|
I'm writing a custom PE loader, and I finished everything except relocations, which I can't find anywhere in the EXE. I'm using Windows's notepad.exe as my initial test. Both the BASERELOC directory entry (DataDirectory[5]) and the PointerToRelocations field of the .text section are set to all 0's. Also, there is no ".reloc" section. Any ideas where these relocations would be located?
|
|
|
|
|
Hi zildjohn01,
The image may be bound. I know binding overwrites the IMAGE_THUNK_DATA entires of the IAT. But I also believe that an image which cannot load at it's preferred address (after binding) will fail to load.
Jeff
|
|
|
|
|
Since the EXE is the first thing to load into the process, and therefore there are very few allocations (a few DLLs are pre-mapped, such as kernel32.dll), it very rarely needs relocating. You might do it if you wanted to load an EXE as a DLL in another process, but more commonly you just want the resources out of it, in which case you specify LOAD_LIBRARY_AS_DATAFILE.
Because relocation is so very rarely unnecessary, the linker provides an option, /FIXED, to control generation of relocation information. Since at least VC6, the default for EXEs has been to set /FIXED and not generate relocations, and for DLLs, to set /FIXED:NO (which does generate relocations).
It's not that you can't find them, it's that they aren't there.
The relocations information in each section is really for the use of the linker to link .obj files into an .exe or .dll. In a finished DLL, only the Base Relocations (.reloc section) are present.
.NET executables have a .reloc section containing one relocation, which is a pointer to the start of the Import Address Table. When the loader loads the DLL or EXE, it overwrites this entry with the address of the function imported - for an executable, _CorExeMain in mscoree.dll. The two bytes before the address that is updated are 0xFF 0x25, which are an indirect JMP instruction. The 'entry point' field in the IMAGE_OPTIONAL_HEADER structure points to the start of this instruction, so on loading the program, Windows calls this address which immediately transfers control to _CorExeMain. DLLs are similar but use _CorDllMain. In this way, a version of Windows which knows nothing about .NET can still load a .NET program as if it were any other kind of program with very little x86 code included. I'm guessing it's compiled at this odd location - after the Import Name Table - so it's on a page that will get discarded very quickly, as this instruction will run exactly once.
I believe newer versions of the OS understand .NET programs and just invoke mscoree.dll directly, not even bothering to map this page. The 64-bit versions would have to, if they're going to create a 64-bit process (particularly on Itanium where 0xFF 0x25 means something else entirely - actually you'd get an alignment fault straightaway as that processor requires instructions to be aligned on 128-bit boundaries). If you specify /platform:itanium or /platform:x64, the C# 2.0 compiler generates a PE32+ structure, no import tables, and puts 0 in the 'entry point' field, so the 64-bit OS must understand .NET binaries directly.
DoEvents: Generating unexpected recursion since 1991
|
|
|
|
|
Awesome thanks, you guys are both right, they were resolved during linking.
My options now are to either create a separate process, or manually parse the assembly code (ugh). We'll see how this goes.
|
|
|
|
|
I'm still battling to diagnose the error below when I try and start VS 2008 as a non-admin user. This error started after an ugly shut-down of my Vista Business desktop machine. On Friday it worked, and on Monday it didn't.
I have been able to gather that this error is not unique to VS 2008, and I have performed a repair of VS that made no difference. I have also run as admin and disabled all add-ins. I believe this is a Windows registry issue, and not a VS issue. Please could somebody recommend a good registry repair tool?
Error log:
Faulting application devenv.exe, version 9.0.21022.8, time stamp 0x47317b3d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1630, application start time 0x01c889a70153ad96.
|
|
|
|
|
|
Hi, my problem is with a corrupted WinXP OS (Media Center Ed.) on a HP desktop (circa 2005).
The PC in question belongs to my 15yr old nephew ...yadda yadda yadda... it problably was subjected to a virus.
The problem was the PC could no longer start. After going through a "system recovery" mode using the F10 key, I was able to get past some problems with some apps (missing/corrupt .DLLs, etc.) and to a point where I could use the machine to copy files to CD/DVD for backup.
