The Address Jump Table

Question

I can't fully understand how the address jump table works.

Basically,when compiling a file the compiler knows where to set the functions of a dll in memory but once the application is being executed some of the function addresses may change their location in memory due to the conflict between addresses.

For example : Compiler loads the function GetModuleHandle in the address 40000 and somehow there's another function GetModuleFileName which is loaded in the same address.

Depending how the functions are accessed in the application the windows loader will add the second function in the Address jump table and when the first function was called , the loader will loop through the address jump table and change the address of the functions to the main address for calling and the first function will go in the address jump table

Is this the way how the address jump table works?

Answer 1

Branch tables are just a list of goto (jump) instructions, that can point anywhere.

In your example the branch table is a block of code that lives at 40000. An offset from that is computed, and then the actual jump instruction is jump to 40000 + offset.

Here is some pseudocode:

# x can be one of 0 1 2
      y  = x*8;                   # create offset  4 is the size of instructions
      goto jumptable(y);          # branch into 'table' of branch instructions
/* start of branch table */       #
# your 40000:
jumptable:
      goto errorfunc1;          # x= 0  oops
      goto func2;               # x= 1
      goto func7;               # x= 2
#... rest of branch table
errorfunc1:
     call oops;
func2:     
     call function2;
func7:
     call function7;