workaround misdetection of shared object without dynamic section; rel 3

[packages/VirtualBox.git] / kernel-5.8.patch

fix Linux 5.8

This is a squashed patch with following upstream revisions:

  r85208
  r85430
  r85431
  r85432
  r85447 # context required adjustment
  r85453
  r85460
  r85461 # context required adjustment
  r85500
  r85501
  r85503
  r85504
  r85505
  r85506
  r85507 # context required adjustment
  r85509
  r85510
  r85511
  r85514
  r85516
  r85517
  r85518
  r85525
  r85526
  r85527
  r85533
  r85534
  r85540
  r85541
  r85545
  r85546
  r85552
  r85555
  r85556
  r85590

Thanks a lot to loqs for his hard work on FS#67488!

Index: src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c
--- a/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c	(revision 85207)
+++ b/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c	(revision 85208)
@@ -31,6 +31,12 @@
 #define LOG_GROUP RTLOGGROUP_TIME
 #include "the-linux-kernel.h"
 #include "internal/iprt.h"
+/* Make sure we have the setting functions we need for RTTimeNow: */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 16)
+# define RTTIME_INCL_TIMEVAL
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0)
+# define RTTIME_INCL_TIMESPEC
+#endif
 #include <iprt/time.h>
 #include <iprt/asm.h>
 
@@ -182,22 +188,19 @@
 RTDECL(PRTTIMESPEC) RTTimeNow(PRTTIMESPEC pTime)
 {
     IPRT_LINUX_SAVE_EFL_AC();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 16)
-/* On Linux 4.20, time.h includes time64.h and we have to use 64-bit times. */
-# ifdef _LINUX_TIME64_H
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 17, 0)
     struct timespec64 Ts;
-    ktime_get_real_ts64(&Ts);
-# else
+    ktime_get_real_ts64(&Ts);   /* ktime_get_real_ts64 was added as a macro in 3.17, function since 4.18. */
+    IPRT_LINUX_RESTORE_EFL_AC();
+    return RTTimeSpecSetTimespec64(pTime, &Ts);
+
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 16)
     struct timespec Ts;
-    ktime_get_real_ts(&Ts);
-# endif
+    ktime_get_real_ts(&Ts);     /* ktime_get_real_ts was removed in Linux 4.20. */
     IPRT_LINUX_RESTORE_EFL_AC();
-# ifdef _LINUX_TIME64_H
-    return RTTimeSpecSetTimespec64(pTime, &Ts);
-# else
     return RTTimeSpecSetTimespec(pTime, &Ts);
-# endif
-#else   /* < 2.6.16 */
+
+#else /* < 2.6.16 */
     struct timeval Tv;
     do_gettimeofday(&Tv);
     IPRT_LINUX_RESTORE_EFL_AC();
Index: src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85429)
+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85430)
@@ -72,7 +72,22 @@
 # define gfp_t  unsigned
 #endif
 
+/*
+ * Wrappers around mmap_lock/mmap_sem difference.
+ */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+# define LNX_MM_DOWN_READ(a_pMm)    down_read(&(a_pMm)->mmap_lock)
+# define LNX_MM_UP_READ(a_pMm)        up_read(&(a_pMm)->mmap_lock)
+# define LNX_MM_DOWN_WRITE(a_pMm)   down_write(&(a_pMm)->mmap_lock)
+# define LNX_MM_UP_WRITE(a_pMm)       up_write(&(a_pMm)->mmap_lock)
+#else
+# define LNX_MM_DOWN_READ(a_pMm)    down_read(&(a_pMm)->mmap_sem)
+# define LNX_MM_UP_READ(a_pMm)        up_read(&(a_pMm)->mmap_sem)
+# define LNX_MM_DOWN_WRITE(a_pMm)   down_write(&(a_pMm)->mmap_sem)
+# define LNX_MM_UP_WRITE(a_pMm)       up_write(&(a_pMm)->mmap_sem)
+#endif
 
+
 /*********************************************************************************************************************************
 *   Structures and Typedefs                                                                                                      *
 *********************************************************************************************************************************/
@@ -182,7 +197,7 @@
  * Worker for rtR0MemObjNativeReserveUser and rtR0MemObjNativerMapUser that creates
  * an empty user space mapping.
  *
- * We acquire the mmap_sem of the task!
+ * We acquire the mmap_sem/mmap_lock of the task!
  *
  * @returns Pointer to the mapping.
  *          (void *)-1 on failure.
@@ -222,9 +237,9 @@
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
         ulAddr = vm_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
 #else
-        down_write(&pTask->mm->mmap_sem);
+        LNX_MM_DOWN_WRITE(pTask->mm);
         ulAddr = do_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
-        up_write(&pTask->mm->mmap_sem);
+        LNX_MM_UP_WRITE(pTask->mm);
 #endif
     }
     else
@@ -232,9 +247,9 @@
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
         ulAddr = vm_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
 #else
-        down_write(&pTask->mm->mmap_sem);
+        LNX_MM_DOWN_WRITE(pTask->mm);
         ulAddr = do_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
-        up_write(&pTask->mm->mmap_sem);
+        LNX_MM_UP_WRITE(pTask->mm);
 #endif
         if (    !(ulAddr & ~PAGE_MASK)
             &&  (ulAddr & (uAlignment - 1)))
@@ -257,7 +272,7 @@
  * Worker that destroys a user space mapping.
  * Undoes what rtR0MemObjLinuxDoMmap did.
  *
- * We acquire the mmap_sem of the task!
+ * We acquire the mmap_sem/mmap_lock of the task!
  *
  * @param   pv          The ring-3 mapping.
  * @param   cb          The size of the mapping.
@@ -269,13 +284,13 @@
     Assert(pTask == current); RT_NOREF_PV(pTask);
     vm_munmap((unsigned long)pv, cb);
 #elif defined(USE_RHEL4_MUNMAP)
-    down_write(&pTask->mm->mmap_sem);
+    LNX_MM_DOWN_WRITE(pTask->mm);
     do_munmap(pTask->mm, (unsigned long)pv, cb, 0); /* should it be 1 or 0? */
-    up_write(&pTask->mm->mmap_sem);
+    LNX_MM_UP_WRITE(pTask->mm);
 #else
-    down_write(&pTask->mm->mmap_sem);
+    LNX_MM_DOWN_WRITE(pTask->mm);
     do_munmap(pTask->mm, (unsigned long)pv, cb);
-    up_write(&pTask->mm->mmap_sem);
+    LNX_MM_UP_WRITE(pTask->mm);
 #endif
 }
 
@@ -593,7 +608,7 @@
                 size_t              iPage;
                 Assert(pTask);
                 if (pTask && pTask->mm)
-                    down_read(&pTask->mm->mmap_sem);
+                    LNX_MM_DOWN_READ(pTask->mm);
 
                 iPage = pMemLnx->cPages;
                 while (iPage-- > 0)
@@ -608,7 +623,7 @@
                 }
 
                 if (pTask && pTask->mm)
-                    up_read(&pTask->mm->mmap_sem);
+                    LNX_MM_UP_READ(pTask->mm);
             }
             /* else: kernel memory - nothing to do here. */
             break;
@@ -1076,7 +1091,7 @@
     papVMAs = (struct vm_area_struct **)RTMemAlloc(sizeof(*papVMAs) * cPages);
     if (papVMAs)
     {
-        down_read(&pTask->mm->mmap_sem);
+        LNX_MM_DOWN_READ(pTask->mm);
 
         /*
          * Get user pages.
@@ -1162,7 +1177,7 @@
                 papVMAs[rc]->vm_flags |= VM_DONTCOPY | VM_LOCKED;
             }
 
-            up_read(&pTask->mm->mmap_sem);
+            LNX_MM_UP_READ(pTask->mm);
 
             RTMemFree(papVMAs);
 
@@ -1189,7 +1204,7 @@
 #endif
         }
 
-        up_read(&pTask->mm->mmap_sem);
+        LNX_MM_UP_READ(pTask->mm);
 
         RTMemFree(papVMAs);
         rc = VERR_LOCK_FAILED;
@@ -1604,7 +1619,7 @@
             const size_t    cPages    = (offSub + cbSub) >> PAGE_SHIFT;
             size_t          iPage;
 
-            down_write(&pTask->mm->mmap_sem);
+            LNX_MM_DOWN_WRITE(pTask->mm);
 
             rc = VINF_SUCCESS;
             if (pMemLnxToMap->cPages)
@@ -1721,7 +1736,7 @@
             }
 #endif /* CONFIG_NUMA_BALANCING */
 
-            up_write(&pTask->mm->mmap_sem);
+            LNX_MM_UP_WRITE(pTask->mm);
 
             if (RT_SUCCESS(rc))
             {
Index: src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
===================================================================
diff --git a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
--- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c	(revision 85430)
+++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c	(revision 85431)
@@ -756,20 +756,25 @@
 
 RTCCUINTREG VBOXCALL supdrvOSChangeCR4(RTCCUINTREG fOrMask, RTCCUINTREG fAndMask)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
-    RTCCUINTREG uOld = this_cpu_read(cpu_tlbstate.cr4);
-    RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+    RTCCUINTREG const uOld = __read_cr4();
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
+    RTCCUINTREG const uOld = this_cpu_read(cpu_tlbstate.cr4);
+#else
+    RTCCUINTREG const uOld = ASMGetCR4();
+#endif
+    RTCCUINTREG const uNew = (uOld & fAndMask) | fOrMask;
     if (uNew != uOld)
     {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+        ASMSetCR4(uNew);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
         this_cpu_write(cpu_tlbstate.cr4, uNew);
         __write_cr4(uNew);
-    }
 #else
-    RTCCUINTREG uOld = ASMGetCR4();
-    RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
-    if (uNew != uOld)
         ASMSetCR4(uNew);
 #endif
+    }
     return uOld;
 }
 
Index: src/VBox/Additions/linux/sharedfolders/vfsmod.c
===================================================================
diff --git a/src/VBox/Additions/linux/sharedfolders/vfsmod.c b/src/VBox/Additions/linux/sharedfolders/vfsmod.c
--- a/src/VBox/Additions/linux/sharedfolders/vfsmod.c	(revision 85431)
+++ b/src/VBox/Additions/linux/sharedfolders/vfsmod.c	(revision 85432)
@@ -52,7 +52,7 @@
 #endif
 #include <linux/seq_file.h>
 #include <linux/vfs.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
 # include <linux/vermagic.h>
 #endif
 #include <VBox/err.h>
Index: Config.kmk
===================================================================
diff --git a/Config.kmk b/Config.kmk
--- a/Config.kmk	(revision 85446)
+++ b/Config.kmk	(revision 85447)
@@ -4462,10 +4462,17 @@ endif # pe
 
 ifeq ($(VBOX_LDR_FMT),elf)
 TEMPLATE_VBoxR0_TOOL                = $(VBOX_GCC_TOOL)
-TEMPLATE_VBoxR0_CFLAGS              = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C)   $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
-TEMPLATE_VBoxR0_CXXFLAGS            = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
-TEMPLATE_VBoxR0_CFLAGS.amd64        = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
-TEMPLATE_VBoxR0_CXXFLAGS.amd64      = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
+TEMPLATE_VBoxR0_CFLAGS              = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) \
+	$(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
+	$(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
+TEMPLATE_VBoxR0_CXXFLAGS            = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) \
+	$(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
+	$(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) \
+	-fno-rtti $(VBOX_GCC_std) $(VBOX_GCC_IPRT_FMT_CHECK)
+TEMPLATE_VBoxR0_CFLAGS.amd64        = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow \
+	-fasynchronous-unwind-tables -ffreestanding
+TEMPLATE_VBoxR0_CXXFLAGS.amd64      = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow \
+	-fasynchronous-unwind-tables
 TEMPLATE_VBoxR0_CXXFLAGS.freebsd    = -ffreestanding
  if $(VBOX_GCC_VERSION_CC) < 30400
   TEMPLATE_VBoxR0_DEFS             += RT_WITHOUT_PRAGMA_ONCE
@@ -4491,7 +4498,8 @@ ifn1of ($(KBUILD_TARGET),solaris freebsd)
 	$(VBOX_GCC_LIBGCC) # intrinsics
 endif
 if1of ($(KBUILD_TARGET),linux)
- TEMPLATE_VBoxR0_POST_CMDS          =  $(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
+ TEMPLATE_VBoxR0_POST_CMDS          = \
+ 	$(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
 endif
 endif
 
Index: tools/bin/gen-slickedit-workspace.sh
===================================================================
diff --git a/tools/bin/gen-slickedit-workspace.sh b/tools/bin/gen-slickedit-workspace.sh
--- a/tools/bin/gen-slickedit-workspace.sh	(revision 85452)
+++ b/tools/bin/gen-slickedit-workspace.sh	(revision 85453)
@@ -490,11 +490,13 @@
     #
     # Probe the slickedit user config, picking the most recent version.
     #
+    MY_VSLICK_DB_OLD=
     if test -z "${MY_SLICK_CONFIG}"; then
         if test -d "${HOME}/Library/Application Support/SlickEdit"; then
             MY_SLICKDIR_="${HOME}/Library/Application Support/SlickEdit"
             MY_USERCPP_H="unxcpp.h"
             MY_VSLICK_DB="vslick.sta" # was .stu earlier, 24 is using .sta.
+            MY_VSLICK_DB_OLD="vslick.stu"
         elif test -d "${HOMEDRIVE}${HOMEPATH}/Documents/My SlickEdit Config"; then
             MY_SLICKDIR_="${HOMEDRIVE}${HOMEPATH}/Documents/My SlickEdit Config"
             MY_USERCPP_H="usercpp.h"
@@ -502,7 +504,8 @@
         else
             MY_SLICKDIR_="${HOME}/.slickedit"
             MY_USERCPP_H="unxcpp.h"
-            MY_VSLICK_DB="vslick.stu"
+            MY_VSLICK_DB="vslick.sta"
+            MY_VSLICK_DB_OLD="vslick.stu"
         fi
     else
         MY_SLICKDIR_="${MY_SLICK_CONFIG}"
@@ -511,7 +514,8 @@
             MY_VSLICK_DB="vslick.sta"
         else
             MY_USERCPP_H="unxcpp.h"
-            MY_VSLICK_DB="vslick.stu"
+            MY_VSLICK_DB="vslick.sta"
+            MY_VSLICK_DB_OLD="vslick.stu"
         fi
         # MacOS: Implement me!
     fi
@@ -520,7 +524,9 @@
     MY_VER="0.0.0"
     for subdir in "${MY_SLICKDIR_}/"*;
     do
-        if test -f "${subdir}/${MY_USERCPP_H}"  -o  -f "${subdir}/${MY_VSLICK_DB}"; then
+        if test    -f "${subdir}/${MY_USERCPP_H}"  \
+                -o -f "${subdir}/${MY_VSLICK_DB}" \
+                -o '(' -n "${MY_VSLICK_DB_OLD}" -a -f "${subdir}/${MY_VSLICK_DB_OLD}" ')'; then
             MY_CUR_VER_NUM=0
             MY_CUR_VER=`echo "${subdir}" | ${MY_SED} -e 's,^.*/,,g'`
 
@@ -555,6 +561,7 @@
         echo "Found SlickEdit v${MY_VER} preprocessor file: ${MY_USERCPP_H_FULL}"
     else
         echo "Failed to locate SlickEdit preprocessor file. You need to manually merge ${MY_USERCPP_H}."
+        echo "dbg: MY_SLICKDIR=${MY_SLICKDIR}  MY_USERCPP_H_FULL=${MY_USERCPP_H_FULL}"
         MY_USERCPP_H_FULL=""
     fi
 
@@ -716,6 +723,10 @@
 #define RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm) int  a_ImplExtNm##_Init(P##a_TypeNm pThis, PCRTASN1ALLOCATORVTABLE pAllocator); int  a_ImplExtNm##_Clone(P##a_TypeNm pThis, PC##a_TypeNm) pSrc, PCRTASN1ALLOCATORVTABLE pAllocator); void a_ImplExtNm##_Delete(P##a_TypeNm pThis); int  a_ImplExtNm##_Enum(P##a_TypeNm pThis, PFNRTASN1ENUMCALLBACK pfnCallback, uint32_t uDepth, void *pvUser); int  a_ImplExtNm##_Compare(PC##a_TypeNm) pLeft, PC##a_TypeNm pRight); int  a_ImplExtNm##_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, P##a_TypeNm pThis, const char *pszErrorTag); int  a_ImplExtNm##_CheckSanity(PC##a_TypeNm pThis, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag)
 #define RTASN1TYPE_STANDARD_PROTOTYPES(a_TypeNm, a_DeclMacro, a_ImplExtNm, a_Asn1CoreNm) inline PRTASN1CORE a_ImplExtNm##_GetAsn1Core(PC##a_TypeNm pThis) { return (PRTASN1CORE)&pThis->a_Asn1CoreNm; } inline bool a_ImplExtNm##_IsPresent(PC##a_TypeNm pThis) { return pThis && RTASN1CORE_IS_PRESENT(&pThis->a_Asn1CoreNm); } RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm)
 
+#define RTLDRELF_NAME(name)             rtldrELF64##name
+#define RTLDRELF_SUFF(name)             name##64
+#define RTLDRELF_MID(pre,suff)          pre##64##suff
+
 #define BS3_DECL(type)                  type
 #define BS3_DECL_CALLBACK(type)         type
 #define TMPL_NM(name)                   name##_mmm
Index: include/iprt/asmdefs.mac
===================================================================
diff --git a/include/iprt/asmdefs.mac b/include/iprt/asmdefs.mac
--- a/include/iprt/asmdefs.mac	(revision 85459)
+++ b/include/iprt/asmdefs.mac	(revision 85460)
@@ -841,18 +841,18 @@
 ; is defined and RT_WITHOUT_NOCRT_WRAPPERS isn't.
 ;
 %macro RT_NOCRT_BEGINPROC 1
-%ifdef RT_WITH_NOCRT_ALIASES
-BEGINPROC RT_NOCRT(%1)
-%ifdef ASM_FORMAT_ELF
+ %ifdef RT_WITH_NOCRT_ALIASES
+BEGINPROC_EXPORTED RT_NOCRT(%1)
+  %ifdef ASM_FORMAT_ELF
 global NAME(%1)
 weak NAME(%1)
 NAME(%1):
-%else
+  %else
 GLOBALNAME %1
-%endif
-%else  ; !RT_WITH_NOCRT_ALIASES
-BEGINPROC RT_NOCRT(%1)
-%endif ; !RT_WITH_NOCRT_ALIASES
+  %endif
+ %else  ; !RT_WITH_NOCRT_ALIASES
+BEGINPROC_EXPORTED RT_NOCRT(%1)
+ %endif ; !RT_WITH_NOCRT_ALIASES
 %endmacro ; RT_NOCRT_BEGINPROC
 
 %ifdef RT_WITH_NOCRT_ALIASES
Index: src/VBox/Runtime/testcase/tstLdr-4.cpp
===================================================================
diff --git a/src/VBox/Runtime/testcase/tstLdr-4.cpp b/src/VBox/Runtime/testcase/tstLdr-4.cpp
--- a/src/VBox/Runtime/testcase/tstLdr-4.cpp	(revision 85460)
+++ b/src/VBox/Runtime/testcase/tstLdr-4.cpp	(revision 85461)
@@ -214,7 +214,7 @@ static int testLdrOne(const char *pszFilename)
                 break;
             }
             DECLCALLBACKPTR(int, pfnDisasmTest1)(void) = (DECLCALLBACKPTR(int, RT_NOTHING)(void))(uintptr_t)Value; /* eeeh. */
-            RTPrintf("tstLdr-4: pfnDisasmTest1=%p / add-symbol-file %s %#x\n", pfnDisasmTest1, pszFilename, aLoads[i].pvBits);
+            RTPrintf("tstLdr-4: pfnDisasmTest1=%p / add-symbol-file %s %#p\n", pfnDisasmTest1, pszFilename, aLoads[i].pvBits);
             uint32_t iSeg = 0;
             RTLdrEnumSegments(aLoads[i].hLdrMod, testEnumSegment, &iSeg);
 
Index: src/VBox/Runtime/testcase/tstLdr-4.cpp
===================================================================
diff --git a/src/VBox/Runtime/testcase/tstLdr-4.cpp b/src/VBox/Runtime/testcase/tstLdr-4.cpp
--- a/src/VBox/Runtime/testcase/tstLdr-4.cpp	(revision 85499)
+++ b/src/VBox/Runtime/testcase/tstLdr-4.cpp	(revision 85500)
@@ -35,9 +35,9 @@
 #include <iprt/assert.h>
 #include <iprt/param.h>
 #include <iprt/path.h>
-#include <iprt/initterm.h>
 #include <iprt/err.h>
 #include <iprt/string.h>
+#include <iprt/test.h>
 
 #include <VBox/sup.h>
 
@@ -45,8 +45,9 @@
 /*********************************************************************************************************************************
 *   Global Variables                                                                                                             *
 *********************************************************************************************************************************/
-static SUPGLOBALINFOPAGE g_MyGip = { SUPGLOBALINFOPAGE_MAGIC, SUPGLOBALINFOPAGE_VERSION, SUPGIPMODE_INVARIANT_TSC, 42 };
-static PSUPGLOBALINFOPAGE g_pMyGip = &g_MyGip;
+static RTTEST               g_hTest;
+static SUPGLOBALINFOPAGE    g_MyGip = { SUPGLOBALINFOPAGE_MAGIC, SUPGLOBALINFOPAGE_VERSION, SUPGIPMODE_INVARIANT_TSC, 42 };
+static PSUPGLOBALINFOPAGE   g_pMyGip = &g_MyGip;
 
 extern "C" DECLEXPORT(int) DisasmTest1(void);
 
@@ -58,6 +59,50 @@
              "     link=%RTptr LB %RTptr align=%RTptr fProt=%#x offFile=%RTfoff\n"
              , *piSeg, pSeg->RVA, pSeg->cbMapped, pSeg->pszName,
              pSeg->LinkAddress, pSeg->cb, pSeg->Alignment, pSeg->fProt, pSeg->offFile);
+
+    /*
+     * Do some address conversion tests:
+     */
+    if (pSeg->cbMapped != NIL_RTLDRADDR)
+    {
+        /* RTLdrRvaToSegOffset: */
+        uint32_t    iSegConv   = ~(uint32_t)42;
+        RTLDRADDR   offSegConv = ~(RTLDRADDR)22;
+        int rc = RTLdrRvaToSegOffset(hLdrMod, pSeg->RVA, &iSegConv, &offSegConv);
+        if (RT_FAILURE(rc))
+            RTTestIFailed("RTLdrRvaToSegOffset failed on Seg #%u / RVA %#RTptr: %Rrc", *piSeg, pSeg->RVA, rc);
+        else if (iSegConv != *piSeg || offSegConv != 0)
+                RTTestIFailed("RTLdrRvaToSegOffset on Seg #%u / RVA %#RTptr returned: iSegConv=%#x offSegConv=%RTptr, expected %#x and 0",
+                              *piSeg, pSeg->RVA, iSegConv, offSegConv, *piSeg);
+
+        /* RTLdrSegOffsetToRva: */
+        RTLDRADDR uRvaConv = ~(RTLDRADDR)22;
+        rc = RTLdrSegOffsetToRva(hLdrMod, *piSeg, 0, &uRvaConv);
+        if (RT_FAILURE(rc))
+            RTTestIFailed("RTLdrSegOffsetToRva failed on Seg #%u / off 0: %Rrc", *piSeg, rc);
+        else if (uRvaConv != pSeg->RVA)
+            RTTestIFailed("RTLdrSegOffsetToRva on Seg #%u / off 0 returned: %RTptr, expected %RTptr", *piSeg, uRvaConv, pSeg->RVA);
+
+        /* RTLdrLinkAddressToRva: */
+        uRvaConv = ~(RTLDRADDR)22;
+        rc = RTLdrLinkAddressToRva(hLdrMod, pSeg->LinkAddress, &uRvaConv);
+        if (RT_FAILURE(rc))
+            RTTestIFailed("RTLdrLinkAddressToRva failed on Seg #%u / %RTptr: %Rrc", *piSeg, pSeg->LinkAddress, rc);
+        else if (uRvaConv != pSeg->RVA)
+            RTTestIFailed("RTLdrLinkAddressToRva on Seg #%u / %RTptr returned: %RTptr, expected %RTptr",
+                          *piSeg, pSeg->LinkAddress, uRvaConv, pSeg->RVA);
+
+        /* RTLdrLinkAddressToSegOffset: */
+        iSegConv   = ~(uint32_t)42;
+        offSegConv = ~(RTLDRADDR)22;
+        rc = RTLdrLinkAddressToSegOffset(hLdrMod, pSeg->LinkAddress, &iSegConv, &offSegConv);
+        if (RT_FAILURE(rc))
+            RTTestIFailed("RTLdrLinkAddressToSegOffset failed on Seg #%u / %#RTptr: %Rrc", *piSeg, pSeg->LinkAddress, rc);
+        else if (iSegConv != *piSeg || offSegConv != 0)
+                RTTestIFailed("RTLdrLinkAddressToSegOffset on Seg #%u / %#RTptr returned: iSegConv=%#x offSegConv=%RTptr, expected %#x and 0",
+                              *piSeg, pSeg->LinkAddress, iSegConv, offSegConv, *piSeg);
+    }
+
     *piSeg += 1;
     RT_NOREF(hLdrMod);
     return VINF_SUCCESS;
@@ -125,12 +170,12 @@
  * regions the for compare usage. The third is loaded into one
  * and then relocated between the two and other locations a few times.
  *
- * @returns number of errors.
  * @param   pszFilename     The file to load the mess with.
  */
-static int testLdrOne(const char *pszFilename)
+static void testLdrOne(const char *pszFilename)
 {
-    int             cErrors = 0;
+    RTTestSub(g_hTest, RTPathFilename(pszFilename));
+
     size_t          cbImage = 0;
     struct Load
     {
@@ -155,9 +200,8 @@
         rc = RTLdrOpen(pszFilename, 0, RTLDRARCH_WHATEVER, &aLoads[i].hLdrMod);
         if (RT_FAILURE(rc))
         {
-            RTPrintf("tstLdr-4: Failed to open '%s'/%d, rc=%Rrc. aborting test.\n", pszFilename, i, rc);
+            RTTestIFailed("tstLdr-4: Failed to open '%s'/%d, rc=%Rrc. aborting test.", pszFilename, i, rc);
             Assert(aLoads[i].hLdrMod == NIL_RTLDRMOD);
-            cErrors++;
             break;
         }
 
@@ -165,8 +209,7 @@
         size_t cb = RTLdrSize(aLoads[i].hLdrMod);
         if (cbImage && cb != cbImage)
         {
-            RTPrintf("tstLdr-4: Size mismatch '%s'/%d. aborting test.\n", pszFilename, i);
-            cErrors++;
+            RTTestIFailed("tstLdr-4: Size mismatch '%s'/%d. aborting test.", pszFilename, i);
             break;
         }
         aLoads[i].cbBits = cbImage = cb;
@@ -175,8 +218,7 @@
         aLoads[i].pvBits = RTMemExecAlloc(cb);
         if (!aLoads[i].pvBits)
         {
-            RTPrintf("tstLdr-4: Out of memory '%s'/%d cbImage=%d. aborting test.\n", pszFilename, i, cbImage);
-            cErrors++;
+            RTTestIFailed("Out of memory '%s'/%d cbImage=%d. aborting test.", pszFilename, i, cbImage);
             break;
         }
 
@@ -184,8 +226,7 @@
         rc = RTLdrGetBits(aLoads[i].hLdrMod, aLoads[i].pvBits, (uintptr_t)aLoads[i].pvBits, testGetImport, NULL);
         if (RT_FAILURE(rc))
         {
-            RTPrintf("tstLdr-4: Failed to get bits for '%s'/%d, rc=%Rrc. aborting test\n", pszFilename, i, rc);
-            cErrors++;
+            RTTestIFailed("Failed to get bits for '%s'/%d, rc=%Rrc. aborting test", pszFilename, i, rc);
             break;
         }
     }
@@ -193,7 +234,7 @@
     /*
      * Execute the code.
      */
-    if (!cErrors)
+    if (!RTTestSubErrorCount(g_hTest))
     {
         for (i = 0; i < RT_ELEMENTS(aLoads); i += 1)
         {
@@ -209,8 +250,7 @@
                                       UINT32_MAX, "_DisasmTest1", &Value);
             if (RT_FAILURE(rc))
             {
-                RTPrintf("tstLdr-4: Failed to get symbol \"DisasmTest1\" from load #%d: %Rrc\n", i, rc);
-                cErrors++;
+                RTTestIFailed("Failed to get symbol \"DisasmTest1\" from load #%d: %Rrc", i, rc);
                 break;
             }
             typedef DECLCALLBACKPTR(int, PFNDISASMTEST1,(void));
@@ -222,10 +262,7 @@
             /* call the test function. */
             rc = pfnDisasmTest1();
             if (rc)
-            {
-                RTPrintf("tstLdr-4: load #%d Test1 -> %#x\n", i, rc);
-                cErrors++;
-            }
+                RTTestIFailed("load #%d Test1 -> %#x", i, rc);
 
