Menu

#1299 DYNAMIC_BASE set but no relocation information provided

3.0 Series
open-postponed
nobody
None
5
2023-08-24
2023-08-22
Christian Franke
No

NSIS 3.08 and 3.09 set DYNAMIC_BASE bit in DllCharacteristics, but also set relocations stripped bit in the (COFF)Characteristics and the relocation section is empty.

Testcase (running official 3.09 build from Cygwin console):
`
$ /cygdrive/c/Program\ Files\ (x86)/NSIS/makensis -VERSION
v3.09

$ cat test.nsi
Section "Empty"
SectionEnd

$ /cygdrive/c/Program\ Files\ (x86)/NSIS/makensis test.nsi
...

$ objdump -p test.exe
test.exe: file format pei-i386

Characteristics 0x10f
relocations stripped
...
ImageBase 00400000
...
DllCharacteristics 00008540
DYNAMIC_BASE
...
Entry 5 00000000 00000000 Base Relocation Directory [.reloc]
`
Tests showed that this image is always loaded at 0x400000.

Interestingly a non-empty relocation section is provided by nsis-3.08-3 from Debian 12 (https://packages.debian.org/bookworm/nsis). This is part of the Docker image we use in the smartmontools project to do CI and release builds (https://builds.smartmontools.org/). Further investigation unfortunately shows that this relocation information is apparently completely bogus.

Discussion

  • Anders

    Anders - 2023-08-24

    AFAIK makensis does not support relocations which is why the stubs are built with it off.

     

  • Anders

    Anders - 2023-08-24
    • status: open --> open-postponed
     

  • Jason

    Jason - 2023-08-24

    Recent versions of mingw-w64 enabled relocations by default, but NSIS version 3.08 and earlier don't have the code to turn it off again. That's why versions 3.08 and earlier when compiled with recent gcc compilers have bogus relocations in them. It's relatively easy (compared to windows) to compile NSIS on linux (this is for debian based distros):

    sudo apt-get install build-essential scons mingw-w64 zlib1g-dev -y

    Download the NSIS source code, unzip it into a directory, then 'cd' into it where the 'Sconstruct' file is, then compile and install:

    scons SKIPUTILS="zip2exe","NSIS Menu"
sudo scons install SKIPUTILS="zip2exe","NSIS Menu"
     

  • Christian Franke

    Christian Franke - 2023-08-24

    Thanks for explanation. See also the related Debian bug:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050288

    Interestingly the Debian Changelog says "Disable relocations for PE/COFF binary files" for the version with bogus relocation info:
    https://metadata.ftp-master.debian.org/changelogs/main/n/nsis/nsis_3.08-3_changelog
    Obviously this did not work. Any Idea what went wrong here?

    Now back to my original report regarding your upstream NSIS builds for Windows:
    The generated installers do not contain any relocation information which is OK.
    But if this is the case and the "relocations_stripped" bit is set, the" DYNAMIC_BASE" bit should never be set - but it is set.
    Malware scanners may consider such files as corrupt. This may result in false positives.

     

    • Anders

      Anders - 2023-08-24

      The ASLR bit is set on purpose to shut up some security tools. You can use the undocumented PEDllCharacteristics instruction to modify the PE if this bothers you.

       

      Last edit: Anders 2023-08-24

      • Christian Franke

        Christian Franke - 2023-08-24

        Understood. Sorry for the noise. Feel free to close this ticket.

        It is IMO interesting that those (which?) security tools could apparently be silenced with conflicting header information (dynamic_base + relocations_stripped).

         

Log in to post a comment.