On Wednesday 06 July 2005 00:04, Vitaliy Margolen wrote:
Monday, July 4, 2005, 10:51:30 AM, Kuba Ober wrote:
I have found a dll that have one section marked as IMAGE_SCN_CNT_UNINITIALIZED_DATA. But dll_init entry is jumping right to the beginning of this section. Which results in immediate segfault.
So native mast be loading this section or this program wouldn't ever run.
As an alternative explanation, couldn't the native have loaded it on demand?
Don't think so. When dll is loaded it's being initialized by calling entry point (not sure about resources here). Also how would you load particular dll section on demand before initializing that dll?
Imaginary scenario: couldn't the loader that loads the dll into the virtual address space in the first place also load the "uninitialized" sections if there's a fault on read/execute?
I have no clue how windows really does it, unless it was so simple like the dll initialization code handling the actual loading of sections explicitly like the dynamic .so loader on elf systems does...
Anyway, I'm outta my league here, so I better revert to listen mode :)
Cheers, Kuba