Page 2 of 2

Re: relocations in coff object files

Posted: Tue Mar 09, 2010 10:26 am
by ru2aqare
heyji wrote:Hello,
Please, refrain from using colours.
heyji wrote: Let's say the VirtualAddress field gives a value A1 and that the address of the symbol which index in the symbol Table is SymbolTableIndex is A2. Finally let's say that at the address A1, the value is A3.

If I understand correctly the thread, the relocation 0x0006 is applied in doing :
A3+A2 be stored at A1, instead of A3 ? Is that correct ?
The type 6 relocation - IMAGE_REL_I386_DIR32 - is calculated as the (virtual) address where the executable is loaded - called ImageBase in the PE headers, zero for COFF - and the address of the symbol in the section (A2 if I understood correctly) plus the address of the section (A1 if I understood correctly). So the value A3 is overwritten with A1+A2 (or A1+A2+Base for PE)

The type 7 relocation - IMAGE_REL_I386_DIR32NB - is almost the same, except without the ImageBase component. In the case of COFF, it would still be A1+A2 (A1+A2 for PE).

The type 10 relocation - IMAGE_REL_I386_SECTION - is simply the zero-based index of the section in the section headers table. If you have five sections, and the third one contains the symbol you are looking for, this relocation would yield the value 2. This relocation has nothing to do with (virtual) addresses, and is usually found in "debug$..." sections.

Type 11 - IMAGE_REL_I386_SECREL - is simply the offset of the symbol within the section, in your case it would be A1. This too is usually found in "debug$..." sections.

I have never encountered types 12 and 13 - IMAGE_REL_I386_TOKEN and IMAGE_REL_I386_SECREL7 - so I can't comment on that.

Type 20 - IMAGE_REL_I386_REL32 - might sound tricky first, but it is in fact quite simple. Take the virtual address B at which this relocation is applied (offset within section A1 plus virtual address of section A2). Take the virtual address of the target symbol C, which is computed the same way (A1+A2 only the values are different). The relocation is C-B, this is added to whatever dword value you find at B (most of the times it will be zero). This is usually applied to "jmp near" and "call near" assembly instructions, and the way the x86 CPU works, it takes the operand of the instruction (C-B+some value) and adds it to the address of the instruction (B + some value), yielding the correct result C. See?

Hope that helps.

Re: relocations in coff object files

Posted: Tue Mar 09, 2010 12:11 pm
by heyji
Definitely it helps a lot. Though some uncertainties I would like to check.

In my formalism, A1 is given by the VirtualAddress field of the relocation information. It is defined in the specs as I reported: The address of the item to which relocation is applied. This is the offset from the beginning of the section, plus the value of the section’s RVA/Offset field. Though unless the item to which relocation is applied is a section (is it ?) A1 is not the address of the section as you understood ?

It looks like A1 is rather what you define later as B: the address at which relocation is applied, isn't it ?

Alexandre.

Re: relocations in coff object files

Posted: Tue Mar 09, 2010 1:09 pm
by ru2aqare
heyji wrote:Definitely it helps a lot. Though some uncertainties I would like to check.

In my formalism, A1 is given by the VirtualAddress field of the relocation information. It is defined in the specs as I reported: The address of the item to which relocation is applied. This is the offset from the beginning of the section, plus the value of the section’s RVA/Offset field. Though unless the item to which relocation is applied is a section (is it ?) A1 is not the address of the section as you understood ?

It looks like A1 is rather what you define later as B: the address at which relocation is applied, isn't it ?

Alexandre.
I don't actually have the specifications in front of me right now, so I can't say for sure.