[PATCH 8/8] Cygwin: Consider DLL rebasing when computing dumper exclusions
Corinna Vinschen
corinna-cygwin@cygwin.com
Thu Jul 2 07:48:57 GMT 2020
On Jul 2 09:43, Corinna Vinschen wrote:
> On Jul 1 22:25, Jon Turney wrote:
> > I think this would always have been neeeded, but is essential on x86_64,
> > as kernel32.dll has an ImageBase of 00000001:80000000 (but is always
>
> Great, but that shouldn't matter much given that system DLLs are
> ASLRed all the time.
>
> > +parse_pe (const char *file_name, exclusion * excl_list, LPVOID base_address)
> > {
> > if (file_name == NULL || excl_list == NULL)
> > return 0;
> > @@ -104,7 +104,19 @@ parse_pe (const char *file_name, exclusion * excl_list)
> > }
> >
> > bfd_check_format (abfd, bfd_object);
> > - bfd_map_over_sections (abfd, &select_data_section, (PTR) excl_list);
> > +
> > + /* Compute the relocation offset for this DLL. Unfortunately, we have to
> > + guess at ImageBase (one page before vma of first section), since bfd
> > + doesn't let us get at backend-private data */
> > + bfd_vma imagebase = abfd->sections->vma - 0x1000;
>
> VirtualQueryEx? The AllocationBase is identical to the base address
> of the DLL loaded at that address.
Uhm... right. Always assuming you get at the Windows process handle
from bfd...
Corinna
--
Corinna Vinschen
Cygwin Maintainer
More information about the Cygwin-patches
mailing list