Skip to content

Dynamic relocations support#353

Merged
erocarrera merged 7 commits intoerocarrera:masterfrom
pspcreateprocess:feature_dynamic_relocations
Feb 1, 2023
Merged

Dynamic relocations support#353
erocarrera merged 7 commits intoerocarrera:masterfrom
pspcreateprocess:feature_dynamic_relocations

Conversation

@pspcreateprocess
Copy link
Copy Markdown
Contributor

@pspcreateprocess pspcreateprocess commented Sep 12, 2022

Adds support of IMAGE_DYNAMIC_RELOCATION_TABLE in PE file.
There are also issues about extending format of IMAGE_LOAD_CONFIG_DIRECTORY here #220 and here #317.
I added support of load config because it contains dynamic relocation information.

From winnt.h:

//
// Dynamic value relocation table in loadconfig
//

typedef struct _IMAGE_DYNAMIC_RELOCATION_TABLE {
    DWORD Version;
    DWORD Size;
//  IMAGE_DYNAMIC_RELOCATION DynamicRelocations[0];
} IMAGE_DYNAMIC_RELOCATION_TABLE, *PIMAGE_DYNAMIC_RELOCATION_TABLE;

//
// Dynamic value relocation entries following IMAGE_DYNAMIC_RELOCATION_TABLE
//

#include "pshpack1.h"

typedef struct _IMAGE_DYNAMIC_RELOCATION32 {
    DWORD      Symbol;
    DWORD      BaseRelocSize;
//  IMAGE_BASE_RELOCATION BaseRelocations[0];
} IMAGE_DYNAMIC_RELOCATION32, *PIMAGE_DYNAMIC_RELOCATION32;

typedef struct _IMAGE_DYNAMIC_RELOCATION64 {
    ULONGLONG  Symbol;
    DWORD      BaseRelocSize;
//  IMAGE_BASE_RELOCATION BaseRelocations[0];
} IMAGE_DYNAMIC_RELOCATION64, *PIMAGE_DYNAMIC_RELOCATION64;

typedef struct _IMAGE_DYNAMIC_RELOCATION32_V2 {
    DWORD      HeaderSize;
    DWORD      FixupInfoSize;
    DWORD      Symbol;
    DWORD      SymbolGroup;
    DWORD      Flags;
    // ...     variable length header fields
    // BYTE    FixupInfo[FixupInfoSize]
} IMAGE_DYNAMIC_RELOCATION32_V2, *PIMAGE_DYNAMIC_RELOCATION32_V2;

typedef struct _IMAGE_DYNAMIC_RELOCATION64_V2 {
    DWORD      HeaderSize;
    DWORD      FixupInfoSize;
    ULONGLONG  Symbol;
    DWORD      SymbolGroup;
    DWORD      Flags;
    // ...     variable length header fields
    // BYTE    FixupInfo[FixupInfoSize]
} IMAGE_DYNAMIC_RELOCATION64_V2, *PIMAGE_DYNAMIC_RELOCATION64_V2;

Some description of dynamic relocations structures could also be found here.
And some example code here.
Also related to that is a retpoline presentation with details about dynamic relocation types like IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION.

@erocarrera erocarrera merged commit db572d5 into erocarrera:master Feb 1, 2023
@erocarrera
Copy link
Copy Markdown
Owner

erocarrera commented Feb 1, 2023

This is a great PR, thank you!

@zjgcjy zjgcjy mentioned this pull request Apr 12, 2023
Merged
zjgcjy
zjgcjy reviewed Apr 12, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@zjgcjy zjgcjy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

find some mistakes

Comment thread pefile.py
__IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION_format__ = (
"IMAGE_INDIR_CONTROL_TRANSFER_DYNAMIC_RELOCATION",
(
"I:12,PageRelativeOffset",
Copy link
Copy Markdown
Contributor

@zjgcjy zjgcjy Apr 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

type error, which is actually WORD

Comment thread pefile.py
"I,DynamicValueRelocTableOffset",
"H,DynamicValueRelocTableSection",
"H,Reserved2",
"I,GuardRFVerifyStackPointerFunctionPointer"
Copy link
Copy Markdown
Contributor

@zjgcjy zjgcjy Apr 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing comma

@zjgcjy
Copy link
Copy Markdown
Contributor

zjgcjy commented Apr 12, 2023

#374 has fixed them

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@zjgcjy zjgcjy zjgcjy left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pspcreateprocess @erocarrera @zjgcjy