我正在学习反编译和分析名为d3d9.dll的dll文件,据我所知,字符串常量存储在dll的.rdata节中,但是如下所示(IDA字符串窗口),它们存储在.text节中。我不知道为什么。以及何时将它们存储在.rdata中以及何时存储在.text中?
.text:4FE45850 00000050 C Declaration can't map to legacy FVF because a nonzero stream index is used: %d.
.text:4FE458A0 0000007B C Declaration can't map to fixed function FVF because fixed function pipeline does not support generation methods %s or %s.
.text:4FE45920 000000B9 C Declaration can't map to fixed function FVF because fixed function requires that generation methods %s, %s or %s can only be used with type %s and usage being one of: %s, %s, %s or %s.
.text:4FE459E0 0000008D C Declaration can't map to fixed function FVF because fixed function requires that generation method %s can only be used with usages %s or %s.
.text:4FE45A70 000000A3 C Declaration can't map to fixed function FVF because gaps or overlap between vertex elements are not allowed. Offset encountered is: %d, but expected offset is %d.
.text:4FE45B18 0000005E C Declaration can't map to fixed function FVF because the type for this element is unsupported.
.text:4FE45B78 00000072 C Declaration can't map to fixed function FVF because a generation method other than D3DDECLMETHOD_DEFAULT is used.
答案 0 :(得分:3)
这是常见的优化。节标题占用一小部分空间,因此避免使用.rdata可能是有益的。 .text部分具有所有必需的属性,它是只读的并已初始化。它还具有附加的execute属性,但这并没有真正的伤害。因此,没有任何技术障碍可以阻止编译器将字符串放入.text中,这是一个很小的优势。
答案 1 :(得分:1)
完全由编译器决定如何存储数据。例如,如果您使用以下简短程序:
#include <stdio.h>
int main()
{
char text[] = "Hey";
puts(text);
}
经过优化,gcc完全删除了任何部分的字符串并将其存储为字节-生成的程序集为:
movl $7955784, 4(%rsp)
call puts@PLT
它可以看到不需要在其他任何地方访问该字符串,因此可以进行这种优化。