             /* While we're here, check a couple of RTLdrQueryProp calls too */
             void *pvBits = aLoads[i].pvBits;
@@ -256,56 +293,42 @@
         {
             rc = RTLdrClose(aLoads[i].hLdrMod);
             if (RT_FAILURE(rc))
-            {
-                RTPrintf("tstLdr-4: Failed to close '%s' i=%d, rc=%Rrc.\n", pszFilename, i, rc);
-                cErrors++;
-            }
+                RTTestIFailed("Failed to close '%s' i=%d, rc=%Rrc.", pszFilename, i, rc);
         }
     }
 
-    return cErrors;
 }
 
 
 
-int main(int argc, char **argv)
+int main()
 {
-    int cErrors = 0;
-    RTR3InitExe(argc, &argv, 0);
+    RTEXITCODE rcExit = RTTestInitAndCreate("tstLdr-4", &g_hTest);
+    if (rcExit != RTEXITCODE_SUCCESS)
+        return rcExit;
 
     /*
      * Sanity check.
      */
     int rc = DisasmTest1();
-    if (rc)
+    if (rc == 0)
     {
-        RTPrintf("tstLdr-4: FATAL ERROR - DisasmTest1 is buggy: rc=%#x\n", rc);
-        return 1;
-    }
+        /*
+         * Execute the test.
+         */
+        char szPath[RTPATH_MAX];
+        rc = RTPathExecDir(szPath, sizeof(szPath) - sizeof("/tstLdrObjR0.r0"));
+        if (RT_SUCCESS(rc))
+        {
+            strcat(szPath, "/tstLdrObjR0.r0");
 
-    /*
-     * Execute the test.
-     */
-    char szPath[RTPATH_MAX];
-    rc = RTPathExecDir(szPath, sizeof(szPath) - sizeof("/tstLdrObjR0.r0"));
-    if (RT_SUCCESS(rc))
-    {
-        strcat(szPath, "/tstLdrObjR0.r0");
-        RTPrintf("tstLdr-4: TESTING '%s'...\n", szPath);
-        cErrors += testLdrOne(szPath);
+            testLdrOne(szPath);
+        }
+        else
+            RTTestIFailed("RTPathExecDir -> %Rrc", rc);
     }
     else
-    {
-        RTPrintf("tstLdr-4: RTPathExecDir -> %Rrc\n", rc);
-        cErrors++;
-    }
+        RTTestIFailed("FATAL ERROR - DisasmTest1 is buggy: rc=%#x", rc);
 
-    /*
-     * Test result summary.
-     */
-    if (!cErrors)
-        RTPrintf("tstLdr-4: SUCCESS\n");
-    else
-        RTPrintf("tstLdr-4: FAILURE - %d errors\n", cErrors);
-    return !!cErrors;
+    return RTTestSummaryAndDestroy(g_hTest);
 }
Index: include/iprt/formats/elf-common.h
===================================================================
diff --git a/include/iprt/formats/elf-common.h b/include/iprt/formats/elf-common.h
--- a/include/iprt/formats/elf-common.h	(revision 85500)
+++ b/include/iprt/formats/elf-common.h	(revision 85501)
@@ -198,6 +198,12 @@
 #define PT_LOPROC       0x70000000      /* First processor-specific type. */
 #define PT_HIPROC       0x7fffffff      /* Last processor-specific type. */
 
+#define PT_GNU_EH_FRAME 0x6474e550 /**< GNU/Linux -> .eh_frame_hdr */
+#define PT_GNU_STACK    0x6474e551 /**< GNU/Linux -> stack prot (RWX or RW) */
+#define PT_GNU_RELRO    0x6474e552 /**< GNU/Linux -> make RO after relocations */
+#define PT_GNU_PROPERTY 0x6474e553 /**< GNU/Linux -> .note.gnu.property */
+
+
 /* Values for p_flags. */
 #define PF_X            0x1     /* Executable. */
 #define PF_W            0x2     /* Writable. */
Index: src/VBox/Runtime/common/ldr/ldrELF.cpp
===================================================================
diff --git a/src/VBox/Runtime/common/ldr/ldrELF.cpp b/src/VBox/Runtime/common/ldr/ldrELF.cpp
--- a/src/VBox/Runtime/common/ldr/ldrELF.cpp	(revision 85500)
+++ b/src/VBox/Runtime/common/ldr/ldrELF.cpp	(revision 85501)
@@ -51,9 +51,11 @@
 *   Defined Constants And Macros                                                                                                 *
 *********************************************************************************************************************************/
 /** Finds an ELF symbol table string. */
-#define ELF_STR(pHdrs, iStr) ((pHdrs)->pStr + (iStr))
+#define ELF_STR(pHdrs, iStr)        ((pHdrs)->Rel.pStr + (iStr))
+/** Finds an ELF symbol table string. */
+#define ELF_DYN_STR(pHdrs, iStr)    ((pHdrs)->Dyn.pStr + (iStr))
 /** Finds an ELF section header string. */
-#define ELF_SH_STR(pHdrs, iStr) ((pHdrs)->pShStr + (iStr))
+#define ELF_SH_STR(pHdrs, iStr)     ((pHdrs)->pShStr + (iStr))
 
 
 
@@ -62,6 +64,7 @@
 *********************************************************************************************************************************/
 #ifdef LOG_ENABLED
 static const char *rtldrElfGetShdrType(uint32_t iType);
+static const char *rtldrElfGetPhdrType(uint32_t iType);
 #endif
 
 
@@ -81,6 +84,7 @@
 
 
 #ifdef LOG_ENABLED
+
 /**
  * Gets the section type.
  *
@@ -91,25 +95,53 @@
 {
     switch (iType)
     {
-        case SHT_NULL:          return "SHT_NULL";
-        case SHT_PROGBITS:      return "SHT_PROGBITS";
-        case SHT_SYMTAB:        return "SHT_SYMTAB";
-        case SHT_STRTAB:        return "SHT_STRTAB";
-        case SHT_RELA:          return "SHT_RELA";
-        case SHT_HASH:          return "SHT_HASH";
-        case SHT_DYNAMIC:       return "SHT_DYNAMIC";
-        case SHT_NOTE:          return "SHT_NOTE";
-        case SHT_NOBITS:        return "SHT_NOBITS";
-        case SHT_REL:           return "SHT_REL";
-        case SHT_SHLIB:         return "SHT_SHLIB";
-        case SHT_DYNSYM:        return "SHT_DYNSYM";
+        RT_CASE_RET_STR(SHT_NULL);
+        RT_CASE_RET_STR(SHT_PROGBITS);
+        RT_CASE_RET_STR(SHT_SYMTAB);
+        RT_CASE_RET_STR(SHT_STRTAB);
+        RT_CASE_RET_STR(SHT_RELA);
+        RT_CASE_RET_STR(SHT_HASH);
+        RT_CASE_RET_STR(SHT_DYNAMIC);
+        RT_CASE_RET_STR(SHT_NOTE);
+        RT_CASE_RET_STR(SHT_NOBITS);
+        RT_CASE_RET_STR(SHT_REL);
+        RT_CASE_RET_STR(SHT_SHLIB);
+        RT_CASE_RET_STR(SHT_DYNSYM);
         default:
             return "";
     }
 }
-#endif
 
+/**
+ * Gets the program header type.
+ *
+ * @returns Pointer to read only string.
+ * @param   iType       The section type index.
+ */
+static const char *rtldrElfGetPhdrType(uint32_t iType)
+{
+    switch (iType)
+    {
+        RT_CASE_RET_STR(PT_NULL);
+        RT_CASE_RET_STR(PT_LOAD);
+        RT_CASE_RET_STR(PT_DYNAMIC);
+        RT_CASE_RET_STR(PT_INTERP);
+        RT_CASE_RET_STR(PT_NOTE);
+        RT_CASE_RET_STR(PT_SHLIB);
+        RT_CASE_RET_STR(PT_PHDR);
+        RT_CASE_RET_STR(PT_TLS);
+        RT_CASE_RET_STR(PT_GNU_EH_FRAME);
+        RT_CASE_RET_STR(PT_GNU_STACK);
+        RT_CASE_RET_STR(PT_GNU_RELRO);
+        RT_CASE_RET_STR(PT_GNU_PROPERTY);
+        default:
+            return "";
+    }
+}
 
+#endif /* LOG_ENABLED*/
+
+
 /**
  * Open an ELF image.
  *
@@ -124,8 +156,6 @@
 {
     const char *pszLogName = pReader->pfnLogName(pReader); NOREF(pszLogName);
 
-    RT_NOREF_PV(pErrInfo); /** @todo implement */
-
     /*
      * Read the ident to decide if this is 32-bit or 64-bit
      * and worth dealing with.
@@ -134,6 +164,7 @@
     int rc = pReader->pfnRead(pReader, &e_ident, sizeof(e_ident), 0);
     if (RT_FAILURE(rc))
         return rc;
+
     if (    e_ident[EI_MAG0] != ELFMAG0
         ||  e_ident[EI_MAG1] != ELFMAG1
         ||  e_ident[EI_MAG2] != ELFMAG2
@@ -141,19 +172,17 @@
         ||  (   e_ident[EI_CLASS] != ELFCLASS32
              && e_ident[EI_CLASS] != ELFCLASS64)
        )
-    {
-        Log(("RTLdrELF: %s: Unsupported/invalid ident %.*Rhxs\n", pszLogName, sizeof(e_ident), e_ident));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: Unsupported/invalid ident %.*Rhxs", pszLogName, sizeof(e_ident), e_ident);
+
     if (e_ident[EI_DATA] != ELFDATA2LSB)
-    {
-        Log(("RTLdrELF: %s: ELF endian %x is unsupported\n", pszLogName, e_ident[EI_DATA]));
-        return VERR_LDRELF_ODD_ENDIAN;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_ODD_ENDIAN,
+                                   "%s: ELF endian %x is unsupported", pszLogName, e_ident[EI_DATA]);
+
     if (e_ident[EI_CLASS] == ELFCLASS32)
-        rc = rtldrELF32Open(pReader, fFlags, enmArch, phLdrMod);
+        rc = rtldrELF32Open(pReader, fFlags, enmArch, phLdrMod, pErrInfo);
     else
-        rc = rtldrELF64Open(pReader, fFlags, enmArch, phLdrMod);
+        rc = rtldrELF64Open(pReader, fFlags, enmArch, phLdrMod, pErrInfo);
     return rc;
 }
 
Index: src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
===================================================================
diff --git a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
--- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85500)
+++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85501)
@@ -29,31 +29,37 @@
 *   Defined Constants And Macros                                               *
 *******************************************************************************/
 #if ELF_MODE == 32
-#define RTLDRELF_NAME(name) rtldrELF32##name
-#define RTLDRELF_SUFF(name) name##32
-#define RTLDRELF_MID(pre,suff) pre##32##suff
-#define FMT_ELF_ADDR    "%08RX32"
-#define FMT_ELF_HALF    "%04RX16"
-#define FMT_ELF_OFF     "%08RX32"
-#define FMT_ELF_SIZE    "%08RX32"
-#define FMT_ELF_SWORD   "%RI32"
-#define FMT_ELF_WORD    "%08RX32"
-#define FMT_ELF_XWORD   "%08RX32"
-#define FMT_ELF_SXWORD  "%RI32"
+# define RTLDRELF_NAME(name)    rtldrELF32##name
+# define RTLDRELF_SUFF(name)    name##32
+# define RTLDRELF_MID(pre,suff) pre##32##suff
+# define FMT_ELF_ADDR           "%08RX32"
+# define FMT_ELF_ADDR7          "%07RX32"
+# define FMT_ELF_HALF           "%04RX16"
+# define FMT_ELF_OFF            "%08RX32"
+# define FMT_ELF_SIZE           "%08RX32"
+# define FMT_ELF_SWORD          "%RI32"
+# define FMT_ELF_WORD           "%08RX32"
+# define FMT_ELF_XWORD          "%08RX32"
+# define FMT_ELF_SXWORD         "%RI32"
+# define Elf_Xword              Elf32_Word
+# define Elf_Sxword             Elf32_Sword
 
 #elif ELF_MODE == 64
-#define RTLDRELF_NAME(name) rtldrELF64##name
-#define RTLDRELF_SUFF(name) name##64
-#define RTLDRELF_MID(pre,suff) pre##64##suff
-#define FMT_ELF_ADDR    "%016RX64"
-#define FMT_ELF_HALF    "%04RX16"
-#define FMT_ELF_SHALF   "%RI16"
-#define FMT_ELF_OFF     "%016RX64"
-#define FMT_ELF_SIZE    "%016RX64"
-#define FMT_ELF_SWORD   "%RI32"
-#define FMT_ELF_WORD    "%08RX32"
-#define FMT_ELF_XWORD   "%016RX64"
-#define FMT_ELF_SXWORD  "%RI64"
+# define RTLDRELF_NAME(name)    rtldrELF64##name
+# define RTLDRELF_SUFF(name)    name##64
+# define RTLDRELF_MID(pre,suff) pre##64##suff
+# define FMT_ELF_ADDR           "%016RX64"
+# define FMT_ELF_ADDR7          "%08RX64"
+# define FMT_ELF_HALF           "%04RX16"
+# define FMT_ELF_SHALF          "%RI16"
+# define FMT_ELF_OFF            "%016RX64"
+# define FMT_ELF_SIZE           "%016RX64"
+# define FMT_ELF_SWORD          "%RI32"
+# define FMT_ELF_WORD           "%08RX32"
+# define FMT_ELF_XWORD          "%016RX64"
+# define FMT_ELF_SXWORD         "%RI64"
+# define Elf_Xword              Elf64_Xword
+# define Elf_Sxword             Elf64_Sxword
 #endif
 
 #define Elf_Ehdr            RTLDRELF_MID(Elf,_Ehdr)
@@ -74,6 +80,9 @@
 #define RTLDRMODELF         RTLDRELF_MID(RTLDRMODELF,RT_NOTHING)
 #define PRTLDRMODELF        RTLDRELF_MID(PRTLDRMODELF,RT_NOTHING)
 
+#define RTLDRMODELFSHX      RTLDRELF_MID(RTLDRMODELFSHX,RT_NOTHING)
+#define PRTLDRMODELFSHX     RTLDRELF_MID(PRTLDRMODELFSHX,RT_NOTHING)
+
 #define ELF_R_SYM(info)     RTLDRELF_MID(ELF,_R_SYM)(info)
 #define ELF_R_TYPE(info)    RTLDRELF_MID(ELF,_R_TYPE)(info)
 #define ELF_R_INFO(sym, type) RTLDRELF_MID(ELF,_R_INFO)(sym, type)
@@ -86,6 +95,20 @@
 *   Structures and Typedefs                                                    *
 *******************************************************************************/
 /**
+ * Extra section info.
+ */
+typedef struct RTLDRMODELFSHX
+{
+    /** The corresponding program header. */
+    uint16_t        idxPhdr;
+    /** The corresponding dynamic section entry (address). */
+    uint16_t        idxDt;
+    /** The DT tag. */
+    uint32_t        uDtTag;
+} RTLDRMODELFSHX;
+typedef RTLDRMODELFSHX *PRTLDRMODELFSHX;
+
+/**
  * The ELF loader structure.
  */
 typedef struct RTLDRMODELF
@@ -105,6 +128,11 @@
     /** Unmodified section headers (allocated after paShdrs, so no need to free).
      * Not valid if the image is DONE. */
     Elf_Shdr const         *paOrgShdrs;
+    /** Runs parallel to paShdrs and is part of the same allocation. */
+    PRTLDRMODELFSHX         paShdrExtras;
+    /** Base section number, either 1 or zero depending on whether we've
+     *  re-used the NULL entry for .elf.headers in ET_EXEC/ET_DYN. */
+    unsigned                iFirstSect;
     /** The size of the loaded image. */
     size_t                  cbImage;
 
@@ -111,32 +139,71 @@
     /** The image base address if it's an EXEC or DYN image. */
     Elf_Addr                LinkAddress;
 
-    /** The symbol section index. */
-    unsigned                iSymSh;
-    /** Number of symbols in the table. */
-    unsigned                cSyms;
-    /** Pointer to symbol table within RTLDRMODELF::pvBits. */
-    const Elf_Sym          *paSyms;
+    struct
+    {
+        /** The symbol section index. */
+        unsigned            iSymSh;
+        /** Number of symbols in the table. */
+        unsigned            cSyms;
+        /** Pointer to symbol table within RTLDRMODELF::pvBits. */
+        const Elf_Sym      *paSyms;
 
-    /** The string section index. */
-    unsigned                iStrSh;
-    /** Size of the string table. */
-    unsigned                cbStr;
-    /** Pointer to string table within RTLDRMODELF::pvBits. */
-    const char             *pStr;
+        /** The string section index. */
+        unsigned            iStrSh;
+        /** Size of the string table. */
+        unsigned            cbStr;
+        /** Pointer to string table within RTLDRMODELF::pvBits. */
+        const char         *pStr;
+    } Rel /**< Regular symbols and strings. */
+    , Dyn /**< Dynamic symbols and strings. */;
 
+    /** Pointer to section header string table within RTLDRMODELF::pvBits. */
+    const char             *pShStr;
     /** Size of the section header string table. */
     unsigned                cbShStr;
-    /** Pointer to section header string table within RTLDRMODELF::pvBits. */
-    const char             *pShStr;
 
     /** The '.eh_frame' section index.  Zero if not searched for, ~0U if not found. */
     unsigned                iShEhFrame;
     /** The '.eh_frame_hdr' section index.  Zero if not searched for, ~0U if not found. */
     unsigned                iShEhFrameHdr;
-} RTLDRMODELF, *PRTLDRMODELF;
 
+    /** The '.dynamic' / SHT_DYNAMIC section index.  ~0U if not present. */
+    unsigned                iShDynamic;
+    /** Number of entries in paDynamic. */
+    unsigned                cDynamic;
+    /** The dynamic section (NULL for ET_REL). */
+    Elf_Dyn                *paDynamic;
+    /** Program headers (NULL for ET_REL). */
+    Elf_Phdr               *paPhdrs;
 
+    /** Info extracted from PT_DYNAMIC and the program headers. */
+    struct
+    {
+        /** DT_RELA/DT_REL. */
+        Elf_Addr            uPtrRelocs;
+        /** DT_RELASZ/DT_RELSZ. */
+        Elf_Xword           cbRelocs;
+        /** Non-zero if we've seen DT_RELAENT/DT_RELENT. */
+        unsigned            cbRelocEntry;
+        /** DT_RELA or DT_REL. */
+        unsigned            uRelocType;
+        /** The index of the section header matching DT_RELA/DT_REL. */
+        unsigned            idxShRelocs;
+
+        /** DT_JMPREL. */
+        Elf_Addr            uPtrJmpRelocs;
+        /** DT_PLTRELSZ. */
+        Elf_Xword           cbJmpRelocs;
+        /** DT_RELA or DT_REL (if we've seen DT_PLTREL). */
+        unsigned            uJmpRelocType;
+        /** The index of the section header matching DT_JMPREL. */
+        unsigned            idxShJmpRelocs;
+    } DynInfo;
+} RTLDRMODELF;
+/** Pointer to an ELF module instance. */
+typedef RTLDRMODELF *PRTLDRMODELF;
+
+
 /**
  * Maps the image bits into memory and resolve pointers into it.
  *
@@ -154,11 +221,15 @@
     if (RT_SUCCESS(rc))
     {
         const uint8_t *pu8 = (const uint8_t *)pModElf->pvBits;
-        if (pModElf->iSymSh != ~0U)
-            pModElf->paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->iSymSh].sh_offset);
-        if (pModElf->iStrSh != ~0U)
-            pModElf->pStr   =    (const char *)(pu8 + pModElf->paShdrs[pModElf->iStrSh].sh_offset);
-        pModElf->pShStr     =    (const char *)(pu8 + pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_offset);
+        if (pModElf->Rel.iSymSh != ~0U)
+            pModElf->Rel.paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->Rel.iSymSh].sh_offset);
+        if (pModElf->Rel.iStrSh != ~0U)
+            pModElf->Rel.pStr   =    (const char *)(pu8 + pModElf->paShdrs[pModElf->Rel.iStrSh].sh_offset);
+        if (pModElf->Dyn.iSymSh != ~0U)
+            pModElf->Dyn.paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->Dyn.iSymSh].sh_offset);
+        if (pModElf->Dyn.iStrSh != ~0U)
+            pModElf->Dyn.pStr   =    (const char *)(pu8 + pModElf->paShdrs[pModElf->Dyn.iStrSh].sh_offset);
+        pModElf->pShStr         =    (const char *)(pu8 + pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_offset);
 
         /*
          * Verify that the ends of the string tables have a zero terminator
@@ -167,10 +238,14 @@
          * sh_offset and sh_size were verfied in RTLDRELF_NAME(ValidateSectionHeader)() already so they
          * are safe to use.
          */
-        AssertMsgStmt(   pModElf->iStrSh == ~0U
-                      || pModElf->pStr[pModElf->paShdrs[pModElf->iStrSh].sh_size - 1] == '\0',
+        AssertMsgStmt(   pModElf->Rel.iStrSh == ~0U
+                      || pModElf->Rel.pStr[pModElf->paShdrs[pModElf->Rel.iStrSh].sh_size - 1] == '\0',
                       ("The string table is not zero terminated!\n"),
                       rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
+        AssertMsgStmt(   pModElf->Dyn.iStrSh == ~0U
+                      || pModElf->Dyn.pStr[pModElf->paShdrs[pModElf->Dyn.iStrSh].sh_size - 1] == '\0',
+                      ("The string table is not zero terminated!\n"),
+                      rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
         AssertMsgStmt(pModElf->pShStr[pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_size - 1] == '\0',
                       ("The section header string table is not zero terminated!\n"),
                       rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
@@ -180,10 +255,12 @@
             /* Unmap. */
             int rc2 = pModElf->Core.pReader->pfnUnmap(pModElf->Core.pReader, pModElf->pvBits);
             AssertRC(rc2);
-            pModElf->pvBits = NULL;
-            pModElf->paSyms = NULL;
-            pModElf->pStr   = NULL;
-            pModElf->pShStr = NULL;
+            pModElf->pvBits     = NULL;
+            pModElf->Rel.paSyms = NULL;
+            pModElf->Rel.pStr   = NULL;
+            pModElf->Dyn.paSyms = NULL;
+            pModElf->Dyn.pStr   = NULL;
+            pModElf->pShStr     = NULL;
         }
     }
     return rc;
@@ -200,7 +277,102 @@
  *
  */
 
+/**
+ * Get the symbol and symbol value.
+ *
+ * @returns iprt status code.
+ * @param   pModElf         The ELF loader module instance data.
+ * @param   BaseAddr        The base address which the module is being fixedup to.
+ * @param   pfnGetImport    The callback function to use to resolve imports (aka unresolved externals).
+ * @param   pvUser          User argument to pass to the callback.
+ * @param   iSym            The symbol to get.
+ * @param   ppSym           Where to store the symbol pointer on success. (read only)
+ * @param   pSymValue       Where to store the symbol value on success.
+ */
+static int RTLDRELF_NAME(SymbolExecDyn)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
+                                        Elf_Size iSym, const Elf_Sym **ppSym, Elf_Addr *pSymValue)
+{
+    /*
+     * Validate and find the symbol.
+     */
+    AssertMsgReturn(iSym < pModElf->Dyn.cSyms, ("iSym=%d is an invalid symbol index!\n", iSym), VERR_LDRELF_INVALID_SYMBOL_INDEX);
+    const Elf_Sym *pSym = &pModElf->Dyn.paSyms[iSym];
+    *ppSym = pSym;
 
+    AssertMsgReturn(pSym->st_name < pModElf->Dyn.cbStr,
+                    ("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->Dyn.cbStr),
+                    VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
+    const char * const pszName = pModElf->Dyn.pStr + pSym->st_name;
+
+    /*
+     * Determine the symbol value.
+     *
+     * Symbols needs different treatment depending on which section their are in.
+     * Undefined and absolute symbols goes into special non-existing sections.
+     */
+    switch (pSym->st_shndx)
+    {
+        /*
+         * Undefined symbol, needs resolving.
+         *
+         * Since ELF has no generic concept of importing from specific module (the OS/2 ELF format
+         * has but that's an OS extension and only applies to programs and dlls), we'll have to ask
+         * the resolver callback to do a global search.
+         */
+        case SHN_UNDEF:
+        {
+            /* Try to resolve the symbol. */
+            RTUINTPTR Value;
+            int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &Value, pvUser);
+            AssertMsgRCReturn(rc, ("Failed to resolve '%s' (iSym=" FMT_ELF_SIZE " rc=%Rrc\n", pszName, iSym, rc), rc);
+
+            *pSymValue = (Elf_Addr)Value;
+            AssertMsgReturn((RTUINTPTR)*pSymValue == Value,
+                            ("Symbol value overflowed! '%s' (iSym=" FMT_ELF_SIZE "\n", pszName, iSym), VERR_SYMBOL_VALUE_TOO_BIG);
+
+            Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
+            break;
+        }
+
+        /*
+         * Absolute symbols needs no fixing since they are, well, absolute.
+         */
+        case SHN_ABS:
+            *pSymValue = pSym->st_value;
+            Log2(("rtldrELF: #%-3d - ABS   " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
+            break;
+
+        /*
+         * All other symbols are addressed relative the image base in DYN and EXEC binaries.
+         */
+        default:
+            AssertMsgReturn(pSym->st_shndx < pModElf->Ehdr.e_shnum,
+                            ("iSym=%d st_shndx=%d e_shnum=%d pszName=%s\n", iSym, pSym->st_shndx, pModElf->Ehdr.e_shnum, pszName),
+                            VERR_BAD_EXE_FORMAT);
+            *pSymValue = pSym->st_value + BaseAddr;
+            Log2(("rtldrELF: #%-3d - %5d " FMT_ELF_ADDR " '%s'\n", iSym, pSym->st_shndx, *pSymValue, pszName));
+            break;
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+#if   ELF_MODE == 32
+/** Helper for RelocateSectionExecDyn. */
+DECLINLINE(const Elf_Shdr *) RTLDRELF_NAME(RvaToSectionHeader)(PRTLDRMODELF pModElf, Elf_Addr uRva)
+{
+    const Elf_Shdr * const pShdrFirst = pModElf->paShdrs;
+    const Elf_Shdr *pShdr = pShdrFirst + pModElf->Ehdr.e_shnum;
+    while (--pShdr != pShdrFirst)
+        if (uRva - pShdr->sh_addr /*rva*/ < pShdr->sh_size)
+            return pShdr;
+    AssertFailed();
+    return pShdr;
+}
+#endif
+
+
 /**
  * Applies the fixups for a section in an executable image.
  *
@@ -230,84 +402,106 @@
      * Iterate the relocations.
      * The relocations are stored in an array of Elf32_Rel records and covers the entire relocation section.
      */
+#if   ELF_MODE == 32
+    const Elf_Shdr   *pShdr    = pModElf->paShdrs;
     const Elf_Addr    offDelta = BaseAddr - pModElf->LinkAddress;
+#endif
     const Elf_Reloc  *paRels   = (const Elf_Reloc *)pvRelocs;
-    const unsigned    iRelMax   = (unsigned)(cbRelocs / sizeof(paRels[0]));
+    const unsigned    iRelMax  = (unsigned)(cbRelocs / sizeof(paRels[0]));
     AssertMsgReturn(iRelMax == cbRelocs / sizeof(paRels[0]), (FMT_ELF_SIZE "\n", cbRelocs / sizeof(paRels[0])),
                     VERR_IMAGE_TOO_BIG);
     for (unsigned iRel = 0; iRel < iRelMax; iRel++)
     {
         /*
-         * Skip R_XXX_NONE entries early to avoid confusion in the symbol
-         * getter code.
+         * Apply fixups not taking a symbol (will 'continue' rather than 'break').
          */
+        AssertMsgReturn(paRels[iRel].r_offset < cbSec, (FMT_ELF_ADDR " " FMT_ELF_SIZE "\n", paRels[iRel].r_offset, cbSec),
+                        VERR_LDRELF_INVALID_RELOCATION_OFFSET);
 #if   ELF_MODE == 32
-        if (ELF_R_TYPE(paRels[iRel].r_info) == R_386_NONE)
-            continue;
+        if (paRels[iRel].r_offset - pShdr->sh_addr /*rva*/ >= pShdr->sh_size)
+            pShdr = RTLDRELF_NAME(RvaToSectionHeader)(pModElf, paRels[iRel].r_offset);
+        static const Elf_Addr s_uZero = 0;
+        const Elf_Addr *pAddrR = RT_LIKELY(pShdr->sh_type != SHT_NOBITS)                     /* Where to read the addend. */
+                               ? (const Elf_Addr *)(pu8SecBaseR + paRels[iRel].r_offset - pShdr->sh_addr /*rva*/
+                                                    + pShdr->sh_offset)
+                               : &s_uZero;
+#endif
+        Elf_Addr       *pAddrW =       (Elf_Addr *)(pu8SecBaseW + paRels[iRel].r_offset);    /* Where to write the fixup. */
+        switch (ELF_R_TYPE(paRels[iRel].r_info))
+        {
+            /*
+             * Image relative (addend + base).
+             */
+#if   ELF_MODE == 32
+            case R_386_RELATIVE:
+            {
+                const Elf_Addr Value = *pAddrR + BaseAddr;
+                *(uint32_t *)pAddrW = Value;
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_RELATIVE Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
+                AssertCompile(sizeof(Value) == sizeof(uint32_t));
+                continue;
+            }
 #elif ELF_MODE == 64
-        if (ELF_R_TYPE(paRels[iRel].r_info) == R_X86_64_NONE)
-            continue;
+            case R_X86_64_RELATIVE:
+            {
+                const Elf_Addr Value = paRels[iRel].r_addend + BaseAddr;
+                *(uint64_t *)pAddrW = (uint64_t)Value;
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_RELATIVE Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
+                AssertCompile(sizeof(Value) == sizeof(uint64_t));
+                continue;
+            }
 #endif
 
