GoLink – this has received a well-deserved promotion to version 1.0.0.0 and is available here
http://www.godevtool.com/Golink.zip with the following changes:
- added more 32-bit support for SAFESEH
- added option /LARGEADDRESSAWARE (removed as x64 default), which adjusts the default Image Base for x64 EXE/DLL
- added indirect option for x64 HIGHENTROPYVA if using both /DYNAMICBASE and /LARGEADDRESSAWARE
- added 64-bit number support for options /BASE /STACKSIZE /STACKINIT
- added options /HEAPSIZE /HEAPINIT with 64-bit number support
- added support for relocation type IMAGE_REL_AMD64_ADDR64
- modified x64 builds to use 64-bit DLLs for proper import hints and access to possible newer functions there
- modified import processing not to add a jump table entry unless it is required
- modified import processing to use a binary search for a DLL function name
- modified to allow command line with a dash in a filename without quotes (-switches now need to be separated by white space)
- modified to allow command line with a forward slash in a filename without quotes (/switches now need to be separated by white space)
- fixed command line filename extension problem in filename without quotes that had multiple periods
- fixed EXE/DLL file output to have a proper UTC TimeDate Stamp
- fixed non-needed relocations in x64 .reloc for RES>OBJ
- fixed x64 problem with import of data
- fixed x64 import problem with FF15 type call [Function]
- fixed x64 qword alignment of Import Address/Lookup Tables
- fixed word alignment of first entry in Import Hint/Name Table
- fixed missing jump table entry for case where IAT function RVA is a forwarded export when Export Directory is not in .text section (often in .rdata for x64 DLLs)
- removed output file IMAGE_FILE_HEADER flags for IMAGE_FILE_LINE_NUMS_STRIPPED and IMAGE_FILE_LOCAL_SYMS_STRIPPED
- removed support for Microsoft Layer for Unicode (MSLU)
Some more details on the SAFESEH changes:
- recognises .sxdata sections and converts them to CONST ALIGN4 for further processing
- merges .sxdata section to end of const/.rdata section
- converts .sxdata symbol table index into a RVA
- sorts the RVAs (combined .sxdata and manual table if present)
- supplies default IMAGE_LOAD_CONFIG_DIRECTORY32 if not already manually provided
- gives an error if the size is wrong for IMAGE_LOAD_CONFIG_DIRECTORY32
- gives an error if the pointer to the SEHandlerTable is invalid
- gives an error if the SEHandlerCount is obviously off
- gives an error if there is an invalid RVA value (first and last are checked to see if within a code section)
- if all source OBJ files are SAFESEH, then the output will be SAFESEH with screen output showing Format: Win32 SAFESEH
- if there are multiple source files that are SAFESEH but also one that is not SAFESEH, then you will get a warning displaying that filename. The output file will still be made, but it will not be SAFESEH and the screen output will show the usual Format: Win32
Some more details on the Import changes:
- removing the jump table entries, if not needed, required changing the order of some of the Import tables, which is now as follows:
- Import Address Table
- Jump Table Entries (if required)
- Import Directory Tables
- Import Lookup Tables
- Hint/Name Tables
- in comparison to the output of previous GoLink versions, there can be lots of little changes throughout code due to these offset changes
- if you import a function only with call [Function] or INVOKE [Function],... this uses a FF15 xxxxxxxx type call to the address in the Import Address Table, without requiring a jump table entry
- if there is at least one import of the same function with call Function or INVOKE Function,... this uses a E8 yyyyyyyy type call, which indirectly gets to the address in the Import Address Table through a required Jump Table entry, which is a FF25 xxxxxxxx jump instruction (used by all such calls to this Function)
- the FF15 method is a bit quicker, and although with a slightly longer instruction, overall shorter without the jump table entry if not called too often (<6 times)
- the E8 method can be a bit shorter in overall size if the same function is called this way often (>6 times)
