Eli Zaretskii <[email protected]> writes:
> The only thing I'd expect is a call through an indirect address, since
> you are linking to a DLL. But the above doesn't look like that.
There's some magic going on. Or lack thereof. The calling function does
>> 4014e9: e8 b2 6c 00 00 call 4081a0
>> <__imp__nettle_arcfour_crypt>>
(this is from disssembling the .exe file).
And then at address 4081a0, there's
004081a0 <__imp__nettle_arcfour_crypt>:
4081a0: 98 cwtl
4081a1: 82 (bad)
...
This is not in the .text section, but in the .idata section. And in the
.idata, there's
The Import Tables (interpreted .idata section contents)
vma: Hint Time Forward DLL First
Table Stamp Chain Name Thunk
00008000 000080b4 00000000 00000000 00008698 0000819c
DLL Name: libnettle-5-0.dll
vma: Hint/Ord Member-Name Bound-To
827c 59 nettle_arcfour128_set_key
8298 60 nettle_arcfour_crypt
So it looks like the data at __imp__nettle_arcfour_crypt is not code,
but the dll index 8292.
If I compare with the code I get if I configure nettle with
--disable-assembler, I get a
4014b8: e8 2b 1a 00 00 call 402ee8 <_nettle_arcfour_crypt>
00402ee8 <_nettle_arcfour_crypt>:
402ee8: ff 25 34 81 40 00 jmp *0x408134
402eee: 90 nop
402eef: 90 nop
So it seems the linker does something very different (and more correct)
in this case.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
