4

It's my understanding (mainly from Wikipedia's article on the Portable Executable format), that Windows DLLs don't use position-independent code and instead have a link-time-defined preferred base address. In the event that two libraries' base addresses conflict, though, one needs to be relocated via its relocation table.

Is this PE relocation similar to ELF's GOT and PLT (process-local tables in the .data sections that require each absolute address to go through indirection), or is it more like a dynamic-relocation (at load-time all absolute addresses are translated)? If the latter, does this have problems on x64?

Zane Beckwith
  • 443
  • 2
  • 11

1 Answers1

3

The situation is different between WIN32 and WIN64.

For WIN32 images where relocation information is present (non-EXEs, typically), all absolute addresses in the binary code each have a corresponding fixup record so that the address can be patched up by the loader in case the module's preferred load address has already been taken by something else.

For WIN64 images, the situation is similar in principle, but in reality nearly all 64-bit instructions actually use a position-independent encoding where offsets are IP-relative and not absolute, so far fewer relocation fixups are necessary (if at all).

500 - Internal Server Error
  • 28,327
  • 8
  • 59
  • 66
  • So, for WIN32 the relocation is done at load-time, and then at runtime the memory references are direct? How often do DLLs require relocation (if I download a library from some 3rd party, what's the probability that it has relocation information)? – Zane Beckwith Oct 30 '15 at 19:59
  • In WIN64, even with RIP-relative addressing, don't you still need things analogous to the GOT and PLT of the ELF format? – Zane Beckwith Oct 30 '15 at 20:00
  • `So, for WIN32 the relocation is done at load-time, and then at runtime the memory references are direct? ` - correct. `How often do DLLs require relocation` that's going to depend on several things; was reasonably random load address picked? do you happen to not have other common modules that use an overlapping address range as it's preferred address? `(if I download a library from some 3rd party, what's the probability that it has relocation information)?` almost 100 percent, they'd be shooting themselves in the foot otherwise in case you already use something else at their address. – 500 - Internal Server Error Oct 30 '15 at 20:12
  • I am not intimately familiar with the ELF format, sorry - someone with better knowledge of that will have to step in. – 500 - Internal Server Error Oct 30 '15 at 20:13
  • This is very helpful, thank you. Let me rescind my ELF question: I now realize that if memory references are direct, there will be no need for tables like the GOT and PLT, which are populated at load-time and allow indirect addressing. – Zane Beckwith Oct 30 '15 at 20:23
  • On WIN64, how does the loader get around the x64 relocation issue discussed in http://stackoverflow.com/questions/7865059/why-does-gcc-force-pic-for-x64-shared-libs – Zane Beckwith Oct 30 '15 at 20:26
  • Note that if ASLR bits are enabled (more modern toolchains might do it by default) , the load address will be randomized. (ASLR) – Marco van de Voort Nov 06 '15 at 13:47