Open-source way to set LAA bit on an executable

Konstantin Kharlamov hi-angel@yandex.ru
Sat Jan 30 13:14:08 GMT 2021 

I'm in search for open-source way to modify a LAA bit (Large Address Aware) on PE executables. Background is that there are 32-bit games (such as the first "Mass Effect") that are limited to lower 2G of address space, and they're crashing on people upon using performance-enhancing WINE addons, like Gallium Nine or DXVK, due to slightly increased memory consumption. So, they need to have LAA bit set.¹

Currently, the way everyone recommends is `editbin.exe`,² but not only it is proprietary, it is also Windows-only. So I'd prefer to abstain of recommending it unless there's really no other way. I also tried reverse-engeneering framework radare, but long story short, it didn't work out.³

`binutils` is able to peek at it with `objdump`. The command line is `objdump -p myfile.exe`, and at the top there're lines titled `Characteristics`, as in:

    Characteristics 0x107
            relocations stripped
            executable
            line numbers stripped
            32 bit words

If LAA is set there will be a line `large address aware`.

Per my understanding, to modify the binary I gotta use `objcopy`. But after looking through `man objcopy` I'm not quite clear how exactly do I get it to modify the LAA bit. Any suggestions?

---------

1: it might work or not, but that's another question. I read a horror story that many Windows developers treated pointers as signed entities, which would result in crashes upon trying to access high 2G of 32-bit address space. And that because of that LAA is not set by default. Idk if that's true. I hope not, that sounds overly weird, who would do that…? But you never know…
2: https://stackoverflow.com/questions/1346480/how-to-make-a-net-application-large-address-aware
3: as of writing the words, radare may only access the field with the main `radare2` binary. For example: `r2 -nnw notepad.exe`, and inside it `pf.pe_image_file_header.characteristics@0x78` to print it (yeah, there is a magical number 0x78). But then it turned out that currently the field is unmodifyable https://github.com/radareorg/radare2/issues/18308

More information about the Binutils mailing list