Menu
Recently I disassembled a DLL (written in c/c++) and noticed that there are many "jump stubs" inside the code segment. These stubs do nothing but jump to a function inside the DLL.
eg:
jmp foo()
jmp foo2()
...
Why does the compiler (Visual studio 2012) include these function stubs inside the binary?
Thanks!
908
Is there a big bunch of 0xCC bytes after all the stubs? If so, you're looking at code which has been compiled with incremental linking enabled (default for debug builds).
When compiling for incremental linking, the compiler creates a stub for every function and makes sure that all calls go via the stub. In case a function needs to be replaced with updated code, the new code can be added the end and only the jump thunk needs to be patched - all existing calls will be redirected to the new code. The extra CCs are reserved for more stubs in case new functions are added.
For more background info, see MSDN.
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
