EXE offset fixup 
Author Message
 EXE offset fixup

i am curious about *how* offset fixups are done by exe loaders.

here are the thinks i came up with:

1) all public/nonrelative jump addresses are stored as ptrs in the
header. these fields are updated on load. all these calls are
call fword ptr [offset in header]

2) fields with all addresses of jump instructions are stored in the
header. ie: some field in header says: theres a jump at address xyz,
then the loader loads the bytes there and fixes the jump offset there.
( i don't think this is it, or is it?)

3) parsing code

options 1 and 2 both have the flaw of causing variable length headers,
opt3 seems to be overkill...please let me know if any of these are right
or where i could find info on this...

any help is greatly appreciated

jp
--
J.P. aka Juergen Pabel

http://www.*-*-*.com/



Tue, 06 Nov 2001 03:00:00 GMT  
 EXE offset fixup

Quote:

> i am curious about *how* offset fixups are done by exe loaders.

Juergen,

Quote:
>From the MS-DOS Encyclopedia:

"Each pointer in the table consists of a double word.  The first word
contains an offset from the segment address given in the second word,
which in turn indicates a segment address relative to the start of the
load module.  Together, these two words point to a third word within the
load module that must have the start segment address added to it. (The
start segment corresponds to the segment address at which MS-DOS started
loading the program's image, immediately following the PSP.)"

What this description does not explain is that the linker when creating
the executable image knows exactly where all locations are relative to
the start of the load module.  Therefore, all segment references are
relative to start of the load module.  Then the linker builds a table of
pointers to each of these segment references.  The DOS loader "adds" the
segment value of the PSP to the value present at that reference.  Now,
the segment value at that location correctly points to the start of the
segment as loaded in memory.

So the process is simple.  The DOS loader just adds the PSP segment
value to each value to which is pointed by the table of pointers in the
.exe header.

Hope that this answers your question.

Good luck,
Ray



Wed, 07 Nov 2001 03:00:00 GMT  
 EXE offset fixup
The exe program has a diskfile header that the Os loader uses to
relocate the program's segment referenced instructions. However
the exe header even though it sounds simple enough is somewhat
confusing the first time you decipher it. There are numerous places
to download the exe header (some with erroneous comments) on
the web, or you can email me for a copy. The two main things to
keep in mind when looking at a file dump, is first the term
"Load Module" and second the fact that the relo ptrs are little endian
Pc format. I.e. a 4 byte seg:offset relo ptr of 279:0001 will show up in
the relo table as 01 00 79 02 . In addition this ptr is referenced not
from the beginning of the disk image (which includes the exe header)
but from the beginning of the load module, which is the part of the
program that's actually loaded into a location in ram to run. You can
find the beginning of the "load module"  looking at a file dump of the
exe file and looking to offset 08h ( which is in the exe header).
At offset 08h is the size of the exe header in paragraphs. Right
after the header is the load module. So the header size is also the
offset of the load module start since the header starts at file
offset zero. So if the header is 200h in size then it starts at 0000h
in the disk image and goes thru 01FFh, and the start of the load
module would be 0200h. The load module will start with the segment
ordering of your linker ( or specific hard coded segments).  At offset
06h is a word value designating the number of relocation items.  Upon
loading the "load module" into ram the Os loader looks to offset 18h
in the disk exe header for the offset into the exe header of the
relocation table where the first 4byte seg:offset relo ptr is. And it
looks to offset 06h for the total number of relocations. This first
relo ptr (and any that may follow it depending on the value at offset
06h)  pt's to a seg:offset location into the "Load module" ( not
including the exeheader displacement) of a word value that needs
patched. The Os loader adds the "decided load address segment of the
load module in ram" to the word value sitting at the seg:offset location
pointed to by the relo ptr. Lets say that your asm source file started
out in the code segment with these instructions,
mov ax, _Code
mov bx, _Stack
mov cx, _Data
 Well in a "do nothing else" small "unpatched" load module there may very
well be something to this address range.
mov ax, 0002h ; mov bx, 0000 ; mov cx, 0001h ;
These will be word size paragraph (segment) references.  In machine code
( as you would see it in a hex file dump ) it would be, B8 02 00 BB 00 00
B9 01 00. The B's are the mov reg instruction, the following words are the
word segment values that the Os loader will add the Load module starting
address to. So in the B8 02 00 which is the mov ax, _Code instruction,  
the Os loader will (patch) add the starting Load module address to the
02 00 value. It knows where this 02 00 is sitting from the seg:offset ptr in
the relo table. So if the load addr was at abs 70000h the loader would add
the seg 7000h to the 0002. So the instruction would then read,
mov ax, 7002h  (or B8 02 70 ) . The instruction is now fixed up or patched.
Hope this helps you with the ambiguities of the exe header.


Wed, 07 Nov 2001 03:00:00 GMT  
 EXE offset fixup


Quote:
> So the process is simple.  The DOS loader just adds the PSP segment
> value to each value to which is pointed by the table of pointers in the
> .exe header.

Minor correction Ray:

The DOS loader just adds the EXE Image Base (segment address, PSP + 10h)...

--
Regards,
TK - TBD



Fri, 09 Nov 2001 03:00:00 GMT  
 EXE offset fixup

Quote:



> > So the process is simple.  The DOS loader just adds the PSP segment
> > value to each value to which is pointed by the table of pointers in the
> > .exe header.

> Minor correction Ray:

> The DOS loader just adds the EXE Image Base (segment address, PSP + 10h)...

Thomas,

Yes, of course, I was a little too quick.  Thanks for the good catch.

Ray



Sat, 10 Nov 2001 03:00:00 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. "Fixup Overflow - TLINK.EXE

2. offset offset??

3. Fixup errors

4. unsupported Fixup kind in library file

5. Fixup Overflow?

6. -=- Getting Fixups into Your Data Segment ??? -=-

7. TLINK Fixup Overflow Errors

8. fixup overflow, what does it mean

9. Fatal error LNK1190 invalid fixup found, type 0x0001

10. Fixups with >64k segments

11. 32-bit fixup in NASM .obj

12. fixup overflow ?

 

 
Powered by phpBB® Forum Software