[PATCH 8/8] Cygwin: Consider DLL rebasing when computing dumper exclusions
Jon Turney
jon.turney@dronecode.org.uk
Sun Jul 5 16:43:04 GMT 2020
On 03/07/2020 20:34, Corinna Vinschen wrote:
>>
>> The problem is in the opposite direction.
>>
>> We have the actual base address the DLL was loaded at in the process being
>> dumped, and it's filename, from the LOAD_DLL_DEBUG_EVENT event.
>>
>> (To my amazement) we then read that DLL using bfd, and examine it for
>> sections with the 'CODE' or 'DEBUGGING' flags, the address ranges
>> corresponding to which we believe we want to exclude from the dump.
>>
>> Unfortunately, these addresses are based on the ImageBase in the PE header.
>>
>> If that's different to the actual base address the PE was loaded at, we need
>> to adjust these addresses appropriately. But libbfd doesn't appear to
>> provide a public interface to get at the ImageBase.
>
> Ok, but you have the filename, so you can map the file and read it's
> header and thus imagebase. Still not nice, sure... but it would work
> without guessing, I guess? :)
So, I misread this as "look in the header that's already mapped by the
Windows loader", but it seems that the ImageBase in that has been
modified to the actual load address (not that there are any guarantee
about it even existing).
I'm really struggling to see all this complexity as actually needed,
though. See follow up patches which just remove it all.
More information about the Cygwin
mailing list