+            /*
+             * R_XXX_NONE.
+             */
+#if   ELF_MODE == 32
+            case R_386_NONE:
+#elif ELF_MODE == 64
+            case R_X86_64_NONE:
+#endif
+                continue;
+        }
+
         /*
          * Validate and find the symbol, resolve undefined ones.
          */
-        Elf_Size iSym = ELF_R_SYM(paRels[iRel].r_info);
-        if (iSym >= pModElf->cSyms)
-        {
-            AssertMsgFailed(("iSym=%d is an invalid symbol index!\n", iSym));
-            return VERR_LDRELF_INVALID_SYMBOL_INDEX;
-        }
-        const Elf_Sym *pSym = &pModElf->paSyms[iSym];
-        if (pSym->st_name >= pModElf->cbStr)
-        {
-            AssertMsgFailed(("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->cbStr));
-            return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
-        }
+        const Elf_Sym  *pSym = NULL; /* shut up gcc */
+        Elf_Addr        SymValue = 0; /* shut up gcc-4 */
+        int rc = RTLDRELF_NAME(SymbolExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser, ELF_R_SYM(paRels[iRel].r_info), &pSym, &SymValue);
+        if (RT_FAILURE(rc))
+            return rc;
 
-        Elf_Addr SymValue = 0;
-        if (pSym->st_shndx == SHN_UNDEF)
-        {
-            /* Try to resolve the symbol. */
-            const char *pszName = ELF_STR(pModElf, pSym->st_name);
-            RTUINTPTR   ExtValue;
-            int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &ExtValue, pvUser);
-            AssertMsgRCReturn(rc, ("Failed to resolve '%s' rc=%Rrc\n", pszName, rc), rc);
-            SymValue = (Elf_Addr)ExtValue;
-            AssertMsgReturn((RTUINTPTR)SymValue == ExtValue, ("Symbol value overflowed! '%s'\n", pszName),
-                            VERR_SYMBOL_VALUE_TOO_BIG);
-            Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, SymValue, pszName));
-        }
-        else
-        {
-            AssertMsgReturn(pSym->st_shndx < pModElf->Ehdr.e_shnum || pSym->st_shndx == SHN_ABS, ("%#x\n", pSym->st_shndx),
-                            VERR_LDRELF_INVALID_RELOCATION_OFFSET);
-#if   ELF_MODE == 64
-            SymValue = pSym->st_value;
-#endif
-        }
-
-#if   ELF_MODE == 64
-        /* Calc the value (indexes checked above; assumes SHN_UNDEF == 0). */
-        Elf_Addr Value;
-        if (pSym->st_shndx < pModElf->Ehdr.e_shnum)
-            Value = SymValue + offDelta;
-        else /* SHN_ABS: */
-            Value = SymValue + paRels[iRel].r_addend;
-#endif
-
         /*
          * Apply the fixup.
          */
-        AssertMsgReturn(paRels[iRel].r_offset < cbSec, (FMT_ELF_ADDR " " FMT_ELF_SIZE "\n", paRels[iRel].r_offset, cbSec), VERR_LDRELF_INVALID_RELOCATION_OFFSET);
-#if   ELF_MODE == 32
-        const Elf_Addr *pAddrR = (const Elf_Addr *)(pu8SecBaseR + paRels[iRel].r_offset);    /* Where to read the addend. */
-#endif
-        Elf_Addr       *pAddrW =       (Elf_Addr *)(pu8SecBaseW + paRels[iRel].r_offset);    /* Where to write the fixup. */
         switch (ELF_R_TYPE(paRels[iRel].r_info))
         {
 #if   ELF_MODE == 32
             /*
+             * GOT/PLT.
+             */
+            case R_386_GLOB_DAT:
+            {
+                *(uint32_t *)pAddrW = (uint32_t)SymValue;
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_GLOB_DAT Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
+                AssertCompile(sizeof(SymValue) == sizeof(uint32_t));
+                break;
+            }
+
+            case R_386_JMP_SLOT:
+            {
+                *(uint32_t *)pAddrW = (uint32_t)SymValue;
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_JMP_SLOT Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
+                AssertCompile(sizeof(SymValue) == sizeof(uint32_t));
+                break;
+            }
+
+            /*
              * Absolute addressing.
              */
             case R_386_32:
@@ -322,7 +516,8 @@
                 else
                     AssertFailedReturn(VERR_LDR_GENERAL_FAILURE); /** @todo SHN_COMMON */
                 *(uint32_t *)pAddrW = Value;
-                Log4((FMT_ELF_ADDR": R_386_32   Value=" FMT_ELF_ADDR "\n", SecAddr + paRels[iRel].r_offset + BaseAddr, Value));
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_32   Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
                 break;
             }
 
@@ -344,20 +539,42 @@
                 }
                 else
                     AssertFailedReturn(VERR_LDR_GENERAL_FAILURE); /** @todo SHN_COMMON */
-                Log4((FMT_ELF_ADDR": R_386_PC32 Value=" FMT_ELF_ADDR "\n", SecAddr + paRels[iRel].r_offset + BaseAddr, Value));
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_PC32 Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
                 break;
             }
 
 #elif ELF_MODE == 64
+            /*
+             * GOT/PLT.
+             */
+            case R_X86_64_GLOB_DAT:
+            {
+                *(uint64_t *)pAddrW = (uint64_t)SymValue;
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_GLOB_DAT Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
+                AssertCompile(sizeof(SymValue) == sizeof(uint64_t));
+                break;
+            }
 
+            case R_X86_64_JMP_SLOT:
+            {
+                *(uint64_t *)pAddrW = (uint64_t)SymValue;
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_JMP_SLOT Value=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
+                AssertCompile(sizeof(SymValue) == sizeof(uint64_t));
+                break;
+            }
+
             /*
-             * Absolute addressing
+             * Absolute addressing.
              */
             case R_X86_64_64:
             {
+                const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
                 *(uint64_t *)pAddrW = Value;
-                Log4((FMT_ELF_ADDR": R_X86_64_64   Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-                      SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_64   Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
                 break;
             }
 
@@ -366,9 +583,10 @@
              */
             case R_X86_64_32:
             {
+                const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
                 *(uint32_t *)pAddrW = (uint32_t)Value;
-                Log4((FMT_ELF_ADDR": R_X86_64_32   Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-                      SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_32   Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
                 AssertMsgReturn((Elf_Addr)*(uint32_t *)pAddrW == SymValue, ("Value=" FMT_ELF_ADDR "\n", SymValue),
                                 VERR_SYMBOL_VALUE_TOO_BIG);
                 break;
@@ -379,9 +597,10 @@
              */
             case R_X86_64_32S:
             {
+                const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
                 *(int32_t *)pAddrW = (int32_t)Value;
-                Log4((FMT_ELF_ADDR": R_X86_64_32S  Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-                      SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_32S  Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+                      SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
                 AssertMsgReturn((Elf_Addr)*(int32_t *)pAddrW == Value, ("Value=" FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG); /** @todo check the sign-extending here. */
                 break;
             }
@@ -390,18 +609,17 @@
              * PC relative addressing.
              */
             case R_X86_64_PC32:
-            case R_X86_64_PLT32: /* binutils commit 451875b4f976a527395e9303224c7881b65e12ed feature/regression. */
             {
-                const Elf_Addr SourceAddr = SecAddr + paRels[iRel].r_offset + BaseAddr; /* Where the source really is. */
-                Value -= SourceAddr;
+                const Elf_Addr SourceAddr = SecAddr  + paRels[iRel].r_offset + BaseAddr; /* Where the source really is. */
+                const Elf_Addr Value      = SymValue + paRels[iRel].r_addend - SourceAddr;
                 *(int32_t *)pAddrW = (int32_t)Value;
-                Log4((FMT_ELF_ADDR": R_X86_64_PC32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-                      SourceAddr, Value, SymValue));
+                Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_PC32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+                      SourceAddr, paRels[iRel].r_offset, Value, SymValue));
                 AssertMsgReturn((Elf_Addr)*(int32_t *)pAddrW == Value, ("Value=" FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG); /** @todo check the sign-extending here. */
                 break;
             }
+
 #endif
-
             default:
                 AssertMsgFailed(("Unknown relocation type: %d (iRel=%d iRelMax=%d)\n",
                                  ELF_R_TYPE(paRels[iRel].r_info), iRel, iRelMax));
@@ -442,19 +660,13 @@
     /*
      * Validate and find the symbol.
      */
-    if (iSym >= pModElf->cSyms)
-    {
-        AssertMsgFailed(("iSym=%d is an invalid symbol index!\n", iSym));
-        return VERR_LDRELF_INVALID_SYMBOL_INDEX;
-    }
-    const Elf_Sym *pSym = &pModElf->paSyms[iSym];
+    AssertMsgReturn(iSym < pModElf->Rel.cSyms, ("iSym=%d is an invalid symbol index!\n", iSym), VERR_LDRELF_INVALID_SYMBOL_INDEX);
+    const Elf_Sym *pSym = &pModElf->Rel.paSyms[iSym];
     *ppSym = pSym;
 
-    if (pSym->st_name >= pModElf->cbStr)
-    {
-        AssertMsgFailed(("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->cbStr));
-        return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
-    }
+    AssertMsgReturn(pSym->st_name < pModElf->Rel.cbStr,
+                    ("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->Rel.cbStr),
+                    VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
     const char *pszName = ELF_STR(pModElf, pSym->st_name);
 
     /*
@@ -469,7 +681,7 @@
          * Undefined symbol, needs resolving.
          *
          * Since ELF has no generic concept of importing from specific module (the OS/2 ELF format
-         * has but that's a OS extension and only applies to programs and dlls), we'll have to ask
+         * has but that's an OS extension and only applies to programs and dlls), we'll have to ask
          * the resolver callback to do a global search.
          */
         case SHN_UNDEF:
@@ -477,18 +689,13 @@
             /* Try to resolve the symbol. */
             RTUINTPTR Value;
             int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &Value, pvUser);
-            if (RT_FAILURE(rc))
-            {
-                AssertMsgFailed(("Failed to resolve '%s' rc=%Rrc\n", pszName, rc));
-                return rc;
-            }
+            AssertMsgRCReturn(rc, ("Failed to resolve '%s' (iSym=" FMT_ELF_SIZE " rc=%Rrc\n", pszName, iSym, rc), rc);
             *pSymValue = (Elf_Addr)Value;
-            if ((RTUINTPTR)*pSymValue != Value)
-            {
-                AssertMsgFailed(("Symbol value overflowed! '%s'\n", pszName));
-                return VERR_SYMBOL_VALUE_TOO_BIG;
-            }
 
+            AssertMsgReturn((RTUINTPTR)*pSymValue == Value,
+                            ("Symbol value overflowed! '%s' (iSym=" FMT_ELF_SIZE ")\n", pszName, iSym),
+                            VERR_SYMBOL_VALUE_TOO_BIG);
+
             Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
             break;
         }
@@ -536,9 +743,9 @@
  * @param   pvRelocs        Pointer to where we read the relocations from.
  * @param   cbRelocs        Size of the relocations.
  */
-static int RTLDRELF_NAME(RelocateSection)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
-                                          const Elf_Addr SecAddr, Elf_Size cbSec, const uint8_t *pu8SecBaseR, uint8_t *pu8SecBaseW,
-                                          const void *pvRelocs, Elf_Size cbRelocs)
+static int RTLDRELF_NAME(RelocateSectionRel)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
+                                             const Elf_Addr SecAddr, Elf_Size cbSec, const uint8_t *pu8SecBaseR,
+                                             uint8_t *pu8SecBaseW, const void *pvRelocs, Elf_Size cbRelocs)
 {
 #if ELF_MODE != 32
     NOREF(pu8SecBaseR);
@@ -702,6 +909,18 @@
         pModElf->paShdrs = NULL;
     }
 
+    if (pModElf->paPhdrs)
+    {
+        RTMemFree(pModElf->paPhdrs);
+        pModElf->paPhdrs = NULL;
+    }
+
+    if (pModElf->paDynamic)
+    {
+        RTMemFree(pModElf->paDynamic);
+        pModElf->paDynamic = NULL;
+    }
+
     if (pModElf->pvBits)
     {
         pModElf->Core.pReader->pfnUnmap(pModElf->Core.pReader, pModElf->pvBits);
@@ -721,9 +940,9 @@
 }
 
 
-/** @copydoc RTLDROPS::EnumSymbols */
-static DECLCALLBACK(int) RTLDRELF_NAME(EnumSymbols)(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits, RTUINTPTR BaseAddress,
-                                                    PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
+/** @copydoc RTLDROPS::pfnEnumSymbols */
+static DECLCALLBACK(int) RTLDRELF_NAME(EnumSymbols)(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits,
+                                                    RTUINTPTR BaseAddress, PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
 {
     PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
     NOREF(pvBits);
@@ -744,8 +963,20 @@
     /*
      * Enumerate the symbol table.
      */
-    const Elf_Sym  *paSyms = pModElf->paSyms;
-    unsigned        cSyms  = pModElf->cSyms;
+    const Elf_Sym  *paSyms  = pModElf->Rel.paSyms;
+    unsigned        cSyms   = pModElf->Rel.cSyms;
+    const char     *pszzStr = pModElf->Rel.pStr;
+    unsigned        cbStr   = pModElf->Rel.cbStr;
+    if (   (   !(fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL)
+            && pModElf->Dyn.cSyms > 0)
+        || cSyms == 0)
+    {
+        paSyms  = pModElf->Dyn.paSyms;
+        cSyms   = pModElf->Dyn.cSyms;
+        pszzStr = pModElf->Dyn.pStr;
+        cbStr   = pModElf->Dyn.cbStr;
+    }
+
     for (unsigned iSym = 1; iSym < cSyms; iSym++)
     {
         /*
@@ -774,22 +1005,21 @@
                 return VERR_BAD_EXE_FORMAT;
             }
 
-            AssertMsgReturn(paSyms[iSym].st_name < pModElf->cbStr,
+            AssertMsgReturn(paSyms[iSym].st_name < cbStr,
                             ("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name),
                             VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
+            const char * const pszName = pszzStr + paSyms[iSym].st_name;
 
-            const char *pszName = ELF_STR(pModElf, paSyms[iSym].st_name);
             /* String termination was already checked when the string table was mapped. */
-            if (    (pszName && *pszName)
+            if (    *pszName != '\0'
                 &&  (   (fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL)
-                     || ELF_ST_BIND(paSyms[iSym].st_info) == STB_GLOBAL)
-               )
+                     || ELF_ST_BIND(paSyms[iSym].st_info) == STB_GLOBAL) )
             {
                 /*
                  * Call back.
                  */
                 AssertMsgReturn(Value == (RTUINTPTR)Value, (FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG);
-                rc = pfnCallback(pMod, pszName, ~0U, (RTUINTPTR)Value, pvUser);
+                rc = pfnCallback(pMod, pszName, iSym, (RTUINTPTR)Value, pvUser);
                 if (rc)
                     return rc;
             }
@@ -820,13 +1050,11 @@
     switch (pModElf->Ehdr.e_type)
     {
         case ET_REL:
+        case ET_DYN:
             break;
         case ET_EXEC:
             Log(("RTLdrELF: %s: Executable images are not supported yet!\n", pModElf->Core.pReader->pfnLogName(pModElf->Core.pReader)));
             return VERR_LDRELF_EXEC;
-        case ET_DYN:
-            Log(("RTLdrELF: %s: Dynamic images are not supported yet!\n", pModElf->Core.pReader->pfnLogName(pModElf->Core.pReader)));
-            return VERR_LDRELF_DYN;
         default: AssertFailedReturn(VERR_BAD_EXE_FORMAT);
     }
 
@@ -885,13 +1113,11 @@
     switch (pModElf->Ehdr.e_type)
     {
         case ET_REL:
+        case ET_DYN:
             break;
         case ET_EXEC:
             Log(("RTLdrELF: %s: Executable images are not supported yet!\n", pszLogName));
             return VERR_LDRELF_EXEC;
-        case ET_DYN:
-            Log(("RTLdrELF: %s: Dynamic images are not supported yet!\n", pszLogName));
-            return VERR_LDRELF_DYN;
         default: AssertFailedReturn(VERR_BAD_EXE_FORMAT);
     }
 
@@ -910,8 +1136,9 @@
 
     /*
      * Iterate the sections looking for interesting SHT_REL[A] sections.
-     * SHT_REL[A] sections have the section index of the section they contain fixups
-     * for in the sh_info member.
+     *
+     * In ET_REL files the SHT_REL[A] sections have the section index of
+     * the section they contain fixups for in the sh_info member.
      */
     const Elf_Shdr *paShdrs = pModElf->paShdrs;
     Log2(("rtLdrElf: %s: Fixing up image\n", pszLogName));
@@ -928,36 +1155,37 @@
         if (pShdrRel->sh_type != SHT_RELA)
 #endif
             continue;
-        if (pShdrRel->sh_info >= pModElf->Ehdr.e_shnum)
-            continue;
-        const Elf_Shdr *pShdr = &paShdrs[pShdrRel->sh_info]; /* the section to fixup. */
-        if (!(pShdr->sh_flags & SHF_ALLOC))
-            continue;
+        if (pModElf->Ehdr.e_type == ET_REL)
+        {
+            if (pShdrRel->sh_info >= pModElf->Ehdr.e_shnum)
+                continue;
+            const Elf_Shdr *pShdr = &paShdrs[pShdrRel->sh_info]; /* the section to fixup. */
+            if (!(pShdr->sh_flags & SHF_ALLOC))
+                continue;
 
-        /*
-         * Relocate the section.
-         */
-        Log2(("rtldrELF: %s: Relocation records for #%d [%s] (sh_info=%d sh_link=%d) found in #%d [%s] (sh_info=%d sh_link=%d)\n",
-              pszLogName, (int)pShdrRel->sh_info, ELF_SH_STR(pModElf, pShdr->sh_name), (int)pShdr->sh_info, (int)pShdr->sh_link,
-              iShdr, ELF_SH_STR(pModElf, pShdrRel->sh_name), (int)pShdrRel->sh_info, (int)pShdrRel->sh_link));
+            /*
+             * Relocate the section.
+             */
+            Log2(("rtldrELF: %s: Relocation records for #%d [%s] (sh_info=%d sh_link=%d) found in #%d [%s] (sh_info=%d sh_link=%d)\n",
+                  pszLogName, (int)pShdrRel->sh_info, ELF_SH_STR(pModElf, pShdr->sh_name), (int)pShdr->sh_info, (int)pShdr->sh_link,
+                  iShdr, ELF_SH_STR(pModElf, pShdrRel->sh_name), (int)pShdrRel->sh_info, (int)pShdrRel->sh_link));
 
-        /** @todo Make RelocateSection a function pointer so we can select the one corresponding to the machine when opening the image. */
-        if (pModElf->Ehdr.e_type == ET_REL)
-            rc = RTLDRELF_NAME(RelocateSection)(pModElf, BaseAddr, pfnGetImport, pvUser,
-                                                pShdr->sh_addr,
-                                                pShdr->sh_size,
-                                                (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
-                                                (uint8_t *)pvBits + pShdr->sh_addr,
-                                                (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
-                                                pShdrRel->sh_size);
+            rc = RTLDRELF_NAME(RelocateSectionRel)(pModElf, BaseAddr, pfnGetImport, pvUser,
+                                                   pShdr->sh_addr,
+                                                   pShdr->sh_size,
+                                                   (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
+                                                   (uint8_t *)pvBits + pShdr->sh_addr,
+                                                   (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
+                                                   pShdrRel->sh_size);
+        }
         else
             rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser,
-                                                       pShdr->sh_addr,
-                                                       pShdr->sh_size,
-                                                       (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
-                                                       (uint8_t *)pvBits + pShdr->sh_addr,
+                                                       0, pModElf->cbImage,
+                                                       (const uint8_t *)pModElf->pvBits /** @todo file offset ?? */,
+                                                       (uint8_t *)pvBits,
                                                        (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
                                                        pShdrRel->sh_size);
+
         if (RT_FAILURE(rc))
             return rc;
     }
@@ -1016,11 +1244,20 @@
     /*
      * Calc all kinds of pointers before we start iterating the symbol table.
      */
-    const Elf_Sym     *paSyms = pModElf->paSyms;
-    unsigned            cSyms = pModElf->cSyms;
+    const Elf_Sym *paSyms  = pModElf->Rel.paSyms;
+    unsigned       cSyms   = pModElf->Rel.cSyms;
+    const char    *pszzStr = pModElf->Rel.pStr;
+    unsigned       cbStr   = pModElf->Rel.cbStr;
+    if (pModElf->Dyn.cSyms > 0)
+    {
+        paSyms  = pModElf->Dyn.paSyms;
+        cSyms   = pModElf->Dyn.cSyms;
+        pszzStr = pModElf->Dyn.pStr;
+        cbStr   = pModElf->Dyn.cbStr;
+    }
+
     if (iOrdinal == UINT32_MAX)
     {
-        const char     *pStr  = pModElf->pStr;
         for (unsigned iSym = 1; iSym < cSyms; iSym++)
         {
             /* Undefined symbols are not exports, they are imports. */
@@ -1029,19 +1266,14 @@
                      || ELF_ST_BIND(paSyms[iSym].st_info) == STB_WEAK))
             {
                 /* Validate the name string and try match with it. */
-                if (paSyms[iSym].st_name < pModElf->cbStr)
+                AssertMsgReturn(paSyms[iSym].st_name < cbStr,
+                                ("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name),
+                                VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
+                if (!strcmp(pszSymbol, pszzStr + paSyms[iSym].st_name))
                 {
-                    if (!strcmp(pszSymbol, pStr + paSyms[iSym].st_name))
-                    {
-                        /* matched! */
-                        return RTLDRELF_NAME(ReturnSymbol)(pModElf, &paSyms[iSym], uBaseAddr, pValue);
-                    }
+                    /* matched! */
+                    return RTLDRELF_NAME(ReturnSymbol)(pModElf, &paSyms[iSym], uBaseAddr, pValue);
                 }
-                else
-                {
-                    AssertMsgFailed(("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name));
-                    return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
-                }
             }
         }
     }
@@ -1163,16 +1395,24 @@
     Elf_Addr        uPrevMappedRva = 0;
     const Elf_Shdr *paShdrs    = pModElf->paShdrs;
     const Elf_Shdr *paOrgShdrs = pModElf->paOrgShdrs;
-    for (unsigned iShdr = 1; iShdr < pModElf->Ehdr.e_shnum; iShdr++)
+    for (unsigned iShdr = pModElf->iFirstSect; iShdr < pModElf->Ehdr.e_shnum; iShdr++)
     {
         RTLDRSEG Seg;
-        Seg.pszName     = ELF_SH_STR(pModElf, paShdrs[iShdr].sh_name);
-        Seg.cchName     = (uint32_t)strlen(Seg.pszName);
-        if (Seg.cchName == 0)
+        if (iShdr != 0)
         {
-            Seg.pszName = szName;
-            Seg.cchName = (uint32_t)RTStrPrintf(szName, sizeof(szName), "UnamedSect%02u", iShdr);
+            Seg.pszName     = ELF_SH_STR(pModElf, paShdrs[iShdr].sh_name);
+            Seg.cchName     = (uint32_t)strlen(Seg.pszName);
+            if (Seg.cchName == 0)
+            {
+                Seg.pszName = szName;
+                Seg.cchName = (uint32_t)RTStrPrintf(szName, sizeof(szName), "UnamedSect%02u", iShdr);
+            }
         }
+        else
+        {
+            Seg.pszName = ".elf.headers";
+            Seg.cchName = 12;
+        }
         Seg.SelFlat     = 0;
         Seg.Sel16bit    = 0;
         Seg.fFlags      = 0;
@@ -1230,10 +1470,11 @@
     PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
 
     const Elf_Shdr *pShdrEnd = NULL;
-    unsigned        cLeft    = pModElf->Ehdr.e_shnum - 1;
-    const Elf_Shdr *pShdr    = &pModElf->paOrgShdrs[cLeft];
+    unsigned        cLeft    = pModElf->Ehdr.e_shnum - pModElf->iFirstSect;
+    const Elf_Shdr *pShdr    = &pModElf->paOrgShdrs[pModElf->Ehdr.e_shnum];
     while (cLeft-- > 0)
     {
+        pShdr--;
         if (pShdr->sh_flags & SHF_ALLOC)
         {
             RTLDRADDR offSeg = LinkAddress - pShdr->sh_addr;
@@ -1246,13 +1487,12 @@
             if (offSeg == pShdr->sh_size)
                 pShdrEnd = pShdr;
         }
-        pShdr--;
     }
 
     if (pShdrEnd)
     {
         *poffSeg = pShdrEnd->sh_size;
-        *piSeg   = pShdrEnd - pModElf->paOrgShdrs - 1;
+        *piSeg   = pShdrEnd - pModElf->paOrgShdrs - pModElf->iFirstSect;
         return VINF_SUCCESS;
     }
 
@@ -1268,7 +1508,7 @@
     RTLDRADDR    offSeg;
     int rc = RTLDRELF_NAME(LinkAddressToSegOffset)(pMod, LinkAddress, &iSeg, &offSeg);
     if (RT_SUCCESS(rc))
-        *pRva = pModElf->paShdrs[iSeg + 1].sh_addr + offSeg;
+        *pRva = pModElf->paShdrs[iSeg + pModElf->iFirstSect].sh_addr + offSeg;
     return rc;
 }
 
@@ -1278,10 +1518,10 @@
                                                        PRTLDRADDR pRva)
 {
     PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
-    if (iSeg >= pModElf->Ehdr.e_shnum - 1U)
+    if (iSeg >= pModElf->Ehdr.e_shnum - pModElf->iFirstSect)
         return VERR_LDR_INVALID_SEG_OFFSET;
 
