In COFF file format, what is the meaning of the movement information section?

Question

In COFF file format, what is the meaning of the movement information section?

I read about the COFF file formats that are commonly used to create an executable file (it also has several options).

While reading, I came across a moving section in format. How this move section is used to create an executable file.

It would be very helpful if you pointed me to some links that would help me.

+4

coff

udpsunil 18 sept. '08 at 14:50

source share

3 answers

Actually, with COFF, there are 2 types of movement information:

COFF Move Records
The move section in the executable image.

They have similar, but different goals. The move information in the executable identifies things that need to be fixed at boot time if the executable image is loaded with different addresses from its preferred address.

COFF relocation entries identify things that need to be resolved during a join when a section in an object file is assigned to an offset in the executable image.

+7

Scott Wisniewski Jun 06 '10 at 1:48

source share

An inadvertent addition of using redistribution is to (de-) obfuscate binary files at run time without additional decompression code. See this document .

+2

Cthulhon Jun 15 '09 at 19:12

source share

Oliver mellet · Accepted Answer · 2008-09-18T14:58:46+0000

Moving is used to place executable code in its own memory space in the process. For example, if you try to load two DLLs that request the same base address (that is, the same place in memory), then one of the DLLs will have to be moved to another address. NTCore is a useful site for exploring Portable Executable (PE) files, which is called COFF. Here is another site that explains movement very well.

In COFF file format, what is the meaning of the movement information section?

More articles: