aspack 处理重定位表的过程
前两天有同学问我dll重定位的事儿,跟了一下aspack,其实重定位表的处理非常简单,简单记录下。100CE1BD 8B03 MOV EAX, DWORD PTR DS:
100CE1BF 8785 91050000 XCHG DWORD PTR SS:, EAX
100CE1C5 8B95 7D040000 MOV EDX, DWORD PTR SS: ; 实际加载基址
100CE1CB 8B85 89050000 MOV EAX, DWORD PTR SS: ; PE建议的基址
100CE1D1 2BD0 SUB EDX, EAX ; 基址正确则不需要走重定位
100CE1D3 74 79 JE SHORT kk.100CE24E
100CE1D5 8BC2 MOV EAX, EDX
100CE1D7 C1E8 10 SHR EAX, 0x10
100CE1DA 33DB XOR EBX, EBX
100CE1DC 8BB5 95050000 MOV ESI, DWORD PTR SS: ; 重定位表
100CE1E2 03B5 7D040000 ADD ESI, DWORD PTR SS: ; +基址
100CE1E8 833E 00 CMP DWORD PTR DS:, 0x0 ; 完了没有?
100CE1EB 74 61 JE SHORT kk.100CE24E
100CE1ED 8B4E 04 MOV ECX, DWORD PTR DS: ; SizeOfBlock
100CE1F0 83E9 08 SUB ECX, 0x8
100CE1F3 D1E9 SHR ECX, 1 ; 求得项数base->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION))/2
100CE1F5 8B3E MOV EDI, DWORD PTR DS: ; VirtualAddress
100CE1F7 03BD 7D040000 ADD EDI, DWORD PTR SS: ; +基址
100CE1FD 83C6 08 ADD ESI, 0x8
100CE200 66:8B1E MOV BX, WORD PTR DS: ; TypeOffset
100CE203 C1EB 0C SHR EBX, 0xC
100CE206 83FB 01 CMP EBX, 0x1
100CE209 74 0C JE SHORT kk.100CE217
100CE20B 83FB 02 CMP EBX, 0x2
100CE20E 74 16 JE SHORT kk.100CE226
100CE210 83FB 03 CMP EBX, 0x3 ; IMAGE_REL_BASED_HIGHLOW
100CE213 74 20 JE SHORT kk.100CE235
100CE215 EB 2C JMP SHORT kk.100CE243
100CE217 66:8B1E MOV BX, WORD PTR DS:
100CE21A 81E3 FF0F0000 AND EBX, 0xFFF
100CE220 66:01041F ADD WORD PTR DS:, AX
100CE224 EB 1D JMP SHORT kk.100CE243
100CE226 66:8B1E MOV BX, WORD PTR DS:
100CE229 81E3 FF0F0000 AND EBX, 0xFFF
100CE22F 66:01141F ADD WORD PTR DS:, DX
100CE233 EB 0E JMP SHORT kk.100CE243
100CE235 66:8B1E MOV BX, WORD PTR DS:
100CE238 81E3 FF0F0000 AND EBX, 0xFFF ; 去高4位得到rva
100CE23E 01141F ADD DWORD PTR DS:, EDX ; EDi+EBX 基址+ rva,EDX为实际加载基址的差值
100CE241 EB 00 JMP SHORT kk.100CE243
100CE243 66:830E FF OR WORD PTR DS:, 0xFFFF
100CE247 83C6 02 ADD ESI, 0x2 ; next
100CE24A^ E2 B4 LOOPD SHORT kk.100CE200
100CE24C^ EB 9A JMP SHORT kk.100CE1E8 ; next表
坐沙发,静静的阅读 注释很清晰,学习了。 给个目标文件 方便让大家来比对
向楼主学习!向楼主致敬!
页:
[1]