-    iSeg++; /* skip section 0 */
+    iSeg += pModElf->iFirstSect; /* skip section 0 if not used */
     if (offSeg > pModElf->paShdrs[iSeg].sh_size)
     {
         const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&pModElf->paShdrs[iSeg + 1],
@@ -1303,13 +1543,13 @@
 static DECLCALLBACK(int) RTLDRELF_NAME(RvaToSegOffset)(PRTLDRMODINTERNAL pMod, RTLDRADDR Rva,
                                                        uint32_t *piSeg, PRTLDRADDR poffSeg)
 {
-    PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
-
+    PRTLDRMODELF    pModElf  = (PRTLDRMODELF)pMod;
     Elf_Addr        PrevAddr = 0;
-    unsigned        cLeft    = pModElf->Ehdr.e_shnum - 1;
-    const Elf_Shdr *pShdr    = &pModElf->paShdrs[cLeft];
+    unsigned        cLeft    = pModElf->Ehdr.e_shnum - pModElf->iFirstSect;
+    const Elf_Shdr *pShdr    = &pModElf->paShdrs[pModElf->Ehdr.e_shnum];
     while (cLeft-- > 0)
     {
+        pShdr--;
         if (pShdr->sh_flags & SHF_ALLOC)
         {
             Elf_Addr    cbSeg  = PrevAddr ? PrevAddr - pShdr->sh_addr : pShdr->sh_size;
@@ -1322,7 +1562,6 @@
             }
             PrevAddr = pShdr->sh_addr;
         }
-        pShdr--;
     }
 
     return VERR_LDR_INVALID_RVA;
@@ -1413,14 +1652,14 @@
          * Apply the relocations.
          */
         if (pThis->Ehdr.e_type == ET_REL)
-            rc = RTLDRELF_NAME(RelocateSection)(pThis, pThis->LinkAddress,
-                                                RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
-                                                pThis->paShdrs[iDbgInfo].sh_addr,
-                                                pThis->paShdrs[iDbgInfo].sh_size,
-                                                (const uint8_t *)pvBuf,
-                                                (uint8_t *)pvBuf,
-                                                pbRelocs,
-                                                pThis->paShdrs[iRelocs].sh_size);
+            rc = RTLDRELF_NAME(RelocateSectionRel)(pThis, pThis->LinkAddress,
+                                                   RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
+                                                   pThis->paShdrs[iDbgInfo].sh_addr,
+                                                   pThis->paShdrs[iDbgInfo].sh_size,
+                                                   (const uint8_t *)pvBuf,
+                                                   (uint8_t *)pvBuf,
+                                                   pbRelocs,
+                                                   pThis->paShdrs[iRelocs].sh_size);
         else
             rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pThis, pThis->LinkAddress,
                                                        RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
@@ -1561,11 +1800,13 @@
  *
  * @returns iprt status code.
  * @param   pEhdr       Pointer to the ELF header.
+ * @param   cbRawImage  The size of the raw image.
  * @param   pszLogName  The log name.
- * @param   cbRawImage  The size of the raw image.
+ * @param   penmArch    Where to return the architecture.
+ * @param   pErrInfo    Where to return extended error info. Optional.
  */
-static int RTLDRELF_NAME(ValidateElfHeader)(const Elf_Ehdr *pEhdr, const char *pszLogName, uint64_t cbRawImage,
-                                            PRTLDRARCH penmArch)
+static int RTLDRELF_NAME(ValidateElfHeader)(const Elf_Ehdr *pEhdr, uint64_t cbRawImage, const char *pszLogName,
+                                            PRTLDRARCH penmArch, PRTERRINFO pErrInfo)
 {
     Log3(("RTLdrELF:     e_ident: %.*Rhxs\n"
           "RTLdrELF:      e_type: " FMT_ELF_HALF "\n"
@@ -1587,48 +1828,31 @@
     if (    pEhdr->e_ident[EI_MAG0] != ELFMAG0
         ||  pEhdr->e_ident[EI_MAG1] != ELFMAG1
         ||  pEhdr->e_ident[EI_MAG2] != ELFMAG2
-        ||  pEhdr->e_ident[EI_MAG3] != ELFMAG3
-       )
-    {
-        Log(("RTLdrELF: %s: Invalid ELF magic (%.*Rhxs)\n", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident)); NOREF(pszLogName);
-        return VERR_BAD_EXE_FORMAT;
-    }
+        ||  pEhdr->e_ident[EI_MAG3] != ELFMAG3)
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: Invalid ELF magic (%.*Rhxs)", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident);
     if (pEhdr->e_ident[EI_CLASS] != RTLDRELF_SUFF(ELFCLASS))
-    {
-        Log(("RTLdrELF: %s: Invalid ELF class (%.*Rhxs)\n", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: Invalid ELF class (%.*Rhxs)", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident);
     if (pEhdr->e_ident[EI_DATA] != ELFDATA2LSB)
-    {
-        Log(("RTLdrELF: %s: ELF endian %x is unsupported\n", pszLogName, pEhdr->e_ident[EI_DATA]));
-        return VERR_LDRELF_ODD_ENDIAN;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_ODD_ENDIAN,
+                                   "%s: ELF endian %x is unsupported", pszLogName, pEhdr->e_ident[EI_DATA]);
     if (pEhdr->e_version != EV_CURRENT)
-    {
-        Log(("RTLdrELF: %s: ELF version %x is unsupported\n", pszLogName, pEhdr->e_version));
-        return VERR_LDRELF_VERSION;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_VERSION,
+                                   "%s: ELF version %x is unsupported", pszLogName, pEhdr->e_version);
 
     if (sizeof(Elf_Ehdr) != pEhdr->e_ehsize)
-    {
-        Log(("RTLdrELF: %s: Elf header e_ehsize is %d expected %d!\n",
-             pszLogName, pEhdr->e_ehsize, sizeof(Elf_Ehdr)));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: Elf header e_ehsize is %d expected %d!", pszLogName, pEhdr->e_ehsize, sizeof(Elf_Ehdr));
     if (    sizeof(Elf_Phdr) != pEhdr->e_phentsize
-        &&  (    pEhdr->e_phnum != 0
-             ||  pEhdr->e_type == ET_DYN))
-    {
-        Log(("RTLdrELF: %s: Elf header e_phentsize is %d expected %d!\n",
-             pszLogName, pEhdr->e_phentsize, sizeof(Elf_Phdr)));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        &&  (   pEhdr->e_phnum != 0
+             || pEhdr->e_type == ET_DYN
+             || pEhdr->e_type == ET_EXEC))
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Elf header e_phentsize is %d expected %d!",
+                                   pszLogName, pEhdr->e_phentsize, sizeof(Elf_Phdr));
     if (sizeof(Elf_Shdr) != pEhdr->e_shentsize)
-    {
-        Log(("RTLdrELF: %s: Elf header e_shentsize is %d expected %d!\n",
-             pszLogName, pEhdr->e_shentsize, sizeof(Elf_Shdr)));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Elf header e_shentsize is %d expected %d!",
+                                   pszLogName, pEhdr->e_shentsize, sizeof(Elf_Shdr));
 
     switch (pEhdr->e_type)
     {
@@ -1637,8 +1861,8 @@
         case ET_DYN:
             break;
         default:
-            Log(("RTLdrELF: %s: image type %#x is not supported!\n", pszLogName, pEhdr->e_type));
-            return VERR_BAD_EXE_FORMAT;
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: image type %#x is not supported!",
+                                       pszLogName, pEhdr->e_type);
     }
 
     switch (pEhdr->e_machine)
@@ -1654,52 +1878,43 @@
             break;
 #endif
         default:
-            Log(("RTLdrELF: %s: machine type %u is not supported!\n", pszLogName, pEhdr->e_machine));
-            return VERR_LDRELF_MACHINE;
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MACHINE,
+                                       "%s: machine type %u is not supported!", pszLogName, pEhdr->e_machine);
     }
 
     if (    pEhdr->e_phoff < pEhdr->e_ehsize
         &&  !(pEhdr->e_phoff && pEhdr->e_phnum)
         &&  pEhdr->e_phnum)
-    {
-        Log(("RTLdrELF: %s: The program headers overlap with the ELF header! e_phoff=" FMT_ELF_OFF "\n",
-             pszLogName, pEhdr->e_phoff));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: The program headers overlap with the ELF header! e_phoff=" FMT_ELF_OFF,
+                                   pszLogName, pEhdr->e_phoff);
     if (    pEhdr->e_phoff + pEhdr->e_phnum * pEhdr->e_phentsize > cbRawImage
         ||  pEhdr->e_phoff + pEhdr->e_phnum * pEhdr->e_phentsize < pEhdr->e_phoff)
-    {
-        Log(("RTLdrELF: %s: The program headers extends beyond the file! e_phoff=" FMT_ELF_OFF " e_phnum=" FMT_ELF_HALF "\n",
-             pszLogName, pEhdr->e_phoff, pEhdr->e_phnum));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: The program headers extends beyond the file! e_phoff=" FMT_ELF_OFF " e_phnum=" FMT_ELF_HALF,
+                                   pszLogName, pEhdr->e_phoff, pEhdr->e_phnum);
 
 
     if (    pEhdr->e_shoff < pEhdr->e_ehsize
         &&  !(pEhdr->e_shoff && pEhdr->e_shnum))
-    {
-        Log(("RTLdrELF: %s: The section headers overlap with the ELF header! e_shoff=" FMT_ELF_OFF "\n",
-             pszLogName, pEhdr->e_shoff));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: The section headers overlap with the ELF header! e_shoff=" FMT_ELF_OFF,
+                                   pszLogName, pEhdr->e_shoff);
     if (    pEhdr->e_shoff + pEhdr->e_shnum * pEhdr->e_shentsize > cbRawImage
         ||  pEhdr->e_shoff + pEhdr->e_shnum * pEhdr->e_shentsize < pEhdr->e_shoff)
-    {
-        Log(("RTLdrELF: %s: The section headers extends beyond the file! e_shoff=" FMT_ELF_OFF " e_shnum=" FMT_ELF_HALF "\n",
-             pszLogName, pEhdr->e_shoff, pEhdr->e_shnum));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: The section headers extends beyond the file! e_shoff=" FMT_ELF_OFF " e_shnum=" FMT_ELF_HALF,
+                                   pszLogName, pEhdr->e_shoff, pEhdr->e_shnum);
 
     if (pEhdr->e_shstrndx == 0 || pEhdr->e_shstrndx > pEhdr->e_shnum)
-    {
-        Log(("RTLdrELF: %s: The section headers string table is out of bounds! e_shstrndx=" FMT_ELF_HALF " e_shnum=" FMT_ELF_HALF "\n",
-             pszLogName, pEhdr->e_shstrndx, pEhdr->e_shnum));
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: The section headers string table is out of bounds! e_shstrndx=" FMT_ELF_HALF " e_shnum=" FMT_ELF_HALF,
+                                   pszLogName, pEhdr->e_shstrndx, pEhdr->e_shnum);
 
     return VINF_SUCCESS;
 }
 
+
 /**
  * Gets the section header name.
  *
@@ -1739,10 +1954,12 @@
  * @param   pModElf     Pointer to the module structure.
  * @param   iShdr       The index of section header which should be validated.
  *                      The section headers are found in the pModElf->paShdrs array.
+ * @param   cbRawImage  The size of the raw image.
  * @param   pszLogName  The log name.
- * @param   cbRawImage  The size of the raw image.
+ * @param   pErrInfo    Where to return extended error info. Optional.
  */
-static int RTLDRELF_NAME(ValidateSectionHeader)(PRTLDRMODELF pModElf, unsigned iShdr, const char *pszLogName, uint64_t cbRawImage)
+static int RTLDRELF_NAME(ValidateSectionHeader)(PRTLDRMODELF pModElf, unsigned iShdr, uint64_t cbRawImage,
+                                                const char *pszLogName, PRTERRINFO pErrInfo)
 {
     const Elf_Shdr *pShdr = &pModElf->paShdrs[iShdr];
     char szSectionName[80]; NOREF(szSectionName);
@@ -1774,26 +1991,20 @@
             || pShdr->sh_link       != SHN_UNDEF
             || pShdr->sh_addralign  != 0
             || pShdr->sh_entsize    != 0 )
-        {
-            Log(("RTLdrELF: %s: Bad #0 section: %.*Rhxs\n", pszLogName, sizeof(*pShdr), pShdr ));
-            return VERR_BAD_EXE_FORMAT;
-        }
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: Bad #0 section: %.*Rhxs", pszLogName, sizeof(*pShdr), pShdr);
         return VINF_SUCCESS;
     }
 
     if (pShdr->sh_name >= pModElf->cbShStr)
-    {
-        Log(("RTLdrELF: %s: Shdr #%d: sh_name (%d) is beyond the end of the section header string table (%d)!\n",
-             pszLogName, iShdr, pShdr->sh_name, pModElf->cbShStr)); NOREF(pszLogName);
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: Shdr #%d: sh_name (%d) is beyond the end of the section header string table (%d)!",
+                                   pszLogName, iShdr, pShdr->sh_name, pModElf->cbShStr);
 
     if (pShdr->sh_link >= pModElf->Ehdr.e_shnum)
-    {
-        Log(("RTLdrELF: %s: Shdr #%d: sh_link (%d) is beyond the end of the section table (%d)!\n",
-             pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum)); NOREF(pszLogName);
-        return VERR_BAD_EXE_FORMAT;
-    }
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: Shdr #%d: sh_link (%d) is beyond the end of the section table (%d)!",
+                                   pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum);
 
     switch (pShdr->sh_type)
     {
@@ -1800,11 +2011,9 @@
         /** @todo find specs and check up which sh_info fields indicates section table entries */
         case 12301230:
             if (pShdr->sh_info >= pModElf->Ehdr.e_shnum)
-            {
-                Log(("RTLdrELF: %s: Shdr #%d: sh_info (%d) is beyond the end of the section table (%d)!\n",
-                     pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum));
-                return VERR_BAD_EXE_FORMAT;
-            }
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: Shdr #%d: sh_info (%d) is beyond the end of the section table (%d)!",
+                                           pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum);
             break;
 
         case SHT_NULL:
@@ -1838,19 +2047,741 @@
         uint64_t offEnd = pShdr->sh_offset + pShdr->sh_size;
         if (    offEnd > cbRawImage
             ||  offEnd < (uint64_t)pShdr->sh_offset)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD " = %RX64) is beyond the end of the file (%RX64)!",
+                                       pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size, offEnd, cbRawImage);
+        if (pShdr->sh_offset < sizeof(Elf_Ehdr))
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD ") is starting in the ELF header!",
+                                       pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size);
+    }
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Process the section headers.
+ *
+ * @returns iprt status code.
+ * @param   pModElf     Pointer to the module structure.
+ * @param   paShdrs     The section headers.
+ * @param   cbRawImage  The size of the raw image.
+ * @param   pszLogName  The log name.
+ * @param   pErrInfo    Where to return extended error info. Optional.
+ */
+static int RTLDRELF_NAME(ValidateAndProcessSectionHeaders)(PRTLDRMODELF pModElf, Elf_Shdr *paShdrs, uint64_t cbRawImage,
+                                                           const char *pszLogName, PRTERRINFO pErrInfo)
+{
+    Elf_Addr uNextAddr = 0;
+    for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
+    {
+        int rc = RTLDRELF_NAME(ValidateSectionHeader)(pModElf, i, cbRawImage, pszLogName, pErrInfo);
+        if (RT_FAILURE(rc))
+            return rc;
+
+        /*
+         * We're looking for symbol tables.
+         */
+        if (paShdrs[i].sh_type == SHT_SYMTAB)
         {
-            Log(("RTLdrELF: %s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD " = %RX64) is beyond the end of the file (%RX64)!\n",
-                 pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size, offEnd, cbRawImage));
-            return VERR_BAD_EXE_FORMAT;
+            if (pModElf->Rel.iSymSh != ~0U)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MULTIPLE_SYMTABS,
+                                           "%s: Multiple symbol tabs! iSymSh=%d i=%d", pszLogName, pModElf->Rel.iSymSh, i);
+            pModElf->Rel.iSymSh = i;
+            pModElf->Rel.cSyms  = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
+            AssertBreakStmt(pModElf->Rel.cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
+            pModElf->Rel.iStrSh = paShdrs[i].sh_link;
+            pModElf->Rel.cbStr  = (unsigned)paShdrs[pModElf->Rel.iStrSh].sh_size;
+            AssertBreakStmt(pModElf->Rel.cbStr == paShdrs[pModElf->Rel.iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
         }
-        if (pShdr->sh_offset < sizeof(Elf_Ehdr))
+        else if (paShdrs[i].sh_type == SHT_DYNSYM)
         {
-            Log(("RTLdrELF: %s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD ") is starting in the ELF header!\n",
-                 pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size));
-            return VERR_BAD_EXE_FORMAT;
+            if (pModElf->Dyn.iSymSh != ~0U)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MULTIPLE_SYMTABS,
+                                           "%s: Multiple dynamic symbol tabs! iSymSh=%d i=%d", pszLogName, pModElf->Dyn.iSymSh, i);
+            if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: Unexpected SHT_DYNSYM (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
+            pModElf->Dyn.iSymSh = i;
+            pModElf->Dyn.cSyms  = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
+            AssertBreakStmt(pModElf->Dyn.cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
+            pModElf->Dyn.iStrSh = paShdrs[i].sh_link;
+            pModElf->Dyn.cbStr  = (unsigned)paShdrs[pModElf->Dyn.iStrSh].sh_size;
+            AssertBreakStmt(pModElf->Dyn.cbStr == paShdrs[pModElf->Dyn.iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
         }
+        /*
+         * We're also look for the dynamic section.
+         */
+        else if (paShdrs[i].sh_type == SHT_DYNAMIC)
+        {
+            if (pModElf->iShDynamic != ~0U)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: Multiple dynamic sections! iShDynamic=%d i=%d",
+                                           pszLogName, pModElf->iShDynamic, i);
+            if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "Unexpected SHT_DYNAMIC (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
+            if (paShdrs[i].sh_entsize != sizeof(Elf_Dyn))
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: SHT_DYNAMIC (i=%d) sh_entsize=" FMT_ELF_XWORD ",  expected %#zx",
+                                           pszLogName, i, paShdrs[i].sh_entsize, sizeof(Elf_Dyn));
+            pModElf->iShDynamic = i;
+            Elf_Xword const cDynamic = paShdrs[i].sh_size / sizeof(Elf_Dyn);
+            if (cDynamic > _64K || cDynamic < 2)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: SHT_DYNAMIC (i=%d) sh_size=" FMT_ELF_XWORD " is out of range, expected %u",
+                                           pszLogName, i, paShdrs[i].sh_size);
+            pModElf->cDynamic = (unsigned)cDynamic;
+        }
+
+        /*
+         * Special checks for the section string table.
+         */
+        if (i == pModElf->Ehdr.e_shstrndx)
+        {
+            if (paShdrs[i].sh_type != SHT_STRTAB)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: Section header string table is not a SHT_STRTAB: %#x",
+                                           pszLogName, paShdrs[i].sh_type);
+            if (paShdrs[i].sh_size == 0)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Section header string table is empty", pszLogName);
+        }
+
+        /*
+         * Kluge for the .data..percpu segment in 64-bit linux kernels.
+         */
+        if (paShdrs[i].sh_flags & SHF_ALLOC)
+        {
+            if (   paShdrs[i].sh_addr == 0
+                && paShdrs[i].sh_addr < uNextAddr)
+            {
+                Elf_Addr uAddr = RT_ALIGN_T(uNextAddr, paShdrs[i].sh_addralign, Elf_Addr);
+                Log(("RTLdrElf: Out of order section #%d; adjusting sh_addr from " FMT_ELF_ADDR " to " FMT_ELF_ADDR "\n",
+                     i, paShdrs[i].sh_addr, uAddr));
+                paShdrs[i].sh_addr = uAddr;
+            }
+            uNextAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
+        }
+    } /* for each section header */
+
+    return VINF_SUCCESS;
+}
+
+
+/**
+ * Process the section headers.
+ *
+ * @returns iprt status code.
+ * @param   pModElf     Pointer to the module structure.
+ * @param   paShdrs     The section headers.
+ * @param   cbRawImage  The size of the raw image.
+ * @param   pszLogName  The log name.
+ * @param   pErrInfo    Where to return extended error info. Optional.
+ */
+static int RTLDRELF_NAME(ValidateAndProcessDynamicInfo)(PRTLDRMODELF pModElf, uint64_t cbRawImage, uint32_t fFlags,
+                                                        const char *pszLogName, PRTERRINFO pErrInfo)
+{
+    /*
+     * Check preconditions.
+     */
+    AssertReturn(pModElf->Ehdr.e_type == ET_DYN || pModElf->Ehdr.e_type == ET_EXEC, VERR_INTERNAL_ERROR_2);
+    if (pModElf->Ehdr.e_phnum <= 1 || pModElf->Ehdr.e_phnum >= _32K)
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                   "%s: e_phnum=%u is out of bounds (2..32K)", pszLogName, pModElf->Ehdr.e_phnum);
+    if (pModElf->iShDynamic == ~0U)
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: no .dynamic section", pszLogName);
+    AssertReturn(pModElf->cDynamic > 1 && pModElf->cDynamic <= _64K, VERR_INTERNAL_ERROR_3);
+
+    /* ASSUME that the sections are ordered by address.  That simplifies
+       validation code further down. */
+    AssertReturn(pModElf->Ehdr.e_shnum >= 2, VERR_INTERNAL_ERROR_4);
+    Elf_Shdr const *paShdrs  = pModElf->paShdrs;
+    Elf_Addr        uPrevEnd = paShdrs[1].sh_addr + paShdrs[1].sh_size;
+    for (unsigned i = 2; i < pModElf->Ehdr.e_shnum; i++)
+        if (paShdrs[i].sh_flags & SHF_ALLOC)
+        {
+            if (uPrevEnd > paShdrs[i].sh_addr)
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                           "%s: section %u is out of order: uPrevEnd=" FMT_ELF_ADDR " sh_addr=" FMT_ELF_ADDR,
+                                           pszLogName, i, uPrevEnd, paShdrs[i].sh_addr);
+            uPrevEnd = paShdrs[i].sh_addr + paShdrs[i].sh_size;
+        }
+
+    /* Must have string and symbol tables. */
+    if (pModElf->Dyn.iStrSh == ~0U)
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: No dynamic string table section", pszLogName);
+    if (pModElf->Dyn.iSymSh == ~0U)
+        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: No dynamic symbol table section", pszLogName);
+
+    /*
+     * Load the program headers.
+     */
+    size_t const cbPhdrs = sizeof(pModElf->paPhdrs[0]) * pModElf->Ehdr.e_phnum;
+    Elf_Phdr    *paPhdrs = (Elf_Phdr *)RTMemAllocZ(cbPhdrs);
+    pModElf->paPhdrs = paPhdrs;
+    AssertReturn(paPhdrs, VERR_NO_MEMORY);
+
+    int rc = pModElf->Core.pReader->pfnRead(pModElf->Core.pReader, paPhdrs, cbPhdrs, pModElf->Ehdr.e_phoff);
+    if (RT_FAILURE(rc))
+        return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: pfnRead(,,%#zx, " FMT_ELF_OFF ") -> %Rrc",
+                                   pszLogName, cbPhdrs, pModElf->Ehdr.e_phoff, rc);
+
+    /*
+     * Validate them.
+     */
+    unsigned cbPage = _4K; /** @todo generalize architecture specific stuff using its own code template header.  */
+    switch (pModElf->Core.enmArch)
+    {
+        case RTLDRARCH_AMD64:
+        case RTLDRARCH_X86_32:
+            break;
+        default:
+            AssertFailedBreak(/** @todo page size for got.plt hacks */);
     }
+    unsigned iLoad          = 0;
+    unsigned iLoadShdr      = 1; /* ASSUMES ordered (checked above). */
+    unsigned cDynamic       = 0;
+    Elf_Addr cbImage        = 0;
+    Elf_Addr uLinkAddress   = ~(Elf_Addr)0;
+    for (unsigned i = 0; i < pModElf->Ehdr.e_phnum; i++)
+    {
+        const Elf_Phdr * const pPhdr = &paPhdrs[i];
+        Log3(("RTLdrELF: Program Header #%d:\n"
+              "RTLdrELF:   p_type: " FMT_ELF_WORD " (%s)\n"
+              "RTLdrELF:  p_flags: " FMT_ELF_WORD "\n"
+              "RTLdrELF: p_offset: " FMT_ELF_OFF "\n"
+              "RTLdrELF:  p_vaddr: " FMT_ELF_ADDR "\n"
+              "RTLdrELF:  p_paddr: " FMT_ELF_ADDR "\n"
+              "RTLdrELF: p_filesz: " FMT_ELF_XWORD "\n"
+              "RTLdrELF:  p_memsz: " FMT_ELF_XWORD "\n"
+              "RTLdrELF:  p_align: " FMT_ELF_XWORD "\n",
+              i,
+              pPhdr->p_type, rtldrElfGetPhdrType(pPhdr->p_type), pPhdr->p_flags, pPhdr->p_offset,
+              pPhdr->p_vaddr, pPhdr->p_paddr, pPhdr->p_filesz, pPhdr->p_memsz, pPhdr->p_align));
 
