| Current | v9 | v8 | v7 | v6 | v5 | v4 | v3 | v2 | v1 | All | About |
Differences in Relocation Processing
This appendix attempts to describe some tests that were run on different applications that process relocation entries for binary files. Identifying differences may make it possible to have a binary that will work correctly when executed but not when analyzed by a static analysis tool such as IDA. To test out these ideas, the author threw together a small relocation fuzzing tool that is aptly named relocfuzz. This tool will take a pre-existing binary and create a new one with custom relocations. The code for this tool can be found in the other code associated with this paper.
The tests included in this appendix were performed against three different applications: the dynamic loader (ntdll.dll), IDA, and dumpbin. If the same tests are run against other applications, the author would be interested in knowing the results.
Subsections
- Non-page-aligned Block VirtualAddress
- Writing to External Addresses
- Self-updating Relocation Blocks
- Integer Overflows in Size Calculations
- Consistent Handling of Fixup Types
- Hijacking the Dynamic Loader