Jump to content

  • Log In with Google      Sign In   
  • Create Account


#ActualNypyren

Posted 27 February 2014 - 08:05 PM

Jump tables for switch statements are technically data which are typically stored in the code section after the end of the function which contains the switch statement.
 
Microsoft compilers output files organized like so:
 
 
Headers
Code Section (the headers designate this section as Execute+Read)
    Function 0
        Instructions
        Optional: NOP or INT3 padding
        Optional: Case mapping table (and optional padding to the next pointer-sized boundary)
        Optional: Case block pointers (and optional padding to the next 16 byte boundary)
    Function 1
        Instructions
        ...ETC...
Initialized Data Section(s) (the headers designate these section(s) as Read+Write or just Read)
    Data!
Import Section (readonly after the loader finishes with it)
    Data!
Export Section (readonly after the loader finishes with it)
    Data!
Relocation Section (discarded after the loader finishes with it)
    Data!
Resource Section (readonly)
    Data!
(etc...)
Other compilers (or binary compressors such as UPX) are free to rearrange anything besides the main header that they want to.

#4Nypyren

Posted 27 February 2014 - 08:02 PM

Jump tables for switch statements are technically data which are typically stored in the code section after the end of the function which contains the switch statement.
 
Microsoft compilers output files organized like so:
 
 
Headers
Code Section (the headers designate this section as Execute+Read)
    Function 0
        Instructions
        Optional: NOP or INT3 padding
        Optional: Case mapping table (and optional padding to the next pointer-sized boundary)
        Optional: Case block pointers (and optional padding to the next 16 byte boundary)
    Function 1
        Instructions
        ...ETC...
Initialized Data Section(s) (the headers designate these section(s) as Read+Write or just Read)
    Data!
Import Section
    Data!
Export Section
    Data!
Relocation Section
    Data!
Resource Section
    Data!
(etc...)
Other compilers (or binary compressors such as UPX) are free to rearrange anything besides the main header that they want to.

#3Nypyren

Posted 27 February 2014 - 08:01 PM

Jump tables for switch statements are technically data which are typically stored in the code section after the end of the function which contains the switch statement.
 
Microsoft compilers output files organized like so:
 
 
Headers
Code Section (the headers designate this section as Execute+Read)
    Function 0
        Instructions
        Optional: NOP or INT3 padding
        Optional: Case mapping table (and optional padding to the next pointer-sized boundary)
        Optional: Case block pointers (and optional padding to the next 16 byte boundary)
    Function 1
        Instructions
        ...ETC...
Initialized Data Section(s) (the headers designate these section(s) as Read+Write or just Read)
    Data!
Import Section
    Data!
Export Section
    Data!
Relocation Section
    Data!
Resource Section
    Data!
(etc...)

#2Nypyren

Posted 27 February 2014 - 08:01 PM

Jump tables for switch statements are technically data which are typically stored in the code section after the end of the function which contains the switch statement.
 
Microsoft compilers output files organized like so:
 
 
Headers
Code Section (the headers designate this section as Execute+Read)
    Function 0
        Instructions
        Optional: NOP or INT3 padding
        Optional: Case mapping table (and optional padding to the next pointer-sized boundary)
        Optional: Case block pointers (and optional padding to the next 16 byte boundary)
    Function 1
        Instructions
        ...ETC...
Initialized Data Section (the headers designate these section(s) as Read+Write or just Read)
    Data!
Import Section
    Data!
Export Section
    Data!
Relocation Section
    Data!
Resource Section
    Data!
(etc...)

#1Nypyren

Posted 27 February 2014 - 08:00 PM

Jump tables for switch statements are technically data which are typically stored in the code section after the end of the function which contains the switch statement.

 

Microsoft compilers output files organized like so:

 

Headers
Code Section
    Function 0
        Instructions
        Optional: NOP or INT3 padding
        Optional: Case mapping table (and optional padding to the next pointer-sized boundary)
        Optional: Case block pointers (and optional padding to the next 16 byte boundary)
    Function 1
        Instructions
        ...ETC...
Initialized Data Section
    Data!
Import Section
    Data!
Export Section
    Data!
Relocation Section
    Data!
Resource Section
    Data!
(etc...)

PARTNERS