+        if (pPhdr->p_type == DT_NULL)
+            continue;
+
+        if (   pPhdr->p_filesz != 0
+            && (   pPhdr->p_offset >= cbRawImage
+                || pPhdr->p_filesz > cbRawImage
+                || pPhdr->p_offset + pPhdr->p_filesz > cbRawImage))
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: Prog Hdr #%u: bogus p_offset=" FMT_ELF_OFF " & p_filesz=" FMT_ELF_XWORD " (file size %#RX64)",
+                                       pszLogName, i, pPhdr->p_offset, pPhdr->p_filesz, cbRawImage);
+
+        if (pPhdr->p_flags & ~(Elf64_Word)(PF_X | PF_R | PF_W))
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Prog Hdr #%u: bogus p_flags=" FMT_ELF_WORD,
+                                       pszLogName, i, pPhdr->p_flags);
+
+        if (!RT_IS_POWER_OF_TWO(pPhdr->p_align))
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Prog Hdr #%u: bogus p_align=" FMT_ELF_XWORD,
+                                       pszLogName, i, pPhdr->p_align);
+
+        if (   pPhdr->p_align  > 1
+            && pPhdr->p_memsz  > 0
+            && pPhdr->p_filesz > 0
+            && (pPhdr->p_offset & (pPhdr->p_align - 1)) != (pPhdr->p_vaddr & (pPhdr->p_align - 1)))
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: Prog Hdr #%u: misaligned p_offset=" FMT_ELF_OFF " p_vaddr=" FMT_ELF_ADDR " p_align=" FMT_ELF_XWORD,
+                                       pszLogName, i, pPhdr->p_offset, pPhdr->p_vaddr, pPhdr->p_align);
+
+        /* Do some type specfic checks: */
+        switch (pPhdr->p_type)
+        {
+            case PT_LOAD:
+            {
+                if (pPhdr->p_memsz < pPhdr->p_filesz)
+                    return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                               "%s: Prog Hdr #%u/LOAD#%u: bogus p_memsz=" FMT_ELF_XWORD " or p_filesz=" FMT_ELF_XWORD,
+                                               pszLogName, i, iLoad, pPhdr->p_memsz, pPhdr->p_filesz);
+                cbImage = pPhdr->p_vaddr + pPhdr->p_memsz;
+                if (iLoad == 0)
+                    uLinkAddress = pPhdr->p_vaddr;
+
+                /* Find the corresponding sections, checking their addresses and
+                   file offsets since the rest of the code is still section based
+                   rather than using program headers as it should... */
+                Elf_Off         off     = pPhdr->p_offset;
+                Elf_Addr        uAddr   = pPhdr->p_vaddr;
+                Elf_Xword       cbMem   = pPhdr->p_memsz;
+                Elf_Xword       cbFile  = pPhdr->p_filesz;
+                while (cbMem > 0)
+                {
+                    if (iLoadShdr < pModElf->Ehdr.e_shnum)
+                    { /* likely */ }
+                    else if (iLoadShdr == pModElf->Ehdr.e_shnum)
+                    {
+                        /** @todo anything else to check here? */
+                        iLoadShdr++;
+                        break;
+                    }
+                    else
+                        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                                   "%s: Prog Hdr #%u/LOAD#%u: Out of sections at " FMT_ELF_ADDR " LB " FMT_ELF_XWORD,
+                                                   pszLogName, i, iLoad, uAddr, cbMem);
+                    if (!(paShdrs[iLoadShdr].sh_flags & SHF_ALLOC))
+                    {
+                        if (   paShdrs[iLoadShdr].sh_type != SHT_NOBITS
+                            && paShdrs[iLoadShdr].sh_size > 0
+                            && off < paShdrs[iLoadShdr].sh_offset + paShdrs[iLoadShdr].sh_size
+                            && paShdrs[iLoadShdr].sh_offset < off + cbMem)
+                            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                                       "%s: Prog Hdr #%u/LOAD#%u: Overlaps with !SHF_ALLOC section at " FMT_ELF_OFF " LB " FMT_ELF_XWORD,
+                                                       pszLogName, i, iLoad, paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_size);
+                        pModElf->paShdrExtras[iLoadShdr].idxPhdr = UINT16_MAX;
+                        iLoadShdr++;
+                        continue;
+                    }
+
+                    if (uAddr != paShdrs[iLoadShdr].sh_addr)
+                    {
+                        /* Before the first section we expect headers to be loaded, so
+                           that the file is simply mapped from file offset zero. */
+                        if (   iLoadShdr == 1
+                            && iLoad     == 0
+                            && paShdrs[1].sh_addr == paShdrs[1].sh_offset
+                            && cbFile    >= paShdrs[1].sh_offset
+                            && cbMem     >= paShdrs[1].sh_offset)
+                        {
+                            /* Modify paShdrs[0] to describe the gap. ".elf.headers" */
+                            pModElf->iFirstSect              = 0;
+                            pModElf->paShdrs[0].sh_name      = 0;
+                            pModElf->paShdrs[0].sh_type      = SHT_PROGBITS;
+                            pModElf->paShdrs[0].sh_flags     = SHF_ALLOC
+                                                             | (pPhdr->p_flags & PF_W ? SHF_WRITE     : 0)
+                                                             | (pPhdr->p_flags & PF_X ? SHF_EXECINSTR : 0);
+                            pModElf->paShdrs[0].sh_addr      = uAddr;
+                            pModElf->paShdrs[0].sh_offset    = off;
+                            pModElf->paShdrs[0].sh_size      = paShdrs[1].sh_offset;
+                            pModElf->paShdrs[0].sh_link      = 0;
+                            pModElf->paShdrs[0].sh_info      = 0;
+                            pModElf->paShdrs[0].sh_addralign = pPhdr->p_align;
+                            pModElf->paShdrs[0].sh_entsize   = 0;
+                            *(Elf_Shdr *)pModElf->paOrgShdrs = pModElf->paShdrs[0]; /* (necessary for segment enumeration) */
+
+                            uAddr  += paShdrs[1].sh_offset;
+                            cbMem  -= paShdrs[1].sh_offset;
+                            cbFile -= paShdrs[1].sh_offset;
+                            off     = paShdrs[1].sh_offset;
+                        }
+                        /* Alignment padding?  Allow up to a page size. */
+                        else if (   paShdrs[iLoadShdr].sh_addr > uAddr
+                                 &&   paShdrs[iLoadShdr].sh_addr - uAddr
+                                    < RT_MAX(paShdrs[iLoadShdr].sh_addralign, cbPage /*got.plt hack*/))
+                        {
+                            Elf_Xword cbAlignPadding = paShdrs[iLoadShdr].sh_addr - uAddr;
+                            if (cbAlignPadding >= cbMem)
+                                break;
+                            cbMem -= cbAlignPadding;
+                            uAddr += cbAlignPadding;
+                            if (cbFile > cbAlignPadding)
+                            {
+                                off    += cbAlignPadding;
+                                cbFile -= cbAlignPadding;
+                            }
+                            else
+                            {
+                                off   += cbFile;
+                                cbFile = 0;
+                            }
+                        }
+                    }
+
+                    if (   uAddr == paShdrs[iLoadShdr].sh_addr
+                        && cbMem >= paShdrs[iLoadShdr].sh_size
+                        && (  paShdrs[iLoadShdr].sh_type != SHT_NOBITS
+                            ?    off    == paShdrs[iLoadShdr].sh_offset
+                              && cbFile >= paShdrs[iLoadShdr].sh_size /* this might be too strict... */
+                            : cbFile == 0) )
+                    {
+                        if (paShdrs[iLoadShdr].sh_type != SHT_NOBITS)
+                        {
+                            off    += paShdrs[iLoadShdr].sh_size;
+                            cbFile -= paShdrs[iLoadShdr].sh_size;
+                        }
+                        uAddr += paShdrs[iLoadShdr].sh_size;
+                        cbMem -= paShdrs[iLoadShdr].sh_size;
+                    }
+                    else
+                        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                                   "%s: Prog Hdr #%u/LOAD#%u: Mismatch at " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " LB " FMT_ELF_XWORD ") with section #%u " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " sh_type=" FMT_ELF_WORD ")",
+                                                   pszLogName, i, iLoad, uAddr, cbMem, off, cbFile,
+                                                   iLoadShdr, paShdrs[iLoadShdr].sh_addr, paShdrs[iLoadShdr].sh_size,
+                                                   paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_type);
+
+                    pModElf->paShdrExtras[iLoadShdr].idxPhdr = iLoad;
+                    iLoadShdr++;
+                } /* section loop */
+
+                iLoad++;
+                break;
+            }
+
+            case PT_DYNAMIC:
+            {
+                const Elf_Shdr *pShdr = &pModElf->paShdrs[pModElf->iShDynamic];
+                if (pPhdr->p_offset != pShdr->sh_offset)
+                    return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                               "%s: Prog Hdr #%u/DYNAMIC: p_offset=" FMT_ELF_OFF " expected " FMT_ELF_OFF,
+                                               pszLogName, i, pPhdr->p_offset, pShdr->sh_offset);
+                if (RT_MAX(pPhdr->p_memsz, pPhdr->p_filesz) != pShdr->sh_size)
+                    return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                               "%s: Prog Hdr #%u/DYNAMIC: expected " FMT_ELF_XWORD " for RT_MAX(p_memsz=" FMT_ELF_XWORD ", p_filesz=" FMT_ELF_XWORD ")",
+                                               pszLogName, i, pShdr->sh_size, pPhdr->p_memsz, pPhdr->p_filesz);
+                cDynamic++;
+                break;
+            }
+        }
+    }
+
+    if (iLoad == 0)
+        return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: No PT_LOAD program headers", pszLogName);
+    if (cDynamic != 1)
+        return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: No program header for the DYNAMIC section", pszLogName);
+
+    cbImage -= uLinkAddress;
+    pModElf->cbImage     = (uint64_t)cbImage;
+    pModElf->LinkAddress = uLinkAddress;
+    AssertReturn(pModElf->cbImage == cbImage, VERR_INTERNAL_ERROR_5);
+    Log3(("RTLdrELF: LinkAddress=" FMT_ELF_ADDR " cbImage=" FMT_ELF_ADDR " (from PT_LOAD)\n", uLinkAddress, cbImage));
+
+    for (; iLoadShdr < pModElf->Ehdr.e_shnum; iLoadShdr++)
+        if (   !(paShdrs[iLoadShdr].sh_flags & SHF_ALLOC)
+            || paShdrs[iLoadShdr].sh_size == 0)
+            pModElf->paShdrExtras[iLoadShdr].idxPhdr = UINT16_MAX;
+        else
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: No PT_LOAD for section #%u " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " sh_type=" FMT_ELF_WORD ")",
+                                       pszLogName, iLoadShdr, paShdrs[iLoadShdr].sh_addr, paShdrs[iLoadShdr].sh_size,
+                                       paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_type);
+
+    /*
+     * Load and validate the dynamic table.  We have got / will get most of the
+     * info we need from the section table, so we must make sure this matches up.
+     */
+    Log3(("RTLdrELF: Dynamic section - %u entries\n", pModElf->cDynamic));
+    size_t const    cbDynamic = pModElf->cDynamic * sizeof(pModElf->paDynamic[0]);
+    Elf_Dyn * const paDynamic = (Elf_Dyn *)RTMemAlloc(cbDynamic);
+    AssertReturn(paDynamic, VERR_NO_MEMORY);
+    pModElf->paDynamic = paDynamic;
+
+    rc = pModElf->Core.pReader->pfnRead(pModElf->Core.pReader, paDynamic, cbDynamic, paShdrs[pModElf->iShDynamic].sh_offset);
+    if (RT_FAILURE(rc))
+        return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: pfnRead(,,%#zx, " FMT_ELF_OFF ") -> %Rrc",
+                                   pszLogName, cbDynamic, paShdrs[pModElf->iShDynamic].sh_offset, rc);
+
+    for (uint32_t i = 0; i < pModElf->cDynamic; i++)
+    {
+#define LOG_VALIDATE_PTR_RET(szName) do { \
+            Log3(("RTLdrELF: DT[%u]: %16s " FMT_ELF_ADDR "\n", i, szName, paDynamic[i].d_un.d_ptr)); \
+            if ((uint64_t)paDynamic[i].d_un.d_ptr - uLinkAddress < cbImage) { /* likely */ } \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": Invalid address " FMT_ELF_ADDR " (valid range: " FMT_ELF_ADDR " LB " FMT_ELF_ADDR ")", \
+                                            pszLogName, i, paDynamic[i].d_un.d_ptr, uLinkAddress, cbImage); \
+        } while (0)
+#define LOG_VALIDATE_PTR_VAL_RET(szName, uExpected) do { \
+            Log3(("RTLdrELF: DT[%u]: %16s " FMT_ELF_ADDR "\n", i, szName, (uint64_t)paDynamic[i].d_un.d_ptr)); \
+            if (paDynamic[i].d_un.d_ptr == (Elf_Addr)(uExpected)) { /* likely */ } \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": " FMT_ELF_ADDR ", expected " FMT_ELF_ADDR, \
+                                            pszLogName, i, paDynamic[i].d_un.d_ptr, (Elf_Addr)(uExpected)); \
+        } while (0)
+#define LOG_VALIDATE_STR_RET(szName) do { \
+            Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, szName, (uint64_t)paDynamic[i].d_un.d_val)); \
+            if ((uint64_t)paDynamic[i].d_un.d_val < pModElf->Dyn.cbStr) { /* likely */ } \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": Invalid string table offset %#RX64 (max %#x)", \
+                                            pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val, pModElf->Dyn.cbStr); \
+        } while (0)
+#define LOG_VALIDATE_VAL_RET(szName, uExpected) do { \
+            Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, szName, (uint64_t)paDynamic[i].d_un.d_val)); \
+            if ((uint64_t)paDynamic[i].d_un.d_val == (uint64_t)(uExpected)) { /* likely */ } \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": %#RX64, expected %#RX64", \
+                                            pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val, (uint64_t)(uExpected)); \
+        } while (0)
+#define SET_RELOC_TYPE_RET(a_szName, a_uType) do { \
+            if (pModElf->DynInfo.uRelocType == 0 || pModElf->DynInfo.uRelocType == (a_uType)) \
+                pModElf->DynInfo.uRelocType = (a_uType); \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Mixing DT_RELA and DT_REL", pszLogName, i); \
+        } while (0)
+#define SET_INFO_FIELD_RET(a_szName, a_Field, a_Value, a_UnsetValue, a_szFmt) do { \
+            if ((a_Field) == (a_UnsetValue) && (a_Value) != (a_UnsetValue)) \
+                (a_Field) = (a_Value); /* likely */ \
+            else if ((a_Field) != (a_UnsetValue)) \
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Multiple entries (first value " a_szFmt ", second " a_szFmt ")", pszLogName, i, (a_Field), (a_Value)); \
+            else if ((a_Value) != (a_UnsetValue)) \
+                return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Unexpected value " a_szFmt, pszLogName, i, (a_Value)); \
+        } while (0)
+#define FIND_MATCHING_SECTION_RET(a_szName, a_ExtraMatchExpr, a_idxShFieldToSet) do { \
+            unsigned iSh; \
+            for (iSh = 1; iSh < pModElf->Ehdr.e_shnum; iSh++) \
+                if (   paShdrs[iSh].sh_addr == paDynamic[i].d_un.d_ptr \
+                    && (a_ExtraMatchExpr)) \
+                { \
+                    (a_idxShFieldToSet) = iSh; \
+                    if (pModElf->paShdrExtras[iSh].idxDt != UINT16_MAX) \
+                        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, \
+                                                   "%s: DT[%u]/" a_szName ": section #%u (" FMT_ELF_ADDR ") already referenced by DT[%u]", \
+                                                   pszLogName, i, iSh, paShdrs[iSh].sh_addr, pModElf->paShdrExtras[iSh].idxDt); \
+                    pModElf->paShdrExtras[iSh].idxDt  = i; \
+                    pModElf->paShdrExtras[iSh].uDtTag = (uint32_t)paDynamic[i].d_tag; \
+                    break; \
+                } \
+            if (iSh < pModElf->Ehdr.e_shnum) { /* likely */ } \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": No matching section for " FMT_ELF_ADDR, pszLogName, i, paDynamic[i].d_un.d_ptr); \
+        } while (0)
+#define ONLY_FOR_DEBUG_OR_VALIDATION_RET(a_szName) do { \
+            if (fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)) { /* likely */ } \
+            else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Not supported (" FMT_ELF_ADDR ")", pszLogName, i, paDynamic[i].d_un.d_ptr); \
+        } while (0)
+#define LOG_NON_VALUE_ENTRY(a_szName) Log3(("RTLdrELF: DT[%u]: %16s (%#RX64)\n", i, a_szName, (uint64_t)paDynamic[i].d_un.d_val))
+
+        switch (paDynamic[i].d_tag)
+        {
+            case DT_NULL:
+                LOG_NON_VALUE_ENTRY("DT_NULL");
+                for (unsigned iNull = i + 1; iNull < pModElf->cDynamic; iNull++)
+                    if (paDynamic[i].d_tag == DT_NULL) /* Not technically a bug, but let's try being extremely strict for now */
+                        LOG_NON_VALUE_ENTRY("DT_NULL");
+                    else if (!(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
+                        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                                   "%s: DT[%u]/DT_NULL: Dynamic section isn't zero padded (extra #%u of #%u)",
+                                                   pszLogName, i, iNull - i, pModElf->cDynamic - i);
+                i = pModElf->cDynamic;
+                break;
+            case DT_NEEDED:
+                LOG_VALIDATE_STR_RET("DT_NEEDED");
+                break;
+            case DT_PLTRELSZ:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_PLTRELSZ", (uint64_t)paDynamic[i].d_un.d_val));
+                SET_INFO_FIELD_RET("DT_PLTRELSZ", pModElf->DynInfo.cbJmpRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
+                break;
+            case DT_PLTGOT:
+                LOG_VALIDATE_PTR_RET("DT_PLTGOT");
+                break;
+            case DT_HASH:
+                LOG_VALIDATE_PTR_RET("DT_HASH");
+                break;
+            case DT_STRTAB:
+                LOG_VALIDATE_PTR_VAL_RET("DT_STRTAB", paShdrs[pModElf->Dyn.iStrSh].sh_addr);
+                pModElf->paShdrExtras[pModElf->Dyn.iStrSh].idxDt  = i;
+                pModElf->paShdrExtras[pModElf->Dyn.iSymSh].uDtTag = DT_STRTAB;
+                break;
+            case DT_SYMTAB:
+                LOG_VALIDATE_PTR_VAL_RET("DT_SYMTAB", paShdrs[pModElf->Dyn.iSymSh].sh_addr);
+                pModElf->paShdrExtras[pModElf->Dyn.iSymSh].idxDt  = i;
+                pModElf->paShdrExtras[pModElf->Dyn.iSymSh].uDtTag = DT_SYMTAB;
+                break;
+            case DT_RELA:
+                LOG_VALIDATE_PTR_RET("DT_RELA");
+                SET_RELOC_TYPE_RET("DT_RELA", DT_RELA);
+                SET_INFO_FIELD_RET("DT_RELA", pModElf->DynInfo.uPtrRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
+                FIND_MATCHING_SECTION_RET("DT_RELA", paShdrs[iSh].sh_type == SHT_RELA, pModElf->DynInfo.idxShRelocs);
+                break;
+            case DT_RELASZ:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_RELASZ", (uint64_t)paDynamic[i].d_un.d_val));
+                SET_RELOC_TYPE_RET("DT_RELASZ", DT_RELA);
+                SET_INFO_FIELD_RET("DT_RELASZ", pModElf->DynInfo.cbRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
+                break;
+            case DT_RELAENT:
+                LOG_VALIDATE_VAL_RET("DT_RELAENT", sizeof(Elf_Rela));
+                SET_RELOC_TYPE_RET("DT_RELAENT", DT_RELA);
+                SET_INFO_FIELD_RET("DT_RELAENT", pModElf->DynInfo.cbRelocEntry, (unsigned)sizeof(Elf_Rela), 0, "%u");
+                break;
+            case DT_STRSZ:
+                LOG_VALIDATE_VAL_RET("DT_STRSZ", pModElf->Dyn.cbStr);
+                break;
+            case DT_SYMENT:
+                LOG_VALIDATE_VAL_RET("DT_SYMENT", sizeof(Elf_Sym));
+                break;
+            case DT_INIT:
+                LOG_VALIDATE_PTR_RET("DT_INIT");
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT");
+                break;
+            case DT_FINI:
+                LOG_VALIDATE_PTR_RET("DT_FINI");
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI");
+                break;
+            case DT_SONAME:
+                LOG_VALIDATE_STR_RET("DT_SONAME");
+                break;
+            case DT_RPATH:
+                LOG_VALIDATE_STR_RET("DT_RPATH");
+                break;
+            case DT_SYMBOLIC:
+                LOG_NON_VALUE_ENTRY("DT_SYMBOLIC");
+                break;
+            case DT_REL:
+                LOG_VALIDATE_PTR_RET("DT_REL");
+                SET_RELOC_TYPE_RET("DT_REL", DT_REL);
+                SET_INFO_FIELD_RET("DT_REL", pModElf->DynInfo.uPtrRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
+                FIND_MATCHING_SECTION_RET("DT_REL", paShdrs[iSh].sh_type == SHT_REL, pModElf->DynInfo.idxShRelocs);
+                break;
+            case DT_RELSZ:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_RELSZ", (uint64_t)paDynamic[i].d_un.d_val));
+                SET_RELOC_TYPE_RET("DT_RELSZ", DT_REL);
+                SET_INFO_FIELD_RET("DT_RELSZ", pModElf->DynInfo.cbRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
+                break;
+            case DT_RELENT:
+                LOG_VALIDATE_VAL_RET("DT_RELENT", sizeof(Elf_Rel));
+                SET_RELOC_TYPE_RET("DT_RELENT", DT_REL);
+                SET_INFO_FIELD_RET("DT_RELENT", pModElf->DynInfo.cbRelocEntry, (unsigned)sizeof(Elf_Rel), 0, "%u");
+                break;
+            case DT_PLTREL:
+                if (paDynamic[i].d_un.d_val != DT_RELA && paDynamic[i].d_un.d_val != DT_REL)
+                    return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/DT_PLTREL: Invalid value %#RX64",
+                                               pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val);
+                Log3(("RTLdrELF: DT[%u]: %16s DT_REL%s\n", i, "DT_PLTREL", paDynamic[i].d_un.d_val == DT_RELA ? "A" : ""));
+                SET_INFO_FIELD_RET("DT_PLTREL", pModElf->DynInfo.uJmpRelocType, (unsigned)paDynamic[i].d_un.d_val, 0, "%u");
+                break;
+            case DT_DEBUG:
+                LOG_VALIDATE_PTR_RET("DT_DEBUG");
+                break;
+            case DT_TEXTREL:
+                LOG_NON_VALUE_ENTRY("DT_TEXTREL");
+                break;
+            case DT_JMPREL:
+                LOG_VALIDATE_PTR_RET("DT_JMPREL");
+                SET_INFO_FIELD_RET("DT_JMPREL", pModElf->DynInfo.uPtrJmpRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
+                FIND_MATCHING_SECTION_RET("DT_JMPREL", 1, pModElf->DynInfo.idxShJmpRelocs);
+                break;
+            case DT_BIND_NOW:
+                LOG_NON_VALUE_ENTRY("DT_BIND_NOW");
+                break;
+            case DT_INIT_ARRAY:
+                LOG_VALIDATE_PTR_RET("DT_INIT_ARRAY");
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT_ARRAY");
+                break;
+            case DT_FINI_ARRAY:
+                LOG_VALIDATE_PTR_RET("DT_FINI_ARRAY");
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI_ARRAY");
+                break;
+            case DT_INIT_ARRAYSZ:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_INIT_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT_ARRAYSZ");
+                break;
+            case DT_FINI_ARRAYSZ:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_FINI_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI_ARRAYSZ");
+                break;
+            case DT_RUNPATH:
+                LOG_VALIDATE_STR_RET("DT_RUNPATH");
+                break;
+            case DT_FLAGS:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, "DT_FLAGS", (uint64_t)paDynamic[i].d_un.d_val));
+                break;
+            case DT_PREINIT_ARRAY:
+                LOG_VALIDATE_PTR_RET("DT_PREINIT_ARRAY");
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_PREINIT_ARRAY");
+                break;
+            case DT_PREINIT_ARRAYSZ:
+                Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_PREINIT_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
+                ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_PREINIT_ARRAYSZ");
+                break;
+            default:
+                if (   paDynamic[i].d_un.d_val < DT_ENCODING
+                    || (paDynamic[i].d_un.d_val & 1))
+                    Log3(("RTLdrELF: DT[%u]: %#010RX64       %#RX64%s\n", i, (uint64_t)paDynamic[i].d_tag,
+                          (uint64_t)paDynamic[i].d_un.d_val, paDynamic[i].d_un.d_val >= DT_ENCODING ? " (val)" : ""));
+                else
+                {
+                    Log3(("RTLdrELF: DT[%u]: %#010RX64       " FMT_ELF_ADDR " (addr)\n",
+                          i, (uint64_t)paDynamic[i].d_tag, paDynamic[i].d_un.d_ptr));
+                    if ((uint64_t)paDynamic[i].d_un.d_ptr - uLinkAddress >= cbImage)
+                        return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                                   "%s: DT[%u]/%#RX64: Invalid address " FMT_ELF_ADDR " (valid range: " FMT_ELF_ADDR " LB " FMT_ELF_ADDR ")",
+                                                   pszLogName, i, (uint64_t)paDynamic[i].d_tag,
+                                                   paDynamic[i].d_un.d_ptr, uLinkAddress, cbImage);
+                }
+                break;
+        }
+#undef LOG_VALIDATE_VAL_RET
+#undef LOG_VALIDATE_STR_RET
+#undef LOG_VALIDATE_PTR_VAL_RET
+#undef LOG_VALIDATE_PTR_RET
+#undef SET_RELOC_TYPE_RET
+#undef SET_INFO_FIELD_RET
+#undef FIND_MATCHING_SECTION_RET
+#undef ONLY_FOR_DEBUG_OR_VALIDATION_RET
+    }
+
+    /*
+     * Validate the relocation information we've gathered.
+     */
+    Elf_Word uShTypeArch = SHT_RELA; /** @todo generalize architecture specific stuff using its own code template header.  */
+    switch (pModElf->Core.enmArch)
+    {
+        case RTLDRARCH_AMD64:
+            break;
+        case RTLDRARCH_X86_32:
+            uShTypeArch = SHT_REL;
+            break;
+        default:
+            AssertFailedBreak(/** @todo page size for got.plt hacks */);
+
+    }
+
+    if (pModElf->DynInfo.uRelocType != 0)
+    {
+        const char * const pszModifier = pModElf->DynInfo.uRelocType == DT_RELA ? "A" : "";
+        if (pModElf->DynInfo.uPtrRelocs == ~(Elf_Addr)0)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%s", pszLogName, pszModifier);
+        if (pModElf->DynInfo.cbRelocs == 0)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%sSZ", pszLogName, pszModifier);
+        if (pModElf->DynInfo.cbRelocEntry == 0)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%sENT", pszLogName, pszModifier);
+        Elf_Shdr const *pShdrRelocs = &paShdrs[pModElf->DynInfo.idxShRelocs];
+        Elf_Word const  uShType     = pModElf->DynInfo.uJmpRelocType == DT_RELA ? SHT_RELA : SHT_REL;
+        if (pShdrRelocs->sh_type != uShType)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%s* does not match section type: %u vs %u",
+                                       pszLogName, pszModifier, pShdrRelocs->sh_type, uShType);
+        if (pShdrRelocs->sh_size != pModElf->DynInfo.cbRelocs)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%sSZ does not match section size: %u vs %u",
+                                       pszLogName, pszModifier, pShdrRelocs->sh_size, pModElf->DynInfo.cbRelocs);
+        if (uShType != uShTypeArch)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%s* does not match architecture: %u, arch wants %u",
+                                       pszLogName, pszModifier, uShType, uShTypeArch);
+    }
+
+    if (   pModElf->DynInfo.uPtrJmpRelocs != ~(Elf_Addr)0
+        || pModElf->DynInfo.cbJmpRelocs   != 0
+        || pModElf->DynInfo.uJmpRelocType != 0)
+    {
+        if (pModElf->DynInfo.uPtrJmpRelocs == ~(Elf_Addr)0)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_JMPREL", pszLogName);
+        if (pModElf->DynInfo.cbJmpRelocs == 0)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_PLTRELSZ", pszLogName);
+        if (pModElf->DynInfo.uJmpRelocType == 0)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_PLTREL", pszLogName);
+        Elf_Shdr const *pShdrRelocs = &paShdrs[pModElf->DynInfo.idxShJmpRelocs];
+        Elf_Word const  uShType     = pModElf->DynInfo.uJmpRelocType == DT_RELA ? SHT_RELA : SHT_REL;
+        if (pShdrRelocs->sh_type != uShType)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTREL does not match section type: %u vs %u",
+                                       pszLogName, pShdrRelocs->sh_type, uShType);
+        if (pShdrRelocs->sh_size != pModElf->DynInfo.cbJmpRelocs)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTRELSZ does not match section size: %u vs %u",
+                                       pszLogName, pShdrRelocs->sh_size, pModElf->DynInfo.cbJmpRelocs);
+        if (uShType != uShTypeArch)
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTREL does not match architecture: %u, arch wants %u",
+                                       pszLogName, uShType, uShTypeArch);
+    }
+
+    /*
+     * Check that there aren't any other relocations hiding in the section table.
+     */
+    for (uint32_t i = 1; i < pModElf->Ehdr.e_shnum; i++)
+        if (   (paShdrs[i].sh_type == SHT_REL || paShdrs[i].sh_type == SHT_RELA)
+            && pModElf->paShdrExtras[i].uDtTag != DT_REL
+            && pModElf->paShdrExtras[i].uDtTag != DT_RELA
+            && pModElf->paShdrExtras[i].uDtTag != DT_JMPREL)
+        {
+            char szSecHdrNm[80];
+            return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
+                                       "%s: section header #%u (%s type=" FMT_ELF_WORD " size=" FMT_ELF_XWORD ") contains relocations not referenced by the dynamic section",
+                                       pszLogName,
+                                       RTLDRELF_NAME(GetSHdrName)(pModElf, paShdrs[i].sh_name, szSecHdrNm, sizeof(szSecHdrNm)),
+                                       paShdrs[i].sh_type, paShdrs[i].sh_size);
+        }
+
     return VINF_SUCCESS;
 }
 
@@ -1864,8 +2795,9 @@
  * @param   fFlags      Reserved, MBZ.
  * @param   enmArch     Architecture specifier.
  * @param   phLdrMod    Where to store the handle.
+ * @param   pErrInfo    Where to return extended error info. Optional.
  */
-static int RTLDRELF_NAME(Open)(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod)
+static int RTLDRELF_NAME(Open)(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
 {
     const char *pszLogName = pReader->pfnLogName(pReader);
     uint64_t    cbRawImage = pReader->pfnSize(pReader);
@@ -1889,21 +2821,41 @@
 #else
     pModElf->Core.enmArch   = RTLDRARCH_AMD64;
 #endif
-    //pModElf->pvBits         = NULL;
-    //pModElf->Ehdr           = {0};
-    //pModElf->paShdrs        = NULL;
-    //pModElf->paSyms         = NULL;
-    pModElf->iSymSh         = ~0U;
-    //pModElf->cSyms          = 0;
-    pModElf->iStrSh         = ~0U;
-    //pModElf->cbStr          = 0;
-    //pModElf->cbImage        = 0;
-    //pModElf->LinkAddress    = 0;
-    //pModElf->pStr           = NULL;
-    //pModElf->cbShStr        = 0;
-    //pModElf->pShStr         = NULL;
-    //pModElf->iShEhFrame      = 0;
-    //pModElf->iShEhFrameHdr   = 0;
+    //pModElf->pvBits       = NULL;
+    //pModElf->Ehdr         = {0};
+    //pModElf->paShdrs      = NULL;
+    //pModElf->Rel.paSyms   = NULL;
+    pModElf->Rel.iSymSh     = ~0U;
+    //pModElf->Rel.cSyms    = 0;
+    pModElf->Rel.iStrSh     = ~0U;
+    //pModElf->Rel.cbStr    = 0;
+    //pModElf->Rel.pStr     = NULL;
+    //pModElf->Dyn.paSyms   = NULL;
+    pModElf->Dyn.iSymSh     = ~0U;
+    //pModElf->Dyn.cSyms    = 0;
+    pModElf->Dyn.iStrSh     = ~0U;
+    //pModElf->Dyn.cbStr    = 0;
+    //pModElf->Dyn.pStr     = NULL;
+    //pModElf->iFirstSect   = 0;
+    //pModElf->cbImage      = 0;
+    pModElf->LinkAddress    = ~(Elf_Addr)0;
+    //pModElf->cbShStr      = 0;
+    //pModElf->pShStr       = NULL;
+    //pModElf->iShEhFrame   = 0;
+    //pModElf->iShEhFrameHdr= 0;
+    pModElf->iShDynamic     = ~0U;
+    //pModElf->cDynamic     = 0;
+    //pModElf->paDynamic    = NULL;
+    //pModElf->paPhdrs      = NULL;
+    pModElf->DynInfo.uPtrRelocs         = ~(Elf_Addr)0;
+    //pModElf->DynInfo.cbRelocs         = 0;
+    //pModElf->DynInfo.cbRelocEntry     = 0;
+    //pModElf->DynInfo.uRelocType       = 0;
+    //pModElf->DynInfo.idxShRelocs      = 0;
+    pModElf->DynInfo.uPtrJmpRelocs      = ~(Elf_Addr)0;
+    //pModElf->DynInfo.cbJmpRelocs      = 0;
+    //pModElf->DynInfo.uJmpRelocType    = 0;
+    //pModElf->DynInfo.idxShJmpRelocs   = 0;
 
