jump stubs in PE files

本小妞迷上赌 提交于 2020-01-14 13:11:08

问题


Recently I disassembled a DLL (written in c/c++) and noticed that there are many "jump stubs" inside the code segment. These stubs do nothing but jump to a function inside the DLL.

eg:

jmp foo() 
jmp foo2()
...

Why does the compiler (Visual studio 2012) include these function stubs inside the binary?

Thanks!


回答1:


Is there a big bunch of 0xCC bytes after all the stubs? If so, you're looking at code which has been compiled with incremental linking enabled (default for debug builds).

When compiling for incremental linking, the compiler creates a stub for every function and makes sure that all calls go via the stub. In case a function needs to be replaced with updated code, the new code can be added the end and only the jump thunk needs to be patched - all existing calls will be redirected to the new code. The extra CCs are reserved for more stubs in case new functions are added.

For more background info, see MSDN.




回答2:


That's how the symbols for the linker and DLL are "mashed together". It guarantees that the right kind of offset is used in the symbol table, that can be resolved by the loader that loads the DLL (and thus updates the address of the functions in the DLL), and that compiled code can still deal with for example function pointers:

void (*fptr)() = foo;

If foo is just a reference to a place in the DLL, how this address is resolved will be dependent on the loader. It's much more complex to solve that, than it is to solve the problem of "here's a foo() entry point, that gets you to the real foo".




回答3:


DLL's are relocatable, which means they may end up anywhere in memory. This means all calls to them have to be rewritten. By keeping all such calls together in a small jumptable, only one page needs to be rewritten in case of a relocation. This matters, because an unchanged page of code can be shared across processes, but each process has its own copy of a modified page.



来源:https://stackoverflow.com/questions/16957813/jump-stubs-in-pe-files

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!