
    suppose rva in iat section it uses rva right ? then it uses that address to calculate real content of the file ok so here why doesn't it just jmp at the address of that function directly instead of using a temp like variable ? also as far as i understand it's used for iat tables or it got other uses ? Please someone calarify to me what's it uses in details
    Without the IAT the executable loader would have to make a huge number of fixups in the code segment. With the IAT, all the loader has to do is pass once through the table and add the true VMA to each entry.

    This can reduce the number of fixups by many thousands of times for a complex DLL. And because Windows loads and unloads DLLs like nobody's business, being able to do it quickly is important.

    There's another ENORMOUS reason why we do not directly modify the code segment. This would prevent us from being able to share code pages between different instances of the DLL. Essentially, it would completely defeat the purpose of having a DLL, which is to allow the same code to be loaded only ONCE into memory. If two processes load the same DLL at different addresses, then they will have different IATs. That's a much smaller impact than having two complete copies of the DLL in memory at the same time.
    Last edited by brewbuck; 10-13-2009 at 02:30 PM.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  3. #3
    Registered User
    Join Date
    Oct 2009
    Posts
    8
    Quote Originally Posted by brewbuck View Post
    Without the IAT the executable loader would have to make a huge number of fixups in the code segment. With the IAT, all the loader has to do is pass once through the table and add the true VMA to each entry.

    This can reduce the number of fixups by many thousands of times for a complex DLL. And because Windows loads and unloads DLLs like nobody's business, being able to do it quickly is important.

    There's another ENORMOUS reason why we do not directly modify the code segment. This would prevent us from being able to share code pages between different instances of the DLL. Essentially, it would completely defeat the purpose of having a DLL, which is to allow the same code to be loaded only ONCE into memory. If two processes load the same DLL at different addresses, then they will have different IATs. That's a much smaller impact than having two complete copies of the DLL in memory at the same time.
    but using rva wouldn't alrdy get translated to dll real address in the end so it's the same ? also rva is only used for IAT ? or it has other uses aswell ?

  4. #4
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Can you rephrase the question? I don't understand it.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  5. #5
    Registered User
    Join Date
    Oct 2009
    Posts
    8
    when rva get's translated to the address of the function let's say printf which is in IAT table of our pe format to get it's address we add rva to load address of it (as msdn specifcation says)
    which get translated to it's real address wouldn't it be easier to use real address from the begging ?

  6. #6
    Registered User
    Join Date
    Oct 2009
    Posts
    8
    for example to get image base address which is first byte the file was loaded in we add loaded address to rva k but why in we don't load with image base address to begin with instead of all that stuff ?

  7. #7
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by MrNoobah View Post
    for example to get image base address which is first byte the file was loaded in we add loaded address to rva k but why in we don't load with image base address to begin with instead of all that stuff ?
    What if two DLLs both request the same base address? Obviously they cannot both load at the same place in memory. Windows will need to move ("rebase") one of them to a different base VMA.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  8. #8
    Registered User
    Join Date
    Oct 2009
    Posts
    8
    yes your right i didn't know that windows rebase makes sense lol all that over some simple thing
    thanks

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Virtual Box
    By ssharish2005 in forum Tech Board
    Replies: 3
    Last Post: 02-12-2009, 05:08 AM
  2. overhead of virtual functions
    By coletek in forum C++ Programming
    Replies: 4
    Last Post: 01-12-2009, 12:56 PM
  3. Replies: 48
    Last Post: 09-26-2008, 03:45 AM
  4. C++ XML Class
    By edwardtisdale in forum C++ Programming
    Replies: 0
    Last Post: 12-10-2001, 11:14 PM
  5. Exporting Object Hierarchies from a DLL
    By andy668 in forum C++ Programming
    Replies: 0
    Last Post: 10-20-2001, 01:26 PM