     /*
      * Read and validate the ELF header and match up the CPU architecture.
@@ -1912,7 +2864,7 @@
     if (RT_SUCCESS(rc))
     {
         RTLDRARCH enmArchImage = RTLDRARCH_INVALID; /* shut up gcc */
-        rc = RTLDRELF_NAME(ValidateElfHeader)(&pModElf->Ehdr, pszLogName, cbRawImage, &enmArchImage);
+        rc = RTLDRELF_NAME(ValidateElfHeader)(&pModElf->Ehdr, cbRawImage, pszLogName, &enmArchImage, pErrInfo);
         if (RT_SUCCESS(rc))
         {
             if (    enmArch != RTLDRARCH_WHATEVER
@@ -1927,7 +2879,7 @@
          * introspection methods.
          */
         size_t const cbShdrs = pModElf->Ehdr.e_shnum * sizeof(Elf_Shdr);
-        Elf_Shdr *paShdrs = (Elf_Shdr *)RTMemAlloc(cbShdrs * 2);
+        Elf_Shdr *paShdrs = (Elf_Shdr *)RTMemAlloc(cbShdrs * 2 + sizeof(RTLDRMODELFSHX) * pModElf->Ehdr.e_shnum);
         if (paShdrs)
         {
             pModElf->paShdrs = paShdrs;
@@ -1937,110 +2889,58 @@
                 memcpy(&paShdrs[pModElf->Ehdr.e_shnum], paShdrs, cbShdrs);
                 pModElf->paOrgShdrs = &paShdrs[pModElf->Ehdr.e_shnum];
 
+                pModElf->paShdrExtras = (PRTLDRMODELFSHX)&pModElf->paOrgShdrs[pModElf->Ehdr.e_shnum];
+                memset(pModElf->paShdrExtras, 0xff, sizeof(RTLDRMODELFSHX) * pModElf->Ehdr.e_shnum);
+
                 pModElf->cbShStr = paShdrs[pModElf->Ehdr.e_shstrndx].sh_size;
 
                 /*
                  * Validate the section headers and find relevant sections.
                  */
-                Elf_Addr uNextAddr = 0;
-                for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-                {
-                    rc = RTLDRELF_NAME(ValidateSectionHeader)(pModElf, i, pszLogName, cbRawImage);
-                    if (RT_FAILURE(rc))
-                        break;
+                rc = RTLDRELF_NAME(ValidateAndProcessSectionHeaders)(pModElf, paShdrs, cbRawImage, pszLogName, pErrInfo);
 
-                    /* We're looking for symbol tables. */
-                    if (paShdrs[i].sh_type == SHT_SYMTAB)
-                    {
-                        if (pModElf->iSymSh != ~0U)
-                        {
-                            Log(("RTLdrElf: %s: Multiple symbol tabs! iSymSh=%d i=%d\n", pszLogName, pModElf->iSymSh, i));
-                            rc = VERR_LDRELF_MULTIPLE_SYMTABS;
-                            break;
-                        }
-                        pModElf->iSymSh = i;
-                        pModElf->cSyms  = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
-                        AssertBreakStmt(pModElf->cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
-                        pModElf->iStrSh = paShdrs[i].sh_link;
-                        pModElf->cbStr  = (unsigned)paShdrs[pModElf->iStrSh].sh_size;
-                        AssertBreakStmt(pModElf->cbStr == paShdrs[pModElf->iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
-                    }
+                /*
+                 * Read validate and process program headers if ET_DYN or ET_EXEC.
+                 */
+                if (RT_SUCCESS(rc) && (pModElf->Ehdr.e_type == ET_DYN || pModElf->Ehdr.e_type == ET_EXEC))
+                    rc = RTLDRELF_NAME(ValidateAndProcessDynamicInfo)(pModElf, cbRawImage, fFlags, pszLogName, pErrInfo);
 
-                    /* Special checks for the section string table. */
-                    if (i == pModElf->Ehdr.e_shstrndx)
-                    {
-                        if (paShdrs[i].sh_type != SHT_STRTAB)
-                        {
-                            Log(("RTLdrElf: Section header string table is not a SHT_STRTAB: %#x\n", paShdrs[i].sh_type));
-                            rc = VERR_BAD_EXE_FORMAT;
-                            break;
-                        }
-                        if (paShdrs[i].sh_size == 0)
-                        {
-                            Log(("RTLdrElf: Section header string table is empty\n"));
-                            rc = VERR_BAD_EXE_FORMAT;
-                            break;
-                        }
-                    }
-
-                    /* Kluge for the .data..percpu segment in 64-bit linux kernels. */
-                    if (paShdrs[i].sh_flags & SHF_ALLOC)
-                    {
-                        if (   paShdrs[i].sh_addr == 0
-                            && paShdrs[i].sh_addr < uNextAddr)
-                        {
-                            Elf_Addr uAddr = RT_ALIGN_T(uNextAddr, paShdrs[i].sh_addralign, Elf_Addr);
-                            Log(("RTLdrElf: Out of order section #%d; adjusting sh_addr from " FMT_ELF_ADDR " to " FMT_ELF_ADDR "\n",
-                                 i, paShdrs[i].sh_addr, uAddr));
-                            paShdrs[i].sh_addr = uAddr;
-                        }
-                        uNextAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-                    }
-                } /* for each section header */
-
                 /*
-                 * Calculate the image base address if the image isn't relocatable.
+                 * Massage the section headers.
                  */
-                if (RT_SUCCESS(rc) && pModElf->Ehdr.e_type != ET_REL)
+                if (RT_SUCCESS(rc))
                 {
-                    pModElf->LinkAddress = ~(Elf_Addr)0;
-                    for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-                        if (   (paShdrs[i].sh_flags & SHF_ALLOC)
-                            && paShdrs[i].sh_addr < pModElf->LinkAddress)
-                            pModElf->LinkAddress = paShdrs[i].sh_addr;
-                    if (pModElf->LinkAddress == ~(Elf_Addr)0)
+                    if (pModElf->Ehdr.e_type == ET_REL)
                     {
-                        AssertFailed();
-                        rc = VERR_LDR_GENERAL_FAILURE;
-                    }
-                    if (pModElf->Ehdr.e_type == ET_DYN && pModElf->LinkAddress < 0x1000)
+                        /* Do allocations and figure the image size: */
                         pModElf->LinkAddress = 0;
-                }
-
-                /*
-                 * Perform allocations / RVA calculations, determine the image size.
-                 */
-                if (RT_SUCCESS(rc))
-                    for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-                        if (paShdrs[i].sh_flags & SHF_ALLOC)
-                        {
-                            if (pModElf->Ehdr.e_type == ET_REL)
+                        for (unsigned i = 1; i < pModElf->Ehdr.e_shnum; i++)
+                            if (paShdrs[i].sh_flags & SHF_ALLOC)
+                            {
                                 paShdrs[i].sh_addr = paShdrs[i].sh_addralign
                                                    ? RT_ALIGN_T(pModElf->cbImage, paShdrs[i].sh_addralign, Elf_Addr)
                                                    : (Elf_Addr)pModElf->cbImage;
-                            else
-                                paShdrs[i].sh_addr -= pModElf->LinkAddress;
-                            Elf_Addr EndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-                            if (pModElf->cbImage < EndAddr)
-                            {
-                                pModElf->cbImage = (size_t)EndAddr;
-                                AssertMsgBreakStmt(pModElf->cbImage == EndAddr, (FMT_ELF_ADDR "\n", EndAddr), rc = VERR_IMAGE_TOO_BIG);
+                                Elf_Addr EndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
+                                if (pModElf->cbImage < EndAddr)
+                                {
+                                    pModElf->cbImage = (size_t)EndAddr;
+                                    AssertMsgBreakStmt(pModElf->cbImage == EndAddr, (FMT_ELF_ADDR "\n", EndAddr), rc = VERR_IMAGE_TOO_BIG);
+                                }
+                                Log2(("RTLdrElf: %s: Assigned " FMT_ELF_ADDR " to section #%d\n", pszLogName, paShdrs[i].sh_addr, i));
                             }
-                            Log2(("RTLdrElf: %s: Assigned " FMT_ELF_ADDR " to section #%d\n", pszLogName, paShdrs[i].sh_addr, i));
-                        }
+                    }
+                    else
+                    {
+                        /* Convert sh_addr to RVA: */
+                        Assert(pModElf->LinkAddress != ~(Elf_Addr)0);
+                        for (unsigned i = 0 /*!*/; i < pModElf->Ehdr.e_shnum; i++)
+                            if (paShdrs[i].sh_flags & SHF_ALLOC)
+                                    paShdrs[i].sh_addr -= pModElf->LinkAddress;
+                    }
+                }
 
                 Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR "\n",
-                      pModElf->iSymSh, pModElf->cSyms, pModElf->iStrSh, pModElf->cbStr, rc,
+                      pModElf->Rel.iSymSh, pModElf->Rel.cSyms, pModElf->Rel.iStrSh, pModElf->Rel.cbStr, rc,
                       pModElf->cbImage, pModElf->LinkAddress));
                 if (RT_SUCCESS(rc))
                 {
@@ -2075,6 +2975,7 @@
 #undef RTLDRELF_MID
 
 #undef FMT_ELF_ADDR
+#undef FMT_ELF_ADDR7
 #undef FMT_ELF_HALF
 #undef FMT_ELF_SHALF
 #undef FMT_ELF_OFF
@@ -2100,6 +3001,8 @@
 #undef Elf_Size
 #undef Elf_Sword
 #undef Elf_Word
+#undef Elf_Xword
+#undef Elf_Sxword
 
 #undef RTLDRMODELF
 #undef PRTLDRMODELF
Index: src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
===================================================================
diff --git a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
--- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85502)
+++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85503)
@@ -1180,7 +1180,7 @@
         }
         else
             rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser,
-                                                       0, pModElf->cbImage,
+                                                       0, (Elf_Size)pModElf->cbImage,
                                                        (const uint8_t *)pModElf->pvBits /** @todo file offset ?? */,
                                                        (uint8_t *)pvBits,
                                                        (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
@@ -2121,7 +2121,7 @@
                                            pszLogName, pModElf->iShDynamic, i);
             if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
                 return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-                                           "Unexpected SHT_DYNAMIC (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
+                                           "%s: Unexpected SHT_DYNAMIC (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
             if (paShdrs[i].sh_entsize != sizeof(Elf_Dyn))
                 return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
                                            "%s: SHT_DYNAMIC (i=%d) sh_entsize=" FMT_ELF_XWORD ",  expected %#zx",
@@ -2130,7 +2130,7 @@
             Elf_Xword const cDynamic = paShdrs[i].sh_size / sizeof(Elf_Dyn);
             if (cDynamic > _64K || cDynamic < 2)
                 return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-                                           "%s: SHT_DYNAMIC (i=%d) sh_size=" FMT_ELF_XWORD " is out of range, expected %u",
+                                           "%s: SHT_DYNAMIC (i=%d) sh_size=" FMT_ELF_XWORD " is out of range (2..64K)",
                                            pszLogName, i, paShdrs[i].sh_size);
             pModElf->cDynamic = (unsigned)cDynamic;
         }
@@ -2777,7 +2777,7 @@
             char szSecHdrNm[80];
             return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
                                        "%s: section header #%u (%s type=" FMT_ELF_WORD " size=" FMT_ELF_XWORD ") contains relocations not referenced by the dynamic section",
-                                       pszLogName,
+                                       pszLogName, i,
                                        RTLDRELF_NAME(GetSHdrName)(pModElf, paShdrs[i].sh_name, szSecHdrNm, sizeof(szSecHdrNm)),
                                        paShdrs[i].sh_type, paShdrs[i].sh_size);
         }
Index: include/iprt/memobj.h
===================================================================
diff --git a/include/iprt/memobj.h b/include/iprt/memobj.h
--- a/include/iprt/memobj.h	(revision 85503)
+++ b/include/iprt/memobj.h	(revision 85504)
@@ -127,7 +127,10 @@
  * @returns IPRT status code.
  * @param   pMemObj         Where to store the ring-0 memory object handle.
  * @param   cb              Number of bytes to allocate. This is rounded up to nearest page.
- * @param   fExecutable     Flag indicating whether it should be permitted to executed code in the memory object.
+ * @param   fExecutable     Flag indicating whether it should be permitted to
+ *                          executed code in the memory object.  The user must
+ *                          use RTR0MemObjProtect after initialization the
+ *                          allocation to actually make it executable.
  */
 #define RTR0MemObjAllocPage(pMemObj, cb, fExecutable) \
     RTR0MemObjAllocPageTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
@@ -140,7 +143,10 @@
  * @returns IPRT status code.
  * @param   pMemObj         Where to store the ring-0 memory object handle.
  * @param   cb              Number of bytes to allocate. This is rounded up to nearest page.
- * @param   fExecutable     Flag indicating whether it should be permitted to executed code in the memory object.
+ * @param   fExecutable     Flag indicating whether it should be permitted to
+ *                          executed code in the memory object.  The user must
+ *                          use RTR0MemObjProtect after initialization the
+ *                          allocation to actually make it executable.
  * @param   pszTag          Allocation tag used for statistics and such.
  */
 RTR0DECL(int) RTR0MemObjAllocPageTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
@@ -154,7 +160,10 @@
  * @returns IPRT status code.
  * @param   pMemObj         Where to store the ring-0 memory object handle.
  * @param   cb              Number of bytes to allocate. This is rounded up to nearest page.
- * @param   fExecutable     Flag indicating whether it should be permitted to executed code in the memory object.
+ * @param   fExecutable     Flag indicating whether it should be permitted to
+ *                          executed code in the memory object.  The user must
+ *                          use RTR0MemObjProtect after initialization the
+ *                          allocation to actually make it executable.
  */
 #define RTR0MemObjAllocLow(pMemObj, cb, fExecutable) \
     RTR0MemObjAllocLowTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
@@ -168,7 +177,10 @@
  * @returns IPRT status code.
  * @param   pMemObj         Where to store the ring-0 memory object handle.
  * @param   cb              Number of bytes to allocate. This is rounded up to nearest page.
- * @param   fExecutable     Flag indicating whether it should be permitted to executed code in the memory object.
+ * @param   fExecutable     Flag indicating whether it should be permitted to
+ *                          executed code in the memory object.  The user must
+ *                          use RTR0MemObjProtect after initialization the
+ *                          allocation to actually make it executable.
  * @param   pszTag          Allocation tag used for statistics and such.
  */
 RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
@@ -182,7 +194,10 @@
  * @returns IPRT status code.
  * @param   pMemObj         Where to store the ring-0 memory object handle.
  * @param   cb              Number of bytes to allocate. This is rounded up to nearest page.
- * @param   fExecutable     Flag indicating whether it should be permitted to executed code in the memory object.
+ * @param   fExecutable     Flag indicating whether it should be permitted to
+ *                          executed code in the memory object.  The user must
+ *                          use RTR0MemObjProtect after initialization the
+ *                          allocation to actually make it executable.
  */
 #define RTR0MemObjAllocCont(pMemObj, cb, fExecutable) \
     RTR0MemObjAllocContTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
@@ -196,7 +211,10 @@
  * @returns IPRT status code.
  * @param   pMemObj         Where to store the ring-0 memory object handle.
  * @param   cb              Number of bytes to allocate. This is rounded up to nearest page.
- * @param   fExecutable     Flag indicating whether it should be permitted to executed code in the memory object.
+ * @param   fExecutable     Flag indicating whether it should be permitted to
+ *                          executed code in the memory object.  The user must
+ *                          use RTR0MemObjProtect after initialization the
+ *                          allocation to actually make it executable.
  * @param   pszTag          Allocation tag used for statistics and such.
  */
 RTR0DECL(int) RTR0MemObjAllocContTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
Index: src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85503)
+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85504)
@@ -92,7 +92,7 @@
 *   Structures and Typedefs                                                                                                      *
 *********************************************************************************************************************************/
 /**
- * The Darwin version of the memory object structure.
+ * The Linux version of the memory object structure.
  */
 typedef struct RTR0MEMOBJLNX
 {
@@ -105,11 +105,20 @@
     bool                fExecutable;
     /** Set if we've vmap'ed the memory into ring-0. */
     bool                fMappedToRing0;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+    /** Return from alloc_vm_area() that we now need to use for executable
+     *  memory. */
+    struct vm_struct   *pArea;
+    /** PTE array that goes along with pArea (must be freed). */
+    pte_t             **papPtesForArea;
+#endif
     /** The pages in the apPages array. */
     size_t              cPages;
     /** Array of struct page pointers. (variable size) */
     struct page        *apPages[1];
-} RTR0MEMOBJLNX, *PRTR0MEMOBJLNX;
+} RTR0MEMOBJLNX;
+/** Pointer to the linux memory object. */
+typedef RTR0MEMOBJLNX *PRTR0MEMOBJLNX;
 
 
 static void rtR0MemObjLinuxFreePages(PRTR0MEMOBJLNX pMemLnx);
@@ -535,15 +544,49 @@
             pgprot_val(fPg) |= _PAGE_NX;
 # endif
 
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+        if (fExecutable)
+        {
+            pte_t **papPtes = (pte_t **)kmalloc_array(pMemLnx->cPages, sizeof(papPtes[0]), GFP_KERNEL);
+            if (papPtes)
+            {
+                pMemLnx->pArea = alloc_vm_area(pMemLnx->Core.cb, papPtes); /* Note! pArea->nr_pages is not set. */
+                if (pMemLnx->pArea)
+                {
+                    size_t i;
+                    Assert(pMemLnx->pArea->size >= pMemLnx->Core.cb);   /* Note! includes guard page. */
+                    Assert(pMemLnx->pArea->addr);
+#  ifdef _PAGE_NX
+                    pgprot_val(fPg) |= _PAGE_NX; /* Uses RTR0MemObjProtect to clear NX when memory ready, W^X fashion. */
+#  endif
+                    pMemLnx->papPtesForArea = papPtes;
+                    for (i = 0; i < pMemLnx->cPages; i++)
+                        *papPtes[i] = mk_pte(pMemLnx->apPages[i], fPg);
+                    pMemLnx->Core.pv = pMemLnx->pArea->addr;
+                    pMemLnx->fMappedToRing0 = true;
+                }
+                else
+                {
+                    kfree(papPtes);
+                    rc = VERR_MAP_FAILED;
+                }
+            }
+            else
+                rc = VERR_MAP_FAILED;
+        }
+        else
+# endif
+        {
 # ifdef VM_MAP
-        pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
+            pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
 # else
-        pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_ALLOC, fPg);
+            pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_ALLOC, fPg);
 # endif
-        if (pMemLnx->Core.pv)
-            pMemLnx->fMappedToRing0 = true;
-        else
-            rc = VERR_MAP_FAILED;
+            if (pMemLnx->Core.pv)
+                pMemLnx->fMappedToRing0 = true;
+            else
+                rc = VERR_MAP_FAILED;
+        }
 #else   /* < 2.4.22 */
         rc = VERR_NOT_SUPPORTED;
 #endif
@@ -569,6 +612,22 @@
 static void rtR0MemObjLinuxVUnmap(PRTR0MEMOBJLNX pMemLnx)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 4, 22)
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+    if (pMemLnx->pArea)
+    {
+#  if 0
+        pte_t **papPtes = pMemLnx->papPtesForArea;
+        size_t  i;
+        for (i = 0; i < pMemLnx->cPages; i++)
+            *papPtes[i] = 0;
+#  endif
+        free_vm_area(pMemLnx->pArea);
+        kfree(pMemLnx->papPtesForArea);
+        pMemLnx->pArea = NULL;
+        pMemLnx->papPtesForArea = NULL;
+    }
+    else
+# endif
     if (pMemLnx->fMappedToRing0)
     {
         Assert(pMemLnx->Core.pv);
@@ -1437,6 +1496,7 @@
              * Use vmap - 2.4.22 and later.
              */
             pgprot_t fPg = rtR0MemObjLinuxConvertProt(fProt, true /* kernel */);
+            /** @todo We don't really care too much for EXEC here... 5.8 always adds NX. */
             Assert(((offSub + cbSub) >> PAGE_SHIFT) <= pMemLnxToMap->cPages);
 # ifdef VM_MAP
             pMemLnx->Core.pv = vmap(&pMemLnxToMap->apPages[offSub >> PAGE_SHIFT], cbSub >> PAGE_SHIFT, VM_MAP, fPg);
@@ -1768,6 +1828,29 @@
 
 DECLHIDDEN(int) rtR0MemObjNativeProtect(PRTR0MEMOBJINTERNAL pMem, size_t offSub, size_t cbSub, uint32_t fProt)
 {
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+    /*
+     * Currently only supported when we've got addresses PTEs from the kernel.
+     */
+    PRTR0MEMOBJLNX pMemLnx = (PRTR0MEMOBJLNX)pMem;
+    if (pMemLnx->pArea && pMemLnx->papPtesForArea)
+    {
+        pgprot_t const  fPg     = rtR0MemObjLinuxConvertProt(fProt, true /*fKernel*/);
+        size_t const    cPages  = (offSub + cbSub) >> PAGE_SHIFT;
+        pte_t         **papPtes = pMemLnx->papPtesForArea;
+        size_t          i;
+
+        for (i = offSub >> PAGE_SHIFT; i < cPages; i++)
+        {
+            set_pte(papPtes[i], mk_pte(pMemLnx->apPages[i], fPg));
+        }
+        preempt_disable();
+        __flush_tlb_all();
+        preempt_enable();
+        return VINF_SUCCESS;
+    }
+# endif
+
     NOREF(pMem);
     NOREF(offSub);
     NOREF(cbSub);
Index: src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
--- a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c	(revision 85504)
+++ b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c	(revision 85505)
@@ -38,7 +38,7 @@
 
 
 #if (defined(RT_ARCH_AMD64) || defined(DOXYGEN_RUNNING)) && !defined(RTMEMALLOC_EXEC_HEAP)
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23)
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
 /**
  * Starting with 2.6.23 we can use __get_vm_area and map_vm_area to allocate
  * memory in the moduel range.  This is preferrable to the exec heap below.
Index: src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
===================================================================
diff --git a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
--- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c	(revision 85504)
+++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c	(revision 85505)
@@ -144,9 +144,9 @@
  * Memory for the executable memory heap (in IPRT).
  */
 # ifdef DEBUG
+#  define EXEC_MEMORY_SIZE   10485760   /* 10 MB */
+# else
 #  define EXEC_MEMORY_SIZE   8388608    /* 8 MB */
-# else
-#  define EXEC_MEMORY_SIZE   2097152    /* 2 MB */
 # endif
 extern uint8_t g_abExecMemory[EXEC_MEMORY_SIZE];
 # ifndef VBOX_WITH_TEXT_MODMEM_HACK
Index: include/VBox/sup.h
===================================================================
diff --git a/include/VBox/sup.h b/include/VBox/sup.h
--- a/include/VBox/sup.h	(revision 85505)
+++ b/include/VBox/sup.h	(revision 85506)
@@ -1555,8 +1555,10 @@
  *
  * @returns VBox status code.
  * @deprecated  Use SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase)
+ * @param   pErrInfo        Where to return extended error information.
+ *                          Optional.
  */
-SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename);
+SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename, PRTERRINFO pErrInfo);
 
 /**
  * Unloads R0 HC VMM code.
Index: src/VBox/Devices/Network/testcase/tstIntNet-1.cpp
===================================================================
diff --git a/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp b/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp
--- a/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp	(revision 85505)
+++ b/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp	(revision 85506)
@@ -846,7 +846,7 @@
         return 1;
     }
 
-    rc = SUPR3LoadVMM(szAbsPath);
+    rc = SUPR3LoadVMM(szAbsPath, NULL);
     if (RT_FAILURE(rc))
     {
         RTPrintf("tstIntNet-1: SUPR3LoadVMM(\"%s\") -> %Rrc\n", szAbsPath, rc);
Index: src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp
===================================================================
diff --git a/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp b/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp
--- a/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp	(revision 85505)
+++ b/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp	(revision 85506)
@@ -259,7 +259,7 @@
     if (RT_SUCCESS(rc))
         rc = RTPathAppend(szPathVMMR0, sizeof(szPathVMMR0), "VMMR0.r0");
     if (RT_SUCCESS(rc))
-        rc = SUPR3LoadVMM(szPathVMMR0);
+        rc = SUPR3LoadVMM(szPathVMMR0, NULL /*pErrInfo*/);
     return rc;
 }
 
Index: src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp
===================================================================
diff --git a/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp b/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp
--- a/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp	(revision 85505)
+++ b/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp	(revision 85506)
@@ -383,7 +383,7 @@
         return rc;
     }
 
-    rc = SUPR3LoadVMM(strcat(szPath, "/VMMR0.r0"));
+    rc = SUPR3LoadVMM(strcat(szPath, "/VMMR0.r0"), NULL);
     if (RT_FAILURE(rc))
     {
         LogRel(("VBoxNetBaseService: SUPR3LoadVMM(\"%s\") -> %Rrc\n", szPath, rc));
Index: src/VBox/VMM/testcase/tstGlobalConfig.cpp
===================================================================
diff --git a/src/VBox/VMM/testcase/tstGlobalConfig.cpp b/src/VBox/VMM/testcase/tstGlobalConfig.cpp
--- a/src/VBox/VMM/testcase/tstGlobalConfig.cpp	(revision 85505)
+++ b/src/VBox/VMM/testcase/tstGlobalConfig.cpp	(revision 85506)
@@ -102,7 +102,7 @@
         return 1;
     }
 
-    rc = SUPR3LoadVMM("./VMMR0.r0");
+    rc = SUPR3LoadVMM("./VMMR0.r0", NULL /*pErrInfo*/);
     if (RT_SUCCESS(rc))
     {
         Req.pSession = pSession;
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85505)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85506)
@@ -682,10 +682,10 @@
 }
 
 
-SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename)
+SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename, PRTERRINFO pErrInfo)
 {
     void *pvImageBase;
-    return SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase, NULL /*pErrInfo*/);
+    return SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase, pErrInfo);
 }
 
 
Index: src/VBox/HostDrivers/Support/testcase/tstInt.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/testcase/tstInt.cpp b/src/VBox/HostDrivers/Support/testcase/tstInt.cpp
--- a/src/VBox/HostDrivers/Support/testcase/tstInt.cpp	(revision 85505)
+++ b/src/VBox/HostDrivers/Support/testcase/tstInt.cpp	(revision 85506)
@@ -76,7 +76,8 @@
         /*
          * Load VMM code.
          */
-        rc = SUPR3LoadVMM(szAbsFile);
+        RTERRINFOSTATIC ErrInfo;
+        rc = SUPR3LoadVMM(szAbsFile, RTErrInfoInitStatic(&ErrInfo));
         if (RT_SUCCESS(rc))
         {
             /*
@@ -208,7 +209,7 @@
         }
         else
         {
-            RTPrintf("tstInt: SUPR3LoadVMM failed with rc=%Rrc\n", rc);
+            RTPrintf("tstInt: SUPR3LoadVMM failed with rc=%Rrc%#RTeim\n", rc, &ErrInfo.Core);
             rcRet++;
         }
 