I tried the HP system restore and it had two methods - restore or destructive restore (basically a FORMAT). The basic restore still gave some problems down the road. It still seemed to be unstable.
Symptoms:
1) unable to run XP's System Restore - only lists two dates for restore (the day it totally crashed and the next day when I tried to recover using system applications.)
2) windows starts only in Administrator mode. There used to be option of listing available users to Login.
Questions:
A) since i can burn to DVD, which files do you recommend I save - in case need to format.
B) shouldn't I see more available Restore Points? I believe that System Restore was in ON state prior to problems.
C) I don't have NET access on this PC as it was removed/restored to basic settings. Best recommendations for getting drivers, OS files?
D) If I have to FORMAT, I want to rid this HP machine of all the junk that (HP loaded and) makes my machine run slowly. Suggestions?
Thanks for the help and advice (beyond my questions?) that you offer.
Johnny
|
|
|
|
|
A) documents and settings (should cover most of his files) and any directory he identifies as being used to store files. Also check the Program Files subdirectories, because some clever software stores its data inside the Application Directory, not the User Directory.
B) Sorry, no experience - I always disable it and backup manually.
C) Basic functionality should be available by using the installation media delivered with the computer. For updated drivers: A ***PHYSICALLY WRITE PROTECTED*** USB-Stick should do nicely. You never know what kind of malware he caught, better to avoid all risks. If you cannot get a stick with a write-protection switch, use a USB-card reader with a SD-Card. They usually all have write protection switches and the speed should be similar.
D) I don't know about HP, but Toshiba and Sony provide a two-stage-recovery, meaning that you get a clean windows after using the recovery CD and a "urgent request" to install the rest from a seperate Application CD. Just skip the App CD and you should get a clean Windows.
If the basic recovery includes the software provided by HP, deinstall it and then run some registry cleaner to remove the last traces. You could also delete the folders that are not necessary for a standard windows installation, then run the reg cleaner again...
Cheers,
Sebastian
--
"If it was two men, the non-driver would have challenged the driver to simply crash through the gates. The macho image thing, you know." - Marc Clifton
|
|
|
|
|
A) Save documents and settings and any other directory you care of, but be aware if it's virused you may care the virus/malware to the new system.
C) If you do have the HP provided OS cd it should contains all the drivers incorporated in.
After Windows is installed it will take care and install all drivers. At least that how it works with mine.
|
|
|
|
|
hi all,
i am software developer in vb.net and currently working in a company.
i have developed many applications.
my problem is to protect my coding from others, even from our system administrator.
can any one tell me how can i do this. an good example and coding would be help full for me.
thanks.
rmshah
Developer
|
|
|
|
|
r_mohd wrote: my problem is to protect my coding from others, even from our system administrator.
You can't. The system admin's have God rights, while you don't.
You should actually be asking your system admins for this, not us. There is no code that's going to protect your files from anything, at least not in the way you're implying.
|
|
|
|
|
any how, thanks.
rmshah
Developer
|
|
|
|
|
Hi,
How do you make assembly wrappers for a GNU compiler? I am confused as to how to make an assembly wrapper/macro. Upon my searches/readings, I think that there is no standard way to do it, and that it depends on your compiler/assembler.
My problem is that I have a few lines of assembly code that I keep using for several functions.. in C/C++, you would just make macros for those lines of code. How do you do that for assembly? Any pertinent feedback would be appreciated. Thanks, let me know.
Luis_the_Code
|
|
|
|
|
I know this will sound mean, but I mean it in the best way, search your assembler's docs for macros. Every asm is different, and I had no idea how complex NASM was until i delved into the docs. Sorry I don't know anything about your compiler/assembler
Also if you're using inline assembly this will (should) work:
#define MY_ASM_BLOCK __asm {mov ax, 0x40 /<br />
xchg ax, bx /<br />
}
|
|
|
|
|
How to instal exchange server?
|
|
|
|
|
Enter Cd into cdplayer - Run setup!
Seriously, do you really expect anyone to answer that question? Noone will write you a book in a forum. Try to get one here[^] instead.
There is a lot of problem solutions and tips on http://www.slipstick.com/[^]
There's also some tips on how to get a proper answer to your questions here[^].
|
|
|
|
|
Hi
Can anybody tell me how can I - as a system adminsitrator - prevent the limited users from changing wallpaper in windows XP without turning on active desktop. Since it has severe negative impact on performance.
Thanks.
reman
|
|
|
|
|
Check in the group policy settings. I'm pretty sure there are policy settings that control the desktop background, icon placement, etc. but I don't know what they are off-hand.
Scott.
—In just two days, tomorrow will be yesterday.
—Hey, hey, hey. Don't be mean. We don't have to be mean because, remember, no matter where you go, there you are. - Buckaroo Banzai
[ Forum Guidelines] [ Articles] [ Blog]
|
|
|
|
|
Open Active Directory Users and Computers. In the appropriate OU create a new Group Policy named after the purpose. If you don't have an appropriate OU, create one. Making policies that affect everything is usually bad practice as far as I'm concerned.
Edit the new policy. Under 'User Configuration - Administrative Templates - Control Panel - Display' you can 'Prevent Changing Wall Paper'.
When you're at it you can also 'Hide the Desktop Tab'.
Under 'User Configuration - Administrative Templates - Desktop - Active Desktop' you can also 'Disable Active Desktop' if performance is an issue.
|
|
|
|
|
all,
i have a very basic question "does windows XP supports snmp MIB-II by default?"
thanks
vptech
|
|
|
|
|
After few research found that the answer as Yes.
|
|
|
|
|
Hi All,
I need to determine and anticipate when the exception 'Out of memory' occur. The first easy case is scanning the virtual memory size due to 2GB limitation in Windows 32Bit OS.
But, this exception can occur in other circumstances. I suspect that the limit max of 'Commit Charge' value is reached. I don't know how to get this value.
Somebody can help me in this case ?
Thanks for the response
André Rios
|
|
|
|
|
Out of memory exceptions happen whenever the .NET Framework can't allocate any more memory in the process. Don't try to predict it. Handle the exception.
It's not a good idea to skate along the edge of the Commit Charge Limit (the size of physical memory plus the size of all page files, less whatever physical memory the OS needs for itself) because you'll be swapping.
If you're trying to be like SQL Server and cache as much data in RAM as possible without starting to swap, see the GlobalMemoryStatusEx API and the ullAvailPhys member of the MEMORYSTATUSEX structure. I believe SQL Server tries to keep this value around 10MB.
Windows XP and later provide a way to be notified when free physical memory is either low or abundant. See CreateMemoryResourceNotification for more information.
DoEvents: Generating unexpected recursion since 1991
|
|
|
|
|
My application uses a number of files, and when I run it as “Administrator”, the application opens those files with one contents; while when I run it as a current user – it opens the same files with different contents, and it maintains those copies completely separately!
What is all this Vista Shadow Copy nonsense, and how am I supposed to bypass it? I need a single copy of all files for my application, not one for each user!
Right now, Vista seems just totally unusable for this reason.
Please help!
|
|
|
|
|
This is most likely file virtualization. This is an application compatibility helper to allow programs running as standard users to appear to be able to write to protected system folders such as the Program Files or Windows folder.
This feature kicks in by default when User Account Control (UAC) is enabled, the program is not running elevated, and the program does not have a User Account Control manifest describing what rights it requires. A few other applications have virtualization turned on, for example, Internet Explorer, so that legacy add-ins still work. It must also be a 32-bit program - 64-bit programs are expected to have been written correctly for administrator/user separation.
You cannot bypass it. You should either:
- add a manifest to indicate that your application is for administration purposes (requireAdministrator) and should therefore run elevated (you will then get a UAC prompt on each run), or
- fix your application so it doesn't write to protected areas, and add a manifest to indicate that your application should run with minimum privileges (asInvoker).
As a bonus, if you follow the second route, your application will also work much better for standard (non-administrative) users on Windows 2000 and XP.
If your application needs to share files across users, it should be writing into the All Users profile.
DoEvents: Generating unexpected recursion since 1991
|
|
|
|
|