Re: relocations in coff object files
Posted: Tue Mar 09, 2010 10:26 am
Please, refrain from using colours.heyji wrote:Hello,
The type 6 relocation - IMAGE_REL_I386_DIR32 - is calculated as the (virtual) address where the executable is loaded - called ImageBase in the PE headers, zero for COFF - and the address of the symbol in the section (A2 if I understood correctly) plus the address of the section (A1 if I understood correctly). So the value A3 is overwritten with A1+A2 (or A1+A2+Base for PE)heyji wrote: Let's say the VirtualAddress field gives a value A1 and that the address of the symbol which index in the symbol Table is SymbolTableIndex is A2. Finally let's say that at the address A1, the value is A3.
If I understand correctly the thread, the relocation 0x0006 is applied in doing :
A3+A2 be stored at A1, instead of A3 ? Is that correct ?
The type 7 relocation - IMAGE_REL_I386_DIR32NB - is almost the same, except without the ImageBase component. In the case of COFF, it would still be A1+A2 (A1+A2 for PE).
The type 10 relocation - IMAGE_REL_I386_SECTION - is simply the zero-based index of the section in the section headers table. If you have five sections, and the third one contains the symbol you are looking for, this relocation would yield the value 2. This relocation has nothing to do with (virtual) addresses, and is usually found in "debug$..." sections.
Type 11 - IMAGE_REL_I386_SECREL - is simply the offset of the symbol within the section, in your case it would be A1. This too is usually found in "debug$..." sections.
I have never encountered types 12 and 13 - IMAGE_REL_I386_TOKEN and IMAGE_REL_I386_SECREL7 - so I can't comment on that.
Type 20 - IMAGE_REL_I386_REL32 - might sound tricky first, but it is in fact quite simple. Take the virtual address B at which this relocation is applied (offset within section A1 plus virtual address of section A2). Take the virtual address of the target symbol C, which is computed the same way (A1+A2 only the values are different). The relocation is C-B, this is added to whatever dword value you find at B (most of the times it will be zero). This is usually applied to "jmp near" and "call near" assembly instructions, and the way the x86 CPU works, it takes the operand of the instruction (C-B+some value) and adds it to the address of the instruction (B + some value), yielding the correct result C. See?
Hope that helps.