Index: Config.kmk
===================================================================
diff --git a/Config.kmk b/Config.kmk
--- a/Config.kmk	(revision 85506)
+++ b/Config.kmk	(revision 85507)
@@ -4469,15 +4469,13 @@ TEMPLATE_VBoxR0_CXXFLAGS            = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(V
 	$(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
 	$(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) \
 	-fno-rtti $(VBOX_GCC_std) $(VBOX_GCC_IPRT_FMT_CHECK)
-TEMPLATE_VBoxR0_CFLAGS.amd64        = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow \
-	-fasynchronous-unwind-tables -ffreestanding
-TEMPLATE_VBoxR0_CXXFLAGS.amd64      = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow \
-	-fasynchronous-unwind-tables
++TEMPLATE_VBoxR0_CFLAGS.amd64        = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
++TEMPLATE_VBoxR0_CXXFLAGS.amd64      = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
 TEMPLATE_VBoxR0_CXXFLAGS.freebsd    = -ffreestanding
  if $(VBOX_GCC_VERSION_CC) < 30400
   TEMPLATE_VBoxR0_DEFS             += RT_WITHOUT_PRAGMA_ONCE
  endif
-ifeq ($(KBUILD_TARGET),solaris)
+ ifeq ($(KBUILD_TARGET),solaris)
  TEMPLATE_VBoxR0_LDFLAGS            = -r
  TEMPLATE_VBoxR0_LDFLAGS.solaris    = -u _init -u _info
  TEMPLATE_VBoxR0_LIBS.solaris       = \
@@ -4488,20 +4486,32 @@ ifeq ($(KBUILD_TARGET),solaris)
  endif
  # Solaris driver signing.
  TEMPLATE_VBoxR0_POST_CMDS          = $(VBOX_SIGN_DRIVER_CMDS)
-else
+ else
  TEMPLATE_VBoxR0_LDFLAGS            = -nostdlib -Bsymbolic -g
  ## @todo WTF doesn't the globals work? Debug info is supposed to be split everywhere. GRR
  TEMPLATE_VBoxR0_LD_DEBUG           = split
-endif
-ifn1of ($(KBUILD_TARGET),solaris freebsd)
+ endif
+ if 0 #1of ($(KBUILD_TARGET), linux)
+VBOX_WITH_VBOXR0_AS_DLL = 1
+TEMPLATE_VBoxR0_DLLSUFF             = .r0
+TEMPLATE_VBoxR0_CFLAGS             += -fPIC
+TEMPLATE_VBoxR0_CXXFLAGS           += -fPIC
+TEMPLATE_VBoxR0_LDFLAGS            +=
+TEMPLATE_VBoxR0_DTRACE_HDR_FLAGS   += --pic
+TEMPLATE_VBoxR0_DTRACE_OBJ_FLAGS   += --pic
+ else
+TEMPLATE_VBoxR0_CFLAGS.amd64       += -mcmodel=kernel
+TEMPLATE_VBoxR0_CXXFLAGS.amd64     += -mcmodel=kernel
+ endif
+ ifn1of ($(KBUILD_TARGET),solaris freebsd)
  TEMPLATE_VBoxR0_LIBS               = \
 	$(VBOX_GCC_LIBGCC) # intrinsics
-endif
-if1of ($(KBUILD_TARGET),linux)
- TEMPLATE_VBoxR0_POST_CMDS          = \
+ endif
+ if1of ($(KBUILD_TARGET),linux)
+ TEMPLATE_VBoxR0_POST_CMDS         += $(NLTAB)\
  	$(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
-endif
-endif
+ endif
+endif # elf
 
 ifeq ($(VBOX_LDR_FMT),macho)
 TEMPLATE_VBoxR0_TOOL                = $(VBOX_GCC_TOOL)
Index: src/VBox/Devices/Makefile.kmk
===================================================================
diff --git a/src/VBox/Devices/Makefile.kmk b/src/VBox/Devices/Makefile.kmk
--- a/src/VBox/Devices/Makefile.kmk	(revision 85506)
+++ b/src/VBox/Devices/Makefile.kmk	(revision 85507)
@@ -52,7 +52,7 @@
  if1of ($(KBUILD_TARGET_ARCH), $(VBOX_SUPPORTED_HOST_ARCHS))
   LIBRARIES += ServicesR0
   DLLS      += VBoxDDU VBoxDD VBoxDD2
-  SYSMODS   += VBoxDDR0
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxDDR0
   ifdef VBOX_WITH_RAW_MODE
    SYSMODS   += VBoxDDRC
   endif
@@ -1385,7 +1385,7 @@
 	USB/DevXHCI.cpp
   $(call VBOX_SET_VER_INFO_DLL,VBoxEhciR3,PUEL Extension Pack - EHCI Device)
 
-  SYSMODS += VBoxEhciR0
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxEhciR0
   VBoxEhciR0_TEMPLATE = VBoxR0ExtPackPuel
   VBoxEhciR0_SOURCES  = \
 	USB/DevEHCI.cpp \
@@ -1421,7 +1421,7 @@
   VBoxPciRawDrv_SOURCES     = Bus/DrvPciRaw.cpp
   $(call VBOX_SET_VER_INFO_DLL,VBoxPciRawDrv,PUEL Extension Pack - PCI Passthrough Driver)
 
-  SYSMODS += VBoxPciRawR0
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxPciRawR0
   VBoxPciRawR0_TEMPLATE     = VBoxR0ExtPackPuel
   VBoxPciRawR0_SOURCES      = Bus/DevPciRaw.cpp
   $(call VBOX_SET_VER_INFO_R0,VBoxPciRawR0,PUEL Extension Pack - PCI Passthrough Driver$(COMMA) ring-0)
@@ -1439,7 +1439,7 @@
   	Storage/DevNVMe.cpp
   $(call VBOX_SET_VER_INFO_DLL,VBoxNvmeR3,PUEL Extension Pack - NVMe Device)
 
-  SYSMODS += VBoxNvmeR0
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxNvmeR0
   VBoxNvmeR0_TEMPLATE = VBoxR0ExtPackPuel
   VBoxNvmeR0_SOURCES  = \
   	Storage/DevNVMe.cpp
Index: src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk
===================================================================
diff --git a/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk b/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk
--- a/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk	(revision 85506)
+++ b/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk	(revision 85507)
@@ -252,7 +252,7 @@
  # The ring-0 part of VBoxDTrace.
  #
  ifneq ($(KBUILD_TARGET),solaris) # disabled on solaris - neiter needed nor currently able to build it here.
-  SYSMODS += VBoxDTraceR0
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxDTraceR0
  endif
  VBoxDTraceR0_TEMPLATE = VBoxR0ExtPackDTrace
  VBoxDTraceR0_DEFS = IN_VBOXDTRACE_R0 IN_RT_R0
Index: src/VBox/ExtPacks/BusMouseSample/Makefile.kmk
===================================================================
diff --git a/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk b/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk
--- a/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk	(revision 85506)
+++ b/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk	(revision 85507)
@@ -83,7 +83,7 @@
 VBoxBusMouseR3_TEMPLATE = VBoxR3ExtPackBusMouse
 VBoxBusMouseR3_SOURCES  = DevBusMouse.cpp
 
-SYSMODS += VBoxBusMouseR0
+$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxBusMouseR0
 VBoxBusMouseR0_TEMPLATE = VBoxR0ExtPackBusMouse
 VBoxBusMouseR0_SOURCES  = DevBusMouse.cpp
 
Index: src/VBox/Runtime/testcase/Makefile.kmk
===================================================================
diff --git a/src/VBox/Runtime/testcase/Makefile.kmk b/src/VBox/Runtime/testcase/Makefile.kmk
--- a/src/VBox/Runtime/testcase/Makefile.kmk	(revision 85506)
+++ b/src/VBox/Runtime/testcase/Makefile.kmk	(revision 85507)
@@ -211,13 +211,13 @@
   	tstRTR0ThreadDriver
  endif
  if1of ($(KBUILD_TARGET_ARCH), $(VBOX_SUPPORTED_HOST_ARCHS))
-  SYSMODS += \
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += \
   	tstLdrObjR0
   ifdef VBOX_WITH_RAW_MODE
    SYSMODS += tstLdrObj
   endif
  endif
- SYSMODS += \
+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += \
  	tstRTR0MemUserKernel \
  	tstRTR0SemMutex \
  	tstRTR0Timer \
@@ -225,7 +225,7 @@
  	tstRTR0Thread
  if1of ($(KBUILD_TARGET), solaris darwin)
   PROGRAMS += tstRTR0DbgKrnlInfoDriver
-  SYSMODS += tstRTR0DbgKrnlInfo
+  $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += tstRTR0DbgKrnlInfo
  endif # VBOX_SUPPORTED_HOST_ARCHS only
 
 endif
Index: src/VBox/VMM/Makefile.kmk
===================================================================
diff --git a/src/VBox/VMM/Makefile.kmk b/src/VBox/VMM/Makefile.kmk
--- a/src/VBox/VMM/Makefile.kmk	(revision 85506)
+++ b/src/VBox/VMM/Makefile.kmk	(revision 85507)
@@ -434,7 +434,7 @@
 #
 # VMMR0.r0
 #
-SYSMODS += VMMR0
+$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VMMR0
 VMMR0_TEMPLATE  = VBoxR0
 VMMR0_SYSSUFF   = .r0
 
Index: src/VBox/ValidationKit/utils/misc/Makefile.kmk
===================================================================
diff --git a/src/VBox/ValidationKit/utils/misc/Makefile.kmk b/src/VBox/ValidationKit/utils/misc/Makefile.kmk
--- a/src/VBox/ValidationKit/utils/misc/Makefile.kmk	(revision 85506)
+++ b/src/VBox/ValidationKit/utils/misc/Makefile.kmk	(revision 85507)
@@ -31,7 +31,7 @@
 LoadGenerator_TEMPLATE = VBoxValidationKitR3SupDrv
 LoadGenerator_SOURCES  = loadgenerator.cpp
 
-SYSMODS += loadgeneratorR0
+$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += loadgeneratorR0
 loadgeneratorR0_TEMPLATE = VBoxValidationKitR0
 loadgeneratorR0_SOURCES = loadgeneratorR0.cpp
 
Index: src/VBox/HostDrivers/Support/SUPLib.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLib.cpp b/src/VBox/HostDrivers/Support/SUPLib.cpp
--- a/src/VBox/HostDrivers/Support/SUPLib.cpp	(revision 85506)
+++ b/src/VBox/HostDrivers/Support/SUPLib.cpp	(revision 85507)
@@ -275,9 +275,9 @@
         CookieReq.Hdr.rc = VERR_INTERNAL_ERROR;
         strcpy(CookieReq.u.In.szMagic, SUPCOOKIE_MAGIC);
         CookieReq.u.In.u32ReqVersion = SUPDRV_IOC_VERSION;
-        const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x002d0000
+        const uint32_t uMinVersion = /*(SUPDRV_IOC_VERSION & 0xffff0000) == 0x002d0000
                                    ? 0x002d0001
-                                   : SUPDRV_IOC_VERSION & 0xffff0000;
+                                   :*/ SUPDRV_IOC_VERSION & 0xffff0000;
         CookieReq.u.In.u32MinVersion = uMinVersion;
         rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_COOKIE, &CookieReq, SUP_IOCTL_COOKIE_SIZE);
         if (    RT_SUCCESS(rc)
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85506)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85507)
@@ -334,7 +334,364 @@
 }
 
 
+/** Argument package for supLoadModuleCompileSegmentsCB. */
+typedef struct SUPLDRCOMPSEGTABARGS
+{
+    uint32_t        uStartRva;
+    uint32_t        uEndRva;
+    uint32_t        fProt;
+    uint32_t        iSegs;
+    uint32_t        cSegsAlloc;
+    PSUPLDRSEG      paSegs;
+    PRTERRINFO      pErrInfo;
+} SUPLDRCOMPSEGTABARGS, *PSUPLDRCOMPSEGTABARGS;
+
 /**
+ * @callback_method_impl{FNRTLDRENUMSEGS,
+ *  Compile list of segments with the same memory protection.}
+ */
+static DECLCALLBACK(int) supLoadModuleCompileSegmentsCB(RTLDRMOD hLdrMod, PCRTLDRSEG pSeg, void *pvUser)
+{
+    PSUPLDRCOMPSEGTABARGS pArgs = (PSUPLDRCOMPSEGTABARGS)pvUser;
+    AssertCompile(RTMEM_PROT_READ  == SUPLDR_PROT_READ);
+    AssertCompile(RTMEM_PROT_WRITE == SUPLDR_PROT_WRITE);
+    AssertCompile(RTMEM_PROT_EXEC  == SUPLDR_PROT_EXEC);
+    RT_NOREF(hLdrMod);
+
+    /* Ignore segments not part of the loaded image. */
+    if (pSeg->RVA == NIL_RTLDRADDR || pSeg->cbMapped == 0)
+        return VINF_SUCCESS;
+
+    /* We currently ASSUME that all relevant segments are in ascending RVA order. */
+    AssertReturn(pSeg->RVA >= pArgs->uEndRva,
+                 RTERRINFO_LOG_REL_SET_F(pArgs->pErrInfo, VERR_BAD_EXE_FORMAT, "Out of order segment: %p LB %#zx #%.*s",
+                                         pSeg->RVA, pSeg->cb, pSeg->cchName, pSeg->pszName));
+
+    /* We ASSUME the cbMapped field is implemented. */
+    AssertReturn(pSeg->cbMapped != NIL_RTLDRADDR, VERR_INTERNAL_ERROR_2);
+    AssertReturn(pSeg->cbMapped < _1G, VERR_INTERNAL_ERROR_4);
+    uint32_t cbMapped = (uint32_t)pSeg->cbMapped;
+    AssertReturn(pSeg->RVA      < _1G, VERR_INTERNAL_ERROR_3);
+    uint32_t uRvaSeg  = (uint32_t)pSeg->RVA;
+    Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr prot %#x %s\n",
+          pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->fProt, pSeg->pszName));
+
+    /*
+     * If the protection is the same as the previous segment,
+     * just update uEndRva and continue.
+     */
+    uint32_t fProt = pSeg->fProt;
+#if defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86)
+    if (fProt & RTMEM_PROT_EXEC)
+        fProt |= fProt & RTMEM_PROT_READ;
+#endif
+    if (pSeg->fProt == pArgs->fProt)
+    {
+        pArgs->uEndRva = uRvaSeg + cbMapped;
+        Log2(("supLoadModuleCompileSegmentsCB: -> merged\n"));
+        return VINF_SUCCESS;
+    }
+
+    /*
+     * The protection differs, so commit current segment and start a new one.
+     * However, if the new segment and old segment share a page, this becomes
+     * a little more complicated...
+     */
+    if (pArgs->uStartRva < pArgs->uEndRva)
+    {
+        if (((pArgs->uEndRva - 1) >> PAGE_SHIFT) != (uRvaSeg >> PAGE_SHIFT))
+        {
+            /* No common page, so make the new segment start on a page boundrary. */
+            cbMapped += uRvaSeg & PAGE_OFFSET_MASK;
+            uRvaSeg &= ~(uint32_t)PAGE_OFFSET_MASK;
+            Assert(pArgs->uEndRva <= uRvaSeg);
+            Log2(("supLoadModuleCompileSegmentsCB: -> new, no common\n"));
+        }
+        else if ((fProt & pArgs->fProt) == fProt)
+        {
+            /* The current segment includes the memory protections of the
+               previous, so include the common page in it: */
+            uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
+            if (cbCommon >= cbMapped)
+            {
+                pArgs->uEndRva = uRvaSeg + cbMapped;
+                Log2(("supLoadModuleCompileSegmentsCB: -> merge, %#x common, upgrading prot to %#x\n", cbCommon, pArgs->fProt));
+                return VINF_SUCCESS; /* New segment was smaller than a page. */
+            }
+            cbMapped -= cbCommon;
+            uRvaSeg  += cbCommon;
+            Assert(pArgs->uEndRva <= uRvaSeg);
+            Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into previous\n", cbCommon));
+        }
+        else if ((fProt & pArgs->fProt) == pArgs->fProt)
+        {
+            /* The new segment includes the memory protections of the
+               previous, so include the common page in it: */
+            cbMapped += uRvaSeg & PAGE_OFFSET_MASK;
+            uRvaSeg &= ~(uint32_t)PAGE_OFFSET_MASK;
+            if (uRvaSeg == pArgs->uStartRva)
+            {
+                pArgs->fProt   = fProt;
+                pArgs->uEndRva = uRvaSeg + cbMapped;
+                Log2(("supLoadModuleCompileSegmentsCB: -> upgrade current protection\n"));
+                return VINF_SUCCESS; /* Current segment was smaller than a page. */
+            }
+            Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into new\n", (uint32_t)(pSeg->RVA & PAGE_OFFSET_MASK)));
+        }
+        else
+        {
+            /* Create a new segment for the common page with the combined protection. */
+            Log2(("supLoadModuleCompileSegmentsCB: -> its complicated...\n"));
+            pArgs->uEndRva &= ~(uint32_t)PAGE_OFFSET_MASK;
+            if (pArgs->uEndRva > pArgs->uStartRva)
+            {
+                Log2(("supLoadModuleCompileSegmentsCB: SUP Seg #%u: %#x LB %#x prot %#x\n",
+                      pArgs->iSegs, pArgs->uStartRva, pArgs->uEndRva - pArgs->uStartRva, pArgs->fProt));
+                if (pArgs->paSegs)
+                {
+                    AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
+                    pArgs->paSegs[pArgs->iSegs].off   = pArgs->uStartRva;
+                    pArgs->paSegs[pArgs->iSegs].cb    = pArgs->uEndRva - pArgs->uStartRva;
+                    pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
+                }
+                pArgs->iSegs++;
+                pArgs->uStartRva = pArgs->uEndRva;
+            }
+            pArgs->fProt |= fProt;
+
+            uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
+            if (cbCommon <= cbMapped)
+            {
+                fProt |= pArgs->fProt;
+                pArgs->uEndRva = uRvaSeg + cbMapped;
+                return VINF_SUCCESS; /* New segment was smaller than a page. */
+            }
+            cbMapped -= cbCommon;
+            uRvaSeg  += cbCommon;
+            Assert(uRvaSeg - pArgs->uStartRva == PAGE_SIZE);
+        }
+
+        /* The current segment should end where the new one starts, no gaps. */
+        pArgs->uEndRva = uRvaSeg;
+
+        /* Emit the current segment */
+        Log2(("supLoadModuleCompileSegmentsCB: SUP Seg #%u: %#x LB %#x prot %#x\n",
+              pArgs->iSegs, pArgs->uStartRva, pArgs->uEndRva - pArgs->uStartRva, pArgs->fProt));
+        if (pArgs->paSegs)
+        {
+            AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
+            pArgs->paSegs[pArgs->iSegs].off   = pArgs->uStartRva;
+            pArgs->paSegs[pArgs->iSegs].cb    = pArgs->uEndRva - pArgs->uStartRva;
+            pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
+        }
+        pArgs->iSegs++;
+    }
+    /* else: current segment is empty */
+
+    /* Start the new segment. */
+    Assert(!(uRvaSeg & PAGE_OFFSET_MASK));
+    pArgs->fProt     = fProt;
+    pArgs->uStartRva = uRvaSeg;
+    pArgs->uEndRva   = uRvaSeg + cbMapped;
+    return VINF_SUCCESS;
+}
+
+
+/** 
+ * Worker for supLoadModule().
+ */
+static int supLoadModuleInner(RTLDRMOD hLdrMod, PSUPLDRLOAD pLoadReq, uint32_t cbImageWithEverything,
+                              RTR0PTR uImageBase, size_t cbImage, const char *pszModule, const char *pszFilename,
+                              bool fNativeLoader, bool fIsVMMR0, const char *pszSrvReqHandler,
+                              uint32_t offSymTab, uint32_t cSymbols,
+                              uint32_t offStrTab, size_t cbStrTab,
+                              uint32_t offSegTab, uint32_t cSegments,
+                              PRTERRINFO pErrInfo)
+{
+    /*
+     * Get the image bits.
+     */
+    SUPLDRRESIMPARGS Args = { pszModule, pErrInfo };
+    int rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase, supLoadModuleResolveImport, &Args);
+    if (RT_FAILURE(rc))
+    {
+        LogRel(("SUP: RTLdrGetBits failed for %s (%s). rc=%Rrc\n", pszModule, pszFilename, rc));
+        if (!RTErrInfoIsSet(pErrInfo))
+            RTErrInfoSetF(pErrInfo, rc, "RTLdrGetBits failed");
+        return rc;
+    }
+
+    /*
+     * Get the entry points.
+     */
+    RTUINTPTR VMMR0EntryFast = 0;
+    RTUINTPTR VMMR0EntryEx = 0;
+    RTUINTPTR SrvReqHandler = 0;
+    RTUINTPTR ModuleInit = 0;
+    RTUINTPTR ModuleTerm = 0;
+    const char *pszEp = NULL;
+    if (fIsVMMR0)
+    {
+        rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
+                              UINT32_MAX, pszEp = "VMMR0EntryFast", &VMMR0EntryFast);
+        if (RT_SUCCESS(rc))
+            rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
+                                  UINT32_MAX, pszEp = "VMMR0EntryEx", &VMMR0EntryEx);
+    }
+    else if (pszSrvReqHandler)
+        rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
+                              UINT32_MAX, pszEp = pszSrvReqHandler, &SrvReqHandler);
+    if (RT_SUCCESS(rc))
+    {
+        int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
+                                   UINT32_MAX, pszEp = "ModuleInit", &ModuleInit);
+        if (RT_FAILURE(rc2))
+            ModuleInit = 0;
+
+        rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
+                               UINT32_MAX, pszEp = "ModuleTerm", &ModuleTerm);
+        if (RT_FAILURE(rc2))
+            ModuleTerm = 0;
+    }
+    if (RT_FAILURE(rc))
+    {
+        LogRel(("SUP: Failed to get entry point '%s' for %s (%s) rc=%Rrc\n", pszEp, pszModule, pszFilename, rc));
+        return RTErrInfoSetF(pErrInfo, rc, "Failed to resolve entry point '%s'", pszEp);
+    }
+
+    /*
+     * Create the symbol and string tables.
+     */
+    SUPLDRCREATETABSARGS CreateArgs;
+    CreateArgs.cbImage = cbImage;
+    CreateArgs.pSym    = (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab];
+    CreateArgs.pszBase =     (char *)&pLoadReq->u.In.abImage[offStrTab];
+    CreateArgs.psz     = CreateArgs.pszBase;
+    rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
+    if (RT_FAILURE(rc))
+    {
+        LogRel(("SUP: RTLdrEnumSymbols failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
+        return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #2 failed");
+    }
+    AssertRelease((size_t)(CreateArgs.psz  - CreateArgs.pszBase) <= cbStrTab);
+    AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab]) <= cSymbols);
+
+    /*
+     * Create the segment table.
+     */
+    SUPLDRCOMPSEGTABARGS SegArgs;
+    SegArgs.uStartRva   = 0;
+    SegArgs.uEndRva     = 0;
+    SegArgs.fProt       = RTMEM_PROT_READ;
+    SegArgs.iSegs       = 0;
+    SegArgs.cSegsAlloc  = cSegments;
+    SegArgs.paSegs      = (PSUPLDRSEG)&pLoadReq->u.In.abImage[offSegTab];
+    SegArgs.pErrInfo    = pErrInfo;
+    rc = RTLdrEnumSegments(hLdrMod, supLoadModuleCompileSegmentsCB, &SegArgs);
+    if (RT_FAILURE(rc))
+    {
+        LogRel(("SUP: RTLdrEnumSegments failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
+        return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #2 failed");
+    }
+    SegArgs.uEndRva = cbImage;
+    if (SegArgs.uEndRva > SegArgs.uStartRva)
+    {
+        SegArgs.paSegs[SegArgs.iSegs].off   = SegArgs.uStartRva;
+        SegArgs.paSegs[SegArgs.iSegs].cb    = SegArgs.uEndRva - SegArgs.uStartRva;
+        SegArgs.paSegs[SegArgs.iSegs].fProt = SegArgs.fProt;
+        SegArgs.iSegs++;
+    }
+    for (uint32_t i = 0; i < SegArgs.iSegs; i++)
+        LogRel(("SUP: seg #%u: %c%c%c %#010RX32 LB %#010RX32\n", i, /** @todo LogRel2 */
+                SegArgs.paSegs[i].fProt & SUPLDR_PROT_READ  ? 'R' : ' ',
+                SegArgs.paSegs[i].fProt & SUPLDR_PROT_WRITE ? 'W' : ' ',
+                SegArgs.paSegs[i].fProt & SUPLDR_PROT_EXEC  ? 'X' : ' ',
+                SegArgs.paSegs[i].off, SegArgs.paSegs[i].cb));
+    AssertRelease(SegArgs.iSegs == cSegments);
+    AssertRelease(SegArgs.cSegsAlloc == cSegments);
+
+    /*
+     * Upload the image.
+     */
+    pLoadReq->Hdr.u32Cookie = g_u32Cookie;
+    pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+    pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImageWithEverything);
+    pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
+    pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
+    pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
+
+    pLoadReq->u.In.pfnModuleInit              = (RTR0PTR)ModuleInit;
+    pLoadReq->u.In.pfnModuleTerm              = (RTR0PTR)ModuleTerm;
+    if (fIsVMMR0)
+    {
+        pLoadReq->u.In.eEPType                = SUPLDRLOADEP_VMMR0;
+        pLoadReq->u.In.EP.VMMR0.pvVMMR0       = uImageBase;
+        pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryFast= (RTR0PTR)VMMR0EntryFast;
+        pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryEx  = (RTR0PTR)VMMR0EntryEx;
+    }
+    else if (pszSrvReqHandler)
+    {
+        pLoadReq->u.In.eEPType                = SUPLDRLOADEP_SERVICE;
+        pLoadReq->u.In.EP.Service.pfnServiceReq = (RTR0PTR)SrvReqHandler;
+        pLoadReq->u.In.EP.Service.apvReserved[0] = NIL_RTR0PTR;
+        pLoadReq->u.In.EP.Service.apvReserved[1] = NIL_RTR0PTR;
+        pLoadReq->u.In.EP.Service.apvReserved[2] = NIL_RTR0PTR;
+    }
+    else
+        pLoadReq->u.In.eEPType                = SUPLDRLOADEP_NOTHING;
+    pLoadReq->u.In.offStrTab                  = offStrTab;
+    pLoadReq->u.In.cbStrTab                   = (uint32_t)cbStrTab;
+    AssertRelease(pLoadReq->u.In.cbStrTab == cbStrTab);
+    pLoadReq->u.In.cbImageBits                = (uint32_t)cbImage;
+    pLoadReq->u.In.offSymbols                 = offSymTab;
+    pLoadReq->u.In.cSymbols                   = cSymbols;
+    pLoadReq->u.In.offSegments                = offSegTab;
+    pLoadReq->u.In.cSegments                  = cSegments;
+    pLoadReq->u.In.cbImageWithEverything      = cbImageWithEverything;
+    pLoadReq->u.In.pvImageBase                = uImageBase;
+    if (!g_uSupFakeMode)
+    {
+        rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything));
+        if (RT_SUCCESS(rc))
+            rc = pLoadReq->Hdr.rc;
+        else
+            LogRel(("SUP: SUP_IOCTL_LDR_LOAD ioctl for %s (%s) failed rc=%Rrc\n", pszModule, pszFilename, rc));
+    }
+    else
+        rc = VINF_SUCCESS;
+    if (    RT_SUCCESS(rc)
+        ||  rc == VERR_ALREADY_LOADED /* A competing process. */
+       )
+    {
+        LogRel(("SUP: Loaded %s (%s) at %#RKv - ModuleInit at %RKv and ModuleTerm at %RKv%s\n",
+                pszModule, pszFilename, uImageBase, (RTR0PTR)ModuleInit, (RTR0PTR)ModuleTerm,
+                fNativeLoader ? " using the native ring-0 loader" : ""));
+        if (fIsVMMR0)
+        {
+            g_pvVMMR0 = uImageBase;
+            LogRel(("SUP: VMMR0EntryEx located at %RKv and VMMR0EntryFast at %RKv\n", (RTR0PTR)VMMR0EntryEx, (RTR0PTR)VMMR0EntryFast));
+        }
+#ifdef RT_OS_WINDOWS
+        LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, uImageBase));
+#endif
+        return VINF_SUCCESS;
+    }
+
+    /*
+     * Failed, bail out.
+     */
+    LogRel(("SUP: Loading failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
+    if (   pLoadReq->u.Out.uErrorMagic == SUPLDRLOAD_ERROR_MAGIC
+        && pLoadReq->u.Out.szError[0] != '\0')
+    {
+        LogRel(("SUP: %s\n", pLoadReq->u.Out.szError));
+        return RTErrInfoSet(pErrInfo, rc, pLoadReq->u.Out.szError);
+    }
+    return RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_LOAD failed");
+}
+
+
+/**
  * Worker for SUPR3LoadModule().
  *
  * @returns VBox status code.
@@ -356,6 +713,7 @@
     AssertPtrReturn(pszFilename, VERR_INVALID_PARAMETER);
     AssertPtrReturn(pszModule, VERR_INVALID_PARAMETER);
     AssertPtrReturn(ppvImageBase, VERR_INVALID_PARAMETER);
+    /** @todo abspath it right into SUPLDROPEN */
     AssertReturn(strlen(pszModule) < RT_SIZEOFMEMB(SUPLDROPEN, u.In.szName), VERR_FILENAME_TOO_LONG);
     char szAbsFilename[RT_SIZEOFMEMB(SUPLDROPEN, u.In.szFilename)];
     rc = RTPathAbs(pszFilename, szAbsFilename, sizeof(szAbsFilename));
@@ -371,8 +729,8 @@
      * Open image file and figure its size.
      */
     RTLDRMOD hLdrMod;
-    rc = RTLdrOpen(pszFilename, 0, RTLDRARCH_HOST, &hLdrMod);
-    if (!RT_SUCCESS(rc))
+    rc = RTLdrOpenEx(pszFilename, 0 /*fFlags*/, RTLDRARCH_HOST, &hLdrMod, pErrInfo);
+    if (RT_FAILURE(rc))
     {
         LogRel(("SUP: RTLdrOpen failed for %s (%s) %Rrc\n", pszModule, pszFilename, rc));
         return rc;
@@ -385,230 +743,105 @@
     rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCalcSizeCB, &CalcArgs);
     if (RT_SUCCESS(rc))
     {
-        const uint32_t  offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
-        const uint32_t  offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
-        const uint32_t  cbImageWithTabs = RT_ALIGN_32(offStrTab + CalcArgs.cbStrings, 8);
-
         /*
-         * Open the R0 image.
+         * Figure out the number of segments needed first.
          */
-        SUPLDROPEN OpenReq;
-        OpenReq.Hdr.u32Cookie = g_u32Cookie;
-        OpenReq.Hdr.u32SessionCookie = g_u32SessionCookie;
-        OpenReq.Hdr.cbIn = SUP_IOCTL_LDR_OPEN_SIZE_IN;
-        OpenReq.Hdr.cbOut = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
-        OpenReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
-        OpenReq.Hdr.rc = VERR_INTERNAL_ERROR;
-        OpenReq.u.In.cbImageWithTabs = cbImageWithTabs;
-        OpenReq.u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
-        strcpy(OpenReq.u.In.szName, pszModule);
-        strcpy(OpenReq.u.In.szFilename, pszFilename);
-        if (!g_uSupFakeMode)
+        SUPLDRCOMPSEGTABARGS SegArgs;
+        SegArgs.uStartRva   = 0;
+        SegArgs.uEndRva     = 0;
+        SegArgs.fProt       = RTMEM_PROT_READ;
+        SegArgs.iSegs       = 0;
+        SegArgs.cSegsAlloc  = 0;
+        SegArgs.paSegs      = NULL;
+        SegArgs.pErrInfo    = pErrInfo;
+        rc = RTLdrEnumSegments(hLdrMod, supLoadModuleCompileSegmentsCB, &SegArgs);
+        if (RT_SUCCESS(rc))
         {
-            rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
-            if (RT_SUCCESS(rc))
-                rc = OpenReq.Hdr.rc;
-        }
-        else
-        {
-            OpenReq.u.Out.fNeedsLoading = true;
-            OpenReq.u.Out.pvImageBase = 0xef423420;
-        }
-        *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
-        if (    RT_SUCCESS(rc)
-            &&  OpenReq.u.Out.fNeedsLoading)
-        {
+            Assert(SegArgs.uEndRva <= RTLdrSize(hLdrMod));
+            SegArgs.uEndRva = RTLdrSize(hLdrMod);
+            if (SegArgs.uEndRva > SegArgs.uStartRva)
+                SegArgs.iSegs++;
+
+            const uint32_t offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
+            const uint32_t offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
+            const uint32_t offSegTab = RT_ALIGN_32(offStrTab + CalcArgs.cbStrings, 8);
+            const uint32_t cbImageWithEverything = RT_ALIGN_32(offSegTab + sizeof(SUPLDRSEG) * SegArgs.iSegs, 8);
+
             /*
-             * We need to load it.
-             * Allocate memory for the image bits.
+             * Open the R0 image.
              */
-            PSUPLDRLOAD pLoadReq = (PSUPLDRLOAD)RTMemTmpAlloc(SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
-            if (pLoadReq)
+            SUPLDROPEN OpenReq;
+            OpenReq.Hdr.u32Cookie              = g_u32Cookie;
+            OpenReq.Hdr.u32SessionCookie       = g_u32SessionCookie;
+            OpenReq.Hdr.cbIn                   = SUP_IOCTL_LDR_OPEN_SIZE_IN;
+            OpenReq.Hdr.cbOut                  = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
+            OpenReq.Hdr.fFlags                 = SUPREQHDR_FLAGS_DEFAULT;
+            OpenReq.Hdr.rc                     = VERR_INTERNAL_ERROR;
+            OpenReq.u.In.cbImageWithEverything = cbImageWithEverything;
+            OpenReq.u.In.cbImageBits           = (uint32_t)CalcArgs.cbImage;
+            strcpy(OpenReq.u.In.szName, pszModule);
+            strcpy(OpenReq.u.In.szFilename, pszFilename);
+            if (!g_uSupFakeMode)
             {
+                rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
+                if (RT_SUCCESS(rc))
+                    rc = OpenReq.Hdr.rc;
+            }
+            else
+            {
+                OpenReq.u.Out.fNeedsLoading = true;
+                OpenReq.u.Out.pvImageBase = 0xef423420;
+            }
+            *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
+            if (    RT_SUCCESS(rc)
+                &&  OpenReq.u.Out.fNeedsLoading)
+            {
                 /*
-                 * Get the image bits.
+                 * We need to load it.
+                 *
+                 * Allocate the request and pass it to an inner work function
+                 * that populates it and sends it off to the driver.
                  */
-
-                SUPLDRRESIMPARGS Args = { pszModule, pErrInfo };
-                rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-                                  supLoadModuleResolveImport, &Args);
-
-                if (RT_SUCCESS(rc))
+                const uint32_t cbLoadReq = SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything);
+                PSUPLDRLOAD    pLoadReq  = (PSUPLDRLOAD)RTMemTmpAlloc(cbLoadReq);
+                if (pLoadReq)
                 {
-                    /*
-                     * Get the entry points.
-                     */
-                    RTUINTPTR VMMR0EntryFast = 0;
-                    RTUINTPTR VMMR0EntryEx = 0;
-                    RTUINTPTR SrvReqHandler = 0;
-                    RTUINTPTR ModuleInit = 0;
-                    RTUINTPTR ModuleTerm = 0;
-                    const char *pszEp = NULL;
-                    if (fIsVMMR0)
-                    {
-                        rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-                                              UINT32_MAX, pszEp = "VMMR0EntryFast", &VMMR0EntryFast);
-                        if (RT_SUCCESS(rc))
-                            rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-                                                  UINT32_MAX, pszEp = "VMMR0EntryEx", &VMMR0EntryEx);
-                    }
-                    else if (pszSrvReqHandler)
-                        rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-                                              UINT32_MAX, pszEp = pszSrvReqHandler, &SrvReqHandler);
-                    if (RT_SUCCESS(rc))
-                    {
-                        int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-                                                   UINT32_MAX, pszEp = "ModuleInit", &ModuleInit);
-                        if (RT_FAILURE(rc2))
-                            ModuleInit = 0;
-
-                        rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-                                               UINT32_MAX, pszEp = "ModuleTerm", &ModuleTerm);
-                        if (RT_FAILURE(rc2))
-                            ModuleTerm = 0;
-                    }
-                    if (RT_SUCCESS(rc))
-                    {
-                        /*
-                         * Create the symbol and string tables.
-                         */
-                        SUPLDRCREATETABSARGS CreateArgs;
-                        CreateArgs.cbImage = CalcArgs.cbImage;
-                        CreateArgs.pSym    = (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab];
-                        CreateArgs.pszBase =     (char *)&pLoadReq->u.In.abImage[offStrTab];
-                        CreateArgs.psz     = CreateArgs.pszBase;
-                        rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
-                        if (RT_SUCCESS(rc))
-                        {
-                            AssertRelease((size_t)(CreateArgs.psz - CreateArgs.pszBase) <= CalcArgs.cbStrings);
-                            AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab]) <= CalcArgs.cSymbols);
-
-                            /*
-                             * Upload the image.
-                             */
-                            pLoadReq->Hdr.u32Cookie = g_u32Cookie;
-                            pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
-                            pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImageWithTabs);
-                            pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
-                            pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
-                            pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
-
-                            pLoadReq->u.In.pfnModuleInit              = (RTR0PTR)ModuleInit;
-                            pLoadReq->u.In.pfnModuleTerm              = (RTR0PTR)ModuleTerm;
-                            if (fIsVMMR0)
-                            {
-                                pLoadReq->u.In.eEPType                = SUPLDRLOADEP_VMMR0;
-                                pLoadReq->u.In.EP.VMMR0.pvVMMR0       = OpenReq.u.Out.pvImageBase;
-                                pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryFast= (RTR0PTR)VMMR0EntryFast;
-                                pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryEx  = (RTR0PTR)VMMR0EntryEx;
-                            }
-                            else if (pszSrvReqHandler)
-                            {
-                                pLoadReq->u.In.eEPType                = SUPLDRLOADEP_SERVICE;
-                                pLoadReq->u.In.EP.Service.pfnServiceReq = (RTR0PTR)SrvReqHandler;
-                                pLoadReq->u.In.EP.Service.apvReserved[0] = NIL_RTR0PTR;
-                                pLoadReq->u.In.EP.Service.apvReserved[1] = NIL_RTR0PTR;
-                                pLoadReq->u.In.EP.Service.apvReserved[2] = NIL_RTR0PTR;
-                            }
-                            else
-                                pLoadReq->u.In.eEPType                = SUPLDRLOADEP_NOTHING;
-                            pLoadReq->u.In.offStrTab                  = offStrTab;
-                            pLoadReq->u.In.cbStrTab                   = (uint32_t)CalcArgs.cbStrings;
-                            AssertRelease(pLoadReq->u.In.cbStrTab == CalcArgs.cbStrings);
-                            pLoadReq->u.In.cbImageBits                = (uint32_t)CalcArgs.cbImage;
-                            pLoadReq->u.In.offSymbols                 = offSymTab;
-                            pLoadReq->u.In.cSymbols                   = CalcArgs.cSymbols;
-                            pLoadReq->u.In.cbImageWithTabs            = cbImageWithTabs;
-                            pLoadReq->u.In.pvImageBase                = OpenReq.u.Out.pvImageBase;
-                            if (!g_uSupFakeMode)
-                            {
-                                rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
-                                if (RT_SUCCESS(rc))
-                                    rc = pLoadReq->Hdr.rc;
-                                else
-                                    LogRel(("SUP: SUP_IOCTL_LDR_LOAD ioctl for %s (%s) failed rc=%Rrc\n", pszModule, pszFilename, rc));
-                            }
-                            else
-                                rc = VINF_SUCCESS;
-                            if (    RT_SUCCESS(rc)
-                                ||  rc == VERR_ALREADY_LOADED /* A competing process. */
-                               )
-                            {
-                                LogRel(("SUP: Loaded %s (%s) at %#RKv - ModuleInit at %RKv and ModuleTerm at %RKv%s\n",
-                                        pszModule, pszFilename, OpenReq.u.Out.pvImageBase, (RTR0PTR)ModuleInit, (RTR0PTR)ModuleTerm,
-                                        OpenReq.u.Out.fNativeLoader ? " using the native ring-0 loader" : ""));
-                                if (fIsVMMR0)
-                                {
-                                    g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
-                                    LogRel(("SUP: VMMR0EntryEx located at %RKv and VMMR0EntryFast at %RKv\n", (RTR0PTR)VMMR0EntryEx, (RTR0PTR)VMMR0EntryFast));
-                                }
-#ifdef RT_OS_WINDOWS
-                                LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
-#endif
-
-                                RTMemTmpFree(pLoadReq);
-                                RTLdrClose(hLdrMod);
-                                return VINF_SUCCESS;
-                            }
-
-                            /*
-                             * Failed, bail out.
-                             */
-                            LogRel(("SUP: Loading failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-                            if (   pLoadReq->u.Out.uErrorMagic == SUPLDRLOAD_ERROR_MAGIC
-                                && pLoadReq->u.Out.szError[0] != '\0')
-                            {
-                                LogRel(("SUP: %s\n", pLoadReq->u.Out.szError));
-                                RTErrInfoSet(pErrInfo, rc, pLoadReq->u.Out.szError);
-                            }
-                            else
-                                RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_LOAD failed");
-                        }
-                        else
-                        {
-                            LogRel(("SUP: RTLdrEnumSymbols failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-                            RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #2 failed");
-                        }
-                    }
-                    else
-                    {
-                        LogRel(("SUP: Failed to get entry point '%s' for %s (%s) rc=%Rrc\n", pszEp, pszModule, pszFilename, rc));
-                        RTErrInfoSetF(pErrInfo, rc, "Failed to resolve entry point '%s'", pszEp);
-                    }
+                    rc = supLoadModuleInner(hLdrMod, pLoadReq, cbImageWithEverything, OpenReq.u.Out.pvImageBase, CalcArgs.cbImage,
+                                            pszModule, pszFilename, OpenReq.u.Out.fNativeLoader, fIsVMMR0, pszSrvReqHandler,
+                                            offSymTab, CalcArgs.cSymbols,
+                                            offStrTab, CalcArgs.cbStrings,
+                                            offSegTab, SegArgs.iSegs,
+                                            pErrInfo);
+                    RTMemTmpFree(pLoadReq);
                 }
                 else
                 {
-                    LogRel(("SUP: RTLdrGetBits failed for %s (%s). rc=%Rrc\n", pszModule, pszFilename, rc));
-                    if (!RTErrInfoIsSet(pErrInfo))
-                        RTErrInfoSetF(pErrInfo, rc, "RTLdrGetBits failed");
+                    AssertMsgFailed(("failed to allocated %u bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything)));
+                    rc = RTErrInfoSetF(pErrInfo, VERR_NO_TMP_MEMORY, "Failed to allocate %u bytes for the load request",
+                                       SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything));
                 }
-                RTMemTmpFree(pLoadReq);
             }
-            else
+            /*
+             * Already loaded?
+             */
+            else if (RT_SUCCESS(rc))
             {
-                AssertMsgFailed(("failed to allocated %u bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs)));
-                rc = VERR_NO_TMP_MEMORY;
-                RTErrInfoSetF(pErrInfo, rc, "Failed to allocate %u bytes for the load request", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
-            }
-        }
-        /*
-         * Already loaded?
-         */
-        else if (RT_SUCCESS(rc))
-        {
-            if (fIsVMMR0)
-                g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
-            LogRel(("SUP: Opened %s (%s) at %#RKv%s.\n", pszModule, pszFilename, OpenReq.u.Out.pvImageBase,
-                    OpenReq.u.Out.fNativeLoader ? " loaded by the native ring-0 loader" : ""));
+                if (fIsVMMR0)
+                    g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
+                LogRel(("SUP: Opened %s (%s) at %#RKv%s.\n", pszModule, pszFilename, OpenReq.u.Out.pvImageBase,
+                        OpenReq.u.Out.fNativeLoader ? " loaded by the native ring-0 loader" : ""));
 #ifdef RT_OS_WINDOWS
-            LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
+                LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
 #endif
+            }
+            /*
+             * No, failed.
+             */
+            else
+                RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_OPEN failed");
         }
-        /*
-         * No, failed.
-         */
-        else
-            RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_OPEN failed");
+        else if (!RTErrInfoIsSet(pErrInfo) && pErrInfo)
+            RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #1 failed");
     }
     else
         RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #1 failed");
Index: src/VBox/HostDrivers/Support/SUPDrvIOC.h
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrvIOC.h b/src/VBox/HostDrivers/Support/SUPDrvIOC.h
--- a/src/VBox/HostDrivers/Support/SUPDrvIOC.h	(revision 85506)
+++ b/src/VBox/HostDrivers/Support/SUPDrvIOC.h	(revision 85507)
@@ -220,9 +220,9 @@
  *  -# When increment the major number, execute all pending work.
  *
  * @todo Pending work on next major version change:
- *          - Move SUP_IOCTL_FAST_DO_NOP and SUP_VMMR0_DO_NEM_RUN after NEM.
+ *          - Nothing.
  */
-#define SUPDRV_IOC_VERSION                              0x002d0001
+#define SUPDRV_IOC_VERSION                              0x002e0000
 
