Differences in Relocation Processing
This appendix attempts to describe some tests that were run on different
applications that process relocation entries for binary files. Identifying
differences may make it possible to have a binary that will work correctly
when executed but not when analyzed by a static analysis tool such as IDA. To
test out these ideas, the author threw together a small relocation fuzzing
tool that is aptly named relocfuzz. This tool will take a pre-existing binary
and create a new one with custom relocations. The code for this tool can be
found in the other code associated with this paper.
The tests included in this appendix were performed against three different
applications: the dynamic loader (ntdll.dll), IDA, and dumpbin. If
the same tests are run against other applications, the author would be
interested in knowing the results.
Subsections
|