further processing of Import Address Table required?

[Nathan Froyd]

Hi, I'm attempting to get Syzygy running with Firefox and running into
problems with the instrumenter:

[0610/141204:ERROR:decomposer.cc(1850)] Block collision for function
at 12396(4)
with Import Address Table
[0610/141204:ERROR:decomposer.cc(1339)] Unable to create data-block.
[0610/141204:ERROR:instrumenter.cc(66)] Unable to decompose ff-debug
\browser\app
\firefox.exe.
[0610/141204:ERROR:instrument_main.cc(60)] Failed to instrument ff-
debug\browser
\app\firefox.exe

What's happening here is that we've created a DATA_BLOCK for the
entire IAT, and then later on we need to create a DATA_BLOCK for an
entry in the IAT. Since there's already a Block covering the address
of the entry, we run into the error above.

It seems to me--with my limited Windows development experience--that
it would be more correct to create separate DATA_BLOCKs for each entry
in the IAT, rather than one huge DATA_BLOCK covering the IAT. That
way individual references to IAT entries work correctly.

Is that correct? Or is there a different way this problem should be
approached?

Thanks for any suggestions,
-Nathan

[Sigurður Ásgeirsson]

Hi Nathan,

inline.

Siggi

On Fri, Jun 10, 2011 at 8:17 PM, Nathan Froyd <fro...@gmail.com> wrote:

Hi, I'm attempting to get Syzygy running with Firefox and running into
problems with the instrumenter:

[0610/141204:ERROR:decomposer.cc(1850)] Block collision for function
at 12396(4)
 with Import Address Table
[0610/141204:ERROR:decomposer.cc(1339)] Unable to create data-block.
[0610/141204:ERROR:instrumenter.cc(66)] Unable to decompose ff-debug
\browser\app
\firefox.exe.
[0610/141204:ERROR:instrument_main.cc(60)] Failed to instrument ff-
debug\browser
\app\firefox.exe

ff-debug? I hope you're not attempting this on anything but a release built executable? Syzygy will not play well with ncremental linking in particular.

 

What's happening here is that we've created a DATA_BLOCK for the
entire IAT, and then later on we need to create a DATA_BLOCK for an
entry in the IAT.  Since there's already a Block covering the address
of the entry, we run into the error above.

Strange, the PE parsing code covers for this explicitly IIRC.

 

It seems to me--with my limited Windows development experience--that
it would be more correct to create separate DATA_BLOCKs for each entry
in the IAT, rather than one huge DATA_BLOCK covering the IAT.  That
way individual references to IAT entries work correctly.

Well, yes and no. The IAT is exposed as a whole from one data directory entry, and if we want to preserve that, it's indivisible, so we chunk it as a whole. The whole table is then referenced by individual import descriptors.

The PE parsing class should do this correctly, are you sure this is the collision you're seeing?

 

Is that correct?  Or is there a different way this problem should be
approached?

Thanks for any suggestions,
-Nathan

--
You received this message because you are subscribed to the Google Groups "sawbuck-users" group.
To post to this group, send email to sawbuc...@googlegroups.com.
To unsubscribe from this group, send email to sawbuck-user...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/sawbuck-users?hl=en.