6 Jul
2005
6 Jul
'05
4:04 a.m.
Monday, July 4, 2005, 10:51:30 AM, Kuba Ober wrote:
I have found a dll that have one section marked as IMAGE_SCN_CNT_UNINITIALIZED_DATA. But dll_init entry is jumping right to the beginning of this section. Which results in immediate segfault.
So native mast be loading this section or this program wouldn't ever run.
As an alternative explanation, couldn't the native have loaded it on demand?
Don't think so. When dll is loaded it's being initialized by calling entry point (not sure about resources here). Also how would you load particular dll section on demand before initializing that dll?
Vitaliy