From the above we can see count of relocation table entries is 0(there is no reloc item), but offset of first reloc item shows that the reloc item actually exists.
You have to look at the EXE header size (shown as DOS_HdrSize in your screenshot). This is the number of paragraphs (16-byte blocks) that the whole header uses.
In your example it is 0x0004 so multiply it by 16 and you get the header length as 0x40 bytes. The relocation table starts at the relocation table offset and continues for DOS_ReloCnt entries until the end of the header.
In your case the relocation table offset is 0x40 and the end of the header is also 0x40 thus there is no room for the relocation table, which is just as well since DOS_ReloCnt says there are zero entries in it.
In this case it probably does not matter what value the relocation table offset is set to.
发布评论
评论(2)
这是正常的。对于像 PE 这样的现代格式,即使重定位项为零,重定位表的偏移量始终为 0040H。
This is normal. For modern formats like PE, the offset to the relocation table is always 0040H, even if there are zero relocation items.
您必须查看 EXE 标头大小(屏幕截图中显示为 DOS_HdrSize )。这是整个标头使用的段落数(16 字节块)。
在您的示例中,它是
0x0004,因此将其乘以 16,您将得到0x40字节的标头长度。重定位表从重定位表偏移量开始,一直到 DOS_ReloCnt 条目,直到标头末尾。在您的情况下,重定位表偏移量是
0x40并且标头的末尾也是0x40因此没有空间用于重定位表,这也是因为>DOS_ReloCnt表示其中有零个条目。在这种情况下,重定位表偏移量设置为什么值可能并不重要。
You have to look at the EXE header size (shown as
DOS_HdrSizein your screenshot). This is the number of paragraphs (16-byte blocks) that the whole header uses.In your example it is
0x0004so multiply it by 16 and you get the header length as0x40bytes. The relocation table starts at the relocation table offset and continues forDOS_ReloCntentries until the end of the header.In your case the relocation table offset is
0x40and the end of the header is also0x40thus there is no room for the relocation table, which is just as well sinceDOS_ReloCntsays there are zero entries in it.In this case it probably does not matter what value the relocation table offset is set to.