 /** SUP_IOCTL_COOKIE. */
 typedef struct SUPCOOKIE
@@ -314,8 +314,8 @@
     {
         struct
         {
-            /** Size of the image we'll be loading (including tables). */
-            uint32_t        cbImageWithTabs;
+            /** Size of the image we'll be loading (including all tables). */
+            uint32_t        cbImageWithEverything;
             /** The size of the image bits. (Less or equal to cbImageWithTabs.) */
             uint32_t        cbImageBits;
             /** Image name.
@@ -390,7 +390,30 @@
 /** Pointer to a const symbol table entry. */
 typedef SUPLDRSYM const *PCSUPLDRSYM;
 
+#define SUPLDR_PROT_READ    1   /**< Grant read access (RTMEM_PROT_READ). */
+#define SUPLDR_PROT_WRITE   2   /**< Grant write access (RTMEM_PROT_WRITE). */
+#define SUPLDR_PROT_EXEC    4   /**< Grant execute access (RTMEM_PROT_EXEC). */
+
 /**
+ * A segment table entry - chiefly for conveying memory protection.
+ */
+typedef struct SUPLDRSEG
+{
+    /** The RVA of the segment. */
+    uint32_t        off;
+    /** The size of the segment. */
+    uint32_t        cb : 28;
+    /** The segment protection (SUPLDR_PROT_XXX). */
+    uint32_t        fProt : 3;
+    /** MBZ. */
+    uint32_t        fUnused;
+} SUPLDRSEG;
+/** Pointer to a segment table entry. */
+typedef SUPLDRSEG *PSUPLDRSEG;
+/** Pointer to a const segment table entry. */
+typedef SUPLDRSEG const *PCSUPLDRSEG;
+
+/**
  * SUPLDRLOAD::u::In::EP type.
  */
 typedef enum SUPLDRLOADEP
@@ -443,7 +466,7 @@
             /** The size of the image bits (starting at offset 0 and
              * approaching offSymbols). */
             uint32_t        cbImageBits;
-            /** The offset of the symbol table. */
+            /** The offset of the symbol table (SUPLDRSYM array). */
             uint32_t        offSymbols;
             /** The number of entries in the symbol table. */
             uint32_t        cSymbols;
@@ -451,8 +474,12 @@
             uint32_t        offStrTab;
             /** Size of the string table. */
             uint32_t        cbStrTab;
+            /** Offset to the segment table (SUPLDRSEG array). */
+            uint32_t        offSegments;
+            /** Number of segments. */
+            uint32_t        cSegments;
             /** Size of image data in achImage. */
-            uint32_t        cbImageWithTabs;
+            uint32_t        cbImageWithEverything;
             /** The image data. */
             uint8_t         abImage[1];
         } In;
Index: src/VBox/HostDrivers/Support/SUPDrvInternal.h
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrvInternal.h b/src/VBox/HostDrivers/Support/SUPDrvInternal.h
--- a/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85506)
+++ b/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85507)
@@ -146,6 +146,13 @@
 #endif
 
 
+#if 0 /*def RT_OS_LINUX*/
+/** Use the RTR0MemObj API rather than the RTMemExecAlloc for the images.
+ * This is a good idea in general, but a necessity for @bugref{9801}. */
+# define SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
+#endif
+
+
 /**
  * OS debug print macro.
  */
@@ -326,15 +333,20 @@
     struct SUPDRVLDRIMAGE * volatile pNext;
     /** Pointer to the image. */
     void                           *pvImage;
+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
+    /** The memory object for the module allocation. */
+    RTR0MEMOBJ                      hMemObjImage;
+#else
     /** Pointer to the allocated image buffer.
      * pvImage is 32-byte aligned or it may governed by the native loader (this
      * member is NULL then). */
     void                           *pvImageAlloc;
+#endif
     /** Magic value (SUPDRVLDRIMAGE_MAGIC). */
     uint32_t                        uMagic;
     /** Size of the image including the tables. This is mainly for verification
      * of the load request. */
-    uint32_t                        cbImageWithTabs;
+    uint32_t                        cbImageWithEverything;
     /** Size of the image. */
     uint32_t                        cbImageBits;
     /** The number of entries in the symbol table. */
@@ -345,6 +357,10 @@
     char                           *pachStrTab;
     /** Size of the string table. */
     uint32_t                        cbStrTab;
+    /** Number of segments. */
+    uint32_t                        cSegments;
+    /** Segments (for memory protection). */
+    PSUPLDRSEG                      paSegments;
     /** Pointer to the optional module initialization callback. */
     PFNR0MODULEINIT                 pfnModuleInit;
     /** Pointer to the optional module termination callback. */
Index: src/VBox/HostDrivers/Support/SUPDrv.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrv.cpp b/src/VBox/HostDrivers/Support/SUPDrv.cpp
--- a/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85506)
+++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85507)
@@ -1732,11 +1732,10 @@
             /* validate */
             PSUPLDROPEN pReq = (PSUPLDROPEN)pReqHdr;
             REQ_CHECK_SIZES(SUP_IOCTL_LDR_OPEN);
-            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithTabs > 0);
-            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithTabs < 16*_1M);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithEverything > 0);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithEverything < 16*_1M);
             REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits > 0);
-            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits > 0);
-            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits < pReq->u.In.cbImageWithTabs);
+            REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits < pReq->u.In.cbImageWithEverything);
             REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.szName[0]);
             REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, RTStrEnd(pReq->u.In.szName, sizeof(pReq->u.In.szName)));
             REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, supdrvIsLdrModuleNameValid(pReq->u.In.szName));
@@ -1752,19 +1751,29 @@
             /* validate */
             PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr;
             REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= SUP_IOCTL_LDR_LOAD_SIZE_IN(32));
-            REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithTabs), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
-            REQ_CHECK_EXPR(SUP_IOCTL_LDR_LOAD, pReq->u.In.cSymbols <= 16384);
+            REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithEverything), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
             REQ_CHECK_EXPR_FMT(     !pReq->u.In.cSymbols
-                               ||   (   pReq->u.In.offSymbols < pReq->u.In.cbImageWithTabs
-                                     && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImageWithTabs),
-                               ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImageWithTabs=%#lx\n", (long)pReq->u.In.offSymbols,
-                                (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImageWithTabs));
+                               ||   (   pReq->u.In.cSymbols <= 16384
+                                     && pReq->u.In.offSymbols >= pReq->u.In.cbImageBits
+                                     && pReq->u.In.offSymbols < pReq->u.In.cbImageWithEverything
+                                     && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImageWithEverything),
+                               ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offSymbols,
+                                (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImageWithEverything));
             REQ_CHECK_EXPR_FMT(     !pReq->u.In.cbStrTab
-                               ||   (   pReq->u.In.offStrTab < pReq->u.In.cbImageWithTabs
-                                     && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithTabs
-                                     && pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithTabs),
-                               ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImageWithTabs=%#lx\n", (long)pReq->u.In.offStrTab,
-                                (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImageWithTabs));
+                               ||   (   pReq->u.In.offStrTab < pReq->u.In.cbImageWithEverything
+                                     && pReq->u.In.offStrTab >= pReq->u.In.cbImageBits
+                                     && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithEverything
+                                     && pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithEverything),
+                               ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offStrTab,
+                                (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImageWithEverything));
+            REQ_CHECK_EXPR_FMT(   pReq->u.In.cSegments >= 1
+                               && pReq->u.In.cSegments <= 128
+                               && pReq->u.In.cSegments <= pReq->u.In.cbImageBits / PAGE_SIZE
+                               && pReq->u.In.offSegments >= pReq->u.In.cbImageBits
+                               && pReq->u.In.offSegments < pReq->u.In.cbImageWithEverything
+                               && pReq->u.In.offSegments + pReq->u.In.cSegments * sizeof(SUPLDRSEG) <= pReq->u.In.cbImageWithEverything,
+                               ("SUP_IOCTL_LDR_LOAD: offSegments=%#lx cSegments=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offSegments,
+                                (long)pReq->u.In.cSegments, (long)pReq->u.In.cbImageWithEverything));
 
             if (pReq->u.In.cSymbols)
             {
@@ -1772,15 +1781,37 @@
                 PSUPLDRSYM paSyms = (PSUPLDRSYM)&pReq->u.In.abImage[pReq->u.In.offSymbols];
                 for (i = 0; i < pReq->u.In.cSymbols; i++)
                 {
-                    REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithTabs,
-                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithTabs));
+                    REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithEverything,
+                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithEverything));
                     REQ_CHECK_EXPR_FMT(paSyms[i].offName < pReq->u.In.cbStrTab,
-                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithTabs));
+                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything));
                     REQ_CHECK_EXPR_FMT(RTStrEnd((char const *)&pReq->u.In.abImage[pReq->u.In.offStrTab + paSyms[i].offName],
                                                 pReq->u.In.cbStrTab - paSyms[i].offName),
-                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithTabs));
+                                       ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything));
                 }
             }
+            {
+                uint32_t i;
+                uint32_t offPrevEnd = 0;
+                PSUPLDRSEG paSegs = (PSUPLDRSEG)&pReq->u.In.abImage[pReq->u.In.offSegments];
+                for (i = 0; i < pReq->u.In.cSegments; i++)
+                {
+                    REQ_CHECK_EXPR_FMT(paSegs[i].off < pReq->u.In.cbImageBits && !(paSegs[i].off & PAGE_OFFSET_MASK),
+                                       ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)pReq->u.In.cbImageBits));
+                    REQ_CHECK_EXPR_FMT(paSegs[i].cb <= pReq->u.In.cbImageBits,
+                                       ("SUP_IOCTL_LDR_LOAD: seg #%ld: cb %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].cb, (long)pReq->u.In.cbImageBits));
+                    REQ_CHECK_EXPR_FMT(paSegs[i].off + paSegs[i].cb <= pReq->u.In.cbImageBits,
+                                       ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx = %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb, (long)(paSegs[i].off + paSegs[i].cb), (long)pReq->u.In.cbImageBits));
+                    REQ_CHECK_EXPR_FMT(paSegs[i].fProt != 0,
+                                       ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb));
+                    REQ_CHECK_EXPR_FMT(paSegs[i].fUnused == 0, ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx\n", (long)i, (long)paSegs[i].off));
+                    REQ_CHECK_EXPR_FMT(offPrevEnd == paSegs[i].off,
+                                       ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx offPrevEnd %#lx\n", (long)i, (long)paSegs[i].off, (long)offPrevEnd));
+                    offPrevEnd = paSegs[i].off + paSegs[i].cb;
+                }
+                REQ_CHECK_EXPR_FMT(offPrevEnd == pReq->u.In.cbImageBits,
+                                   ("SUP_IOCTL_LDR_LOAD: offPrevEnd %#lx cbImageBits %#lx\n", (long)i, (long)offPrevEnd, (long)pReq->u.In.cbImageBits));
+            }
 
             /* execute */
             pReq->Hdr.rc = supdrvIOCtl_LdrLoad(pDevExt, pSession, pReq);
@@ -5023,7 +5054,7 @@
     size_t          cchName = strlen(pReq->u.In.szName); /* (caller checked < 32). */
     SUPDRV_CHECK_SMAP_SETUP();
     SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-    LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithTabs=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithTabs));
+    LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithEverything=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithEverything));
 
     /*
      * Check if we got an instance of the image already.
@@ -5037,7 +5068,8 @@
         {
             if (RT_LIKELY(pImage->cUsage < UINT32_MAX / 2U))
             {
-                /** @todo check cbImageBits and cbImageWithTabs here, if they differs that indicates that the images are different. */
+                /** @todo check cbImageBits and cbImageWithEverything here, if they differs
+                 *        that indicates that the images are different. */
                 pImage->cUsage++;
                 pReq->u.Out