[PATCH 8/8] Cygwin: Consider DLL rebasing when computing dumper exclusions

Corinna Vinschen corinna-cygwin@cygwin.com
Thu Jul 2 07:43:17 GMT 2020


On Jul  1 22:25, Jon Turney wrote:
> I think this would always have been neeeded, but is essential on x86_64,
> as kernel32.dll has an ImageBase of 00000001:80000000 (but is always

Great, but that shouldn't matter much given that system DLLs are
ASLRed all the time.

> +parse_pe (const char *file_name, exclusion * excl_list, LPVOID base_address)
>  {
>    if (file_name == NULL || excl_list == NULL)
>      return 0;
> @@ -104,7 +104,19 @@ parse_pe (const char *file_name, exclusion * excl_list)
>      }
>  
>    bfd_check_format (abfd, bfd_object);
> -  bfd_map_over_sections (abfd, &select_data_section, (PTR) excl_list);
> +
> +  /* Compute the relocation offset for this DLL.  Unfortunately, we have to
> +     guess at ImageBase (one page before vma of first section), since bfd
> +     doesn't let us get at backend-private data */
> +  bfd_vma imagebase = abfd->sections->vma - 0x1000;

VirtualQueryEx?  The AllocationBase is identical to the base address
of the DLL loaded at that address.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


More information about the Cygwin-patches mailing list