Section (2) in the VC application:. textbss

Document directory

• 1.1.1 Basic Information
• 1.1.2 dynamic compilation
• 1.1.3 disable the incremental Link

Happy shrimp

Http://blog.csdn.net/lights_joy/

Lights@hb165.com

 

This article applies

XP SP3/vs2008

Reprinted, but keep the author information

 

1.1.1 Basic Information

Use dumpbin to view the basic information of this section:

Section header #1

. Textbss name

10000 virtual size

1000 virtual address (00401000 to 000000fff)

0 size of raw data

0 file pointer to raw data

0 file pointer to relocation table

0 file pointer to line numbers

0 Number of relocations

0 Number of line numbers

E00000a0 flags

Code

Uninitialized data

Execute read write

Obviously, this section stores code and uninitialized Code. The Code in this section should be written dynamically. Let's look at the definition in the symbol table:

Address publics by value RVA + base Lib: Object

0001:00000000 _ ENC $ textbss $ begin 00401000 <linker-defined>

00000010000 _ ENC $ textbss $ end 00411000 <linker-defined>

What is this?

Start the debugger in Vs and view the code of this space in the memory window:

0x00401000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00401010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00401020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

All are 0.

1.1.2 dynamic compilation

According to the online materials, this section is related to incremental links and dynamic compilation. Check the linker parameters to ensure that the incremental link is opened for verification.

Insert a test function before the main function and call it in main:

 

Int add (int A, int B)

{

Return A + B;

}

 

Int _ tmain (INT argc, _ tchar * argv [])

{

Add (3, 4 );

Return 0;

}

View the symbol table file and you can see the address of the add function:

Address publics by value RVA + base Lib: Object

0002: 00000370? Add @ yahhh @ Z 00411370 F demo. OBJ

 

Start the debugger and check the main function in the Disassembly window:

Int _ tmain (INT argc, _ tchar * argv [])

{

004117b0 push EBP

004117b1 mov EBP, ESP

004117b3 sub ESP, 0c0h

004117b9 push EBX

004117ba push ESI

004117bb push EDI

004117bc Lea EDI, [ebp-0C0h]

004117c2 mov ECx, 30 h

004117c7 mov eax, 0 cccccccch

004117cc rep STOs dword ptr es: [EDI]

Add (3, 4 );

004117ce Push 4

004117d0 Push 3

004117d2 call add (4111c2h)

004117d7 add ESP, 8

Return 0;

004117da XOR eax, eax

}

Note that the address here is 0x004111c2, rather than the address 0x00411370 of the add function.

In the Disassembly window, view the address 0x004111c2:

00411001 INT 3

00411002 INT 3

00411003 INT 3

00411004 INT 3

00411005 JMP _ setdefaprecision precision (411ab0h)

00411014 JMP _ rtc_geterrdesc (411940 H)

..................

004111bd JMP _ rtc_checkstackvars (4124c0h)

004111c2 JMP add (411370 H)

004111c7 JMP _ rtc_checkstackvars2 (4132a0h)

004111cc JMP _ rtc_checkesp (4114a0h)

004111d1 INT 3

This section is the legendary ILT table. You can see that the location of the add function is jumped here.

 

Next, try dynamic compilation:

Do not exit the debugger. Modify the Add function and change it:

Int add (int A, int B)

{

Return A + B + 10;

}

Save the file and track it in a single step. At this time, VC will dynamically compile the file but will not exit the debugging status. Let's look at the changes in the ILT table:

004111bd JMP _ rtc_checkstackvars (4124c0h)

004111c2 JMP add (401000 H)

004111c7 JMP _ rtc_checkstackvars2 (4132a0h)

Note that the address here has been modified and points to the first address of. textbss. Before dynamic compilation, the content of. textbss is all 0, but then we can look at it again:

--- E: \ projects \ SRC \ cygwin \ demo. cpp ---------------------------------------

// Demo. cpp: defines the entry point of the console application.

//

 

# Include "stdafx. H"

 

Int add (int A, int B)

{

00401000 push EBP

00401001 mov EBP, ESP

00401003 sub ESP, 0c0h

00401009 push EBX

0040100a push ESI

0040100b push EDI

0040100c Lea EDI, [ebp-0C0h]

00401012 mov ECx, 30 h

00401017 mov eax, 0 cccccccch

0040101c rep STOs dword ptr es: [EDI]

Return A + B + 10;

0040101e mov eax, dword ptr [B]

00401021 mov ECx, dword ptr [A]

00401024 Lea eax, [ECx + eax + 0ah]

}

00401028 pop EDI

00401029 pop ESI

0040102a pop EBX

0040102b mov ESP, EBP

0040102d pop EBP

0040102e RET

--- No source file -----------------------------------------------------------------------

0040102f STOs byte ptr es: [EDI]

00401030 ADC byte PTR [ECx], Al

00401033 mov ECx, 4110 H

00401038 add byte PTR [eax], Al

This is the code generated after recompilation!

Now we finally understand that textbss is used to store the code generated by dynamic compilation.

1.1.3 disable the incremental Link

Since. textbss is used for incremental links and dynamic compilation, what if you disable the incremental link?

Close the incremental link. You can see that the. textbss section is no longer generated in the EXE file, and there is no ILT.

Look at the address of the add function in the symbol table:

Address publics by value RVA + base Lib: Object

0001:00000000? Add @ yahhh @ Z 00401000 F demo. OBJ

Directly at the beginning of the. Text Segment.

Let's look at the disassembly of the main function:

Int _ tmain (INT argc, _ tchar * argv [])

{

00401030 push EBP

00401031 mov EBP, ESP

00401033 sub ESP, 0c0h

00401039 push EBX

0040103a push ESI

0040103b push EDI

0040103c Lea EDI, [ebp-0C0h]

00401042 mov ECx, 30 h

00401047 mov eax, 0 cccccccch

0040104c rep STOs dword ptr es: [EDI]

Add (3, 4 );

0040104e Push 4

00401050 Push 3

00401052 call add (401000 H)

00401057 add ESP, 8

Return 0;

0040105a XOR eax, eax

}

It directly jumps to the address of the add function.

If the code of the add function is modified and tracked in a single step, the VC dialog box is displayed without question:

That is to say, the dynamic compilation function will no longer be available.