2

I wonder why some Windows executables do have relocations. Why is there a need for it when an executable always can be loaded at any virtual address, unlike a DLL?

rollstuhlfahrer
  • 3,988
  • 9
  • 25
  • 38
def
  • 521
  • 4
  • 16

2 Answers2

2

yes, relocation in EXE is optional and can be stripped. but if we want /DYNAMICBASE - generate an executable image that can be randomly rebased at load time by using the address space layout randomization (ASLR) - we need relocs. so this i be say only for security reasons. like security cookies in stack, Control Flow Guard and etc.. - all this is optional but used

RbMm
  • 31,280
  • 3
  • 35
  • 56
0

that because of pointers and address reference look to this code :

int i;
int *ptr = &i;

If the linker assumed an image base of 0x10000, the address of the variable i will end up containing something like 0x12004. At the memory used to hold the pointer "ptr", the linker will have written out 0x12004, since that's the address of the variable i. If the loader for whatever reason decided to load the file at a base address of 0x70000, the address of i would be 0x72004. The .reloc section is a list of places in the image where the difference between the linker assumed load address and the actual load address needs to be factored in.

zerocool
  • 3,256
  • 2
  • 24
  • 40
  • 1
    What the reason the linker may have to load the executable at different base? None. – def Mar 15 '18 at 00:56
  • 2
    if the address is reserved by other process – zerocool Mar 15 '18 at 01:02
  • 1
    I do not follow. Can you elaborate? – def Mar 16 '18 at 02:06
  • "if the address is reserved by other process" - this doesnt make sense. We are talking about virtual addresses here. each process has its own virtual address space. – Sahil Singh Feb 05 '21 at 16:32
  • @SahilSingh I agree with you, but let's take as an example global mapped files Like DLLs that are mapped to every process(kernel32.dll) in the same address for all of the processes running, if the linker can load the process to that address because it's a global map conflict with the DLL then it will relocate it as I told you above. – zerocool Feb 06 '21 at 09:22