tags:

views:

384

answers:

3

Hi,

I am reading about COFF file formats, which is commonly used to create an executable file format (it has some variants also).

While reading, I came across the relocation section of the format. How is this relocation section used to create an executable file.

It would be very useful if you point me to some links which will help me

+4  A: 

Relocation is used to place executable code in its own memory space in a process. For example, if you try to load two dlls that both request the same base address (ie, the same place in memory), then one of the dlls will have to be relocated to another address. NTCore is a useful site for exploring Portable Executable (PE) files, which is what COFF is now called. Here is another site that explains relocation pretty well.

omellet
+1  A: 

An unintended addition use of relocation is (de-)obfuscating binaries at run time with no additional unpacking code. See this paper.

Cthulhon
+2  A: 

Actually, with COFF there are 2 types of relocation information:

  1. COFF Relocation records
  2. The relocation section in an executable image.

They have similar, but different purposes. The relocation information in an executable identifies things that need to be fixed up, at load time, should the executable image be loaded at a different addresses from it's preferred address.

COFF Relocation records identify things that need to be fixed up, at link time, when a section in an object file is assigned to an offset in an executable image.

Scott Wisniewski