Re: how do you start learning assembly language

On Jan 12, 1:51 am, Frank Kotler <fbkot...@xxxxxxxxxxx> wrote:
Take a look at offset 47h into your ordinary application programs -
seems to be a "fixed" offset - and see if you don't see CD 21. As Chuck
hinted, it's the "dos stub" that says "this program requires Windows",
or "won't run in a DOS session", or whatever it says these days - one I
posted said "Win32 EXE!" - obsessivly short ones just say "Win32!", or
don't do anything at all. But you really ought to have a dos stub - I
think it's "always" there.


I'm not sure you can call the stub part of a Win32 program. Other
than figuring out how long it is (from the MZ header), so that the
loader can find the PE header, it's completely ignored when loading a
Win32 program. It can be quite ill-formed, and nothing will happen,
unless you try running the program on a DOS machine (or with
FORCEDOS).


While you're peering into your executables, see if you see ".reloc" (MS
says) or ".rloc" (what I see... in a .dll but not in an .exe) - near
where you see ".text" and ".data", etc.. I don't think you'll see it in
an .exe.

The relocation section (in a .dll) is used to adjust memory offsets if
the code doesn't load at its preferred address, as you know. Since an
.exe goes into memory first, it always loads at 400000h, and so doesn't
need relocation.


By default an EXE is linked with /FIXED and /BASE:4000000, so the
relocation section is omitted. Since the EXE almost always loads
first, the area at 0x400000 is inherently free. This speeds load time
(no relocations), improves paging (since images of the relocated pages
are not needed, the loaded image can be just a collection of memory
maps of section of the EXE file), and reduces executable file size.

OTOH, if you link with /FIXED:NO (the default for DLLs), relocation
information is included. Further, if you /BASE the executable
somewhere odd, it will be relocated by the loader (for example, if
you /BASE:0, Windows will relocate the image to 0x10000, since it
can't run at 0x0). If you /BASE the application someplace odd (like
0), and you link with /FIXED, it will fail to load.

There's nothing preventing you from linking a DLL /FIXED, although
that will cause problems if something else loads at that location
first.

.

Relevant Pages

  • Re: Run exe other than from disk (or vdisk)
    ... In DOS, there were no DLLs to link to. ... -GJC [MS Windows SDK MVP] ... > pointers according to relocation table in EXE Header yourself. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Editors
    ... I thought the relocation was transparent to the program. ... > Are you saying the virus would do its thing, ... Of course a sort of worm could host in the exe and crawl. ...
    (alt.lang.asm)
  • Re: Debugging modules
    ... If you want the dynamic libraries load as fast ... Then no relocation occurs. ... There is a linker option that specifies the load address for a DLL. ... Take a look at the address space of the process, find a hole big enough ...
    (microsoft.public.vc.language)
  • Re: Debugging modules
    ... In my "modules debug window" under my xll, it is saying ... "The module did not load at the default load address" ... Then no relocation occurs. ...
    (microsoft.public.vc.language)
  • Re: loadlibrary mfc exe
    ... I am trying to load MFC exe module as dynamic link library and call an ... The exe is loaded successfully and the function is entered, ... like a DLL. ... You can do the relocation yourself, but you will only end up hurting ...
    (microsoft.public.win32.programmer.kernel)