Eli Zaretskii eliz@gnu.org writes:
The only thing I'd expect is a call through an indirect address, since you are linking to a DLL. But the above doesn't look like that.
There's some magic going on. Or lack thereof. The calling function does
4014e9: e8 b2 6c 00 00 call 4081a0 <__imp__nettle_arcfour_crypt>>
(this is from disssembling the .exe file).
And then at address 4081a0, there's
004081a0 <__imp__nettle_arcfour_crypt>: 4081a0: 98 cwtl 4081a1: 82 (bad) ...
This is not in the .text section, but in the .idata section. And in the .idata, there's
The Import Tables (interpreted .idata section contents) vma: Hint Time Forward DLL First Table Stamp Chain Name Thunk 00008000 000080b4 00000000 00000000 00008698 0000819c
DLL Name: libnettle-5-0.dll vma: Hint/Ord Member-Name Bound-To 827c 59 nettle_arcfour128_set_key 8298 60 nettle_arcfour_crypt
So it looks like the data at __imp__nettle_arcfour_crypt is not code, but the dll index 8292.
If I compare with the code I get if I configure nettle with --disable-assembler, I get a
4014b8: e8 2b 1a 00 00 call 402ee8 <_nettle_arcfour_crypt>
00402ee8 <_nettle_arcfour_crypt>: 402ee8: ff 25 34 81 40 00 jmp *0x408134 402eee: 90 nop 402eef: 90 nop
So it seems the linker does something very different (and more correct) in this case.
Regards, /Niels