那么大多数二进制文件是由reloc表组成的吗? [英] So most of the binary is composed of reloc table?
问题描述
我只是用objdump -x ...检查PE文件的各个部分.
I just used objdump -x ... to check the sections of a PE file.
大约有90,000行重定位条目:
There's about 90,000 lines of reloc entries:
reloc 92 offset bc0 [524bc0] HIGHLOW
reloc 93 offset bc4 [524bc4] HIGHLOW
....
大多数PE文件的大部分空间是否都由上述重定位条目组成,这是否成立?
Does it hold true that the majority space of most PE files are composed of the reloc entries like above?
这些条目是做什么用的?
What are those entries for?
更新
任何人都可以像上面那样解释重定位条目的工作原理吗?
Anyone can explain how the relocation entries work like above?
推荐答案
当内存中存在基本冲突时,需要重定位.如果动态链接库希望将其代码段加载到某个内存空间中,但是当另一个模块已经对其进行了复制时,则必须将其加载到其他位置.但是,通过将其加载到不同的地址空间中,会弄乱该库引用的所有绝对引用.例如,假设可执行文件具有一个名为int dummy;的全局变量,并且该变量位于0x602315中.每当访问/写入此变量时,程序都会执行以下操作码(假定该代码位于0x524BBE中,与您提到的条目相同):
Relocations are needed when there is a base conflict in the memory. If a dynamic-link-library wants to load its code section in a certain memory space but when it has already been accupied by another module, it must be loaded in a different place. However, by loading it in a different address space, it messes up all the absolute reference that the library referred to. For example, let's say that the executable has a global variable called int dummy; and the variable is located in 0x602315. Whenever this variable is accessed/written, the program executes the following opcode (assuming that the code is located in 0x524BBE, same as the entry that you mentioned):
0x524BBE: MOV EAX, DWORD PTR DS:[0x602315];//move dummy to eax register to do stuff
当库加载到其他空间中时,由于其他模块已经占用了地址空间0x602315,因此0x602315不会指向该变量.因此,要变通解决此问题,您必须告诉PE加载程序将位移(|new base address-expected base address|)添加/减去到该值(0x602315).为此,每个PE都包含一个称为重定位表的表,该表包含代码中引用此变量的所有偏移量.
When the library is loaded in the different space, 0x602315 will not point to the variable since the address space 0x602315 has already been taken by some other module. Therefore to workaround this problem, you must tell the PE loader to add/subtract the displacement (|new base address-expected base address|) to this value(0x602315). To do this each PE contains a table called relocation table and this table contains all the offsets in your code refers to to this variable.
因此,假设库加载为0x700000,而不是0x524000(预期的基本偏移量).然后,PE加载程序将要做的就是查找表中的条目,并将位移(0x700000-0x524000 = 0x1DC000)添加到偏移量(0x602315)中,这样您加载的代码将如下所示:
So, let's say instead of 0x524000(expected base offset), the library was loaded at 0x700000. Then, what PE loader will do is look up the entries in the table and add the displacement(0x700000-0x524000=0x1DC000) to the offset (0x602315) such that your loaded code will look like this:
0x700BBE: MOV EAX, DWORD PTR DS:[0x7DE315];//move dummy to eax register to do stuff
可以正常运行,因为它指向变量dummy的正确位置.
which will run fine because it's point to the correct location of the variable dummy.
回到您的问题,objdump的输出显示该表的每个条目. 92可能表示条目的索引,BC0是您访问变量的代码的相对地址,[524BC0]将是相对地址+预期基本偏移量的结果. HIGHLOW只是一种重定位(本质上保留给以后使用.目前,只有一种重定位(HIGHLOW)正在使用,因此您不必担心其他类型).加载程序读取此条目时,它将更改0x524BC0的值以反映此更改.
Going back to your question, the output of objdump is showing each entry of this table. 92 probably means the index of the entry, BC0 is the relative address of the code where you access the variable, [524BC0] would be the result of relative address + expected base offset. and HIGHLOW is just a type of relocation(This is essentially reserved for future use. Currently, there's only one type of relocation(HIGHLOW) that is being used so you don't have to worry about other types). When the loader reads this entry, it will change the value of 0x524BC0 to reflect this change.
关于由.reloc表组成的PE的多数空间的问题,答案为这取决于.如果您的程序经常访问全局变量和常量,那么它将有一个巨大的重定位表,因为加载程序必须更新的地方太多了.
With respect to your question about majority space of PE composed of .reloc table, the answer is it depends. If your program makes a frequent access to global variables and constants, it will have a huge relocation table because theres so much places that the loader has to update.
这篇关于那么大多数二进制文件是由reloc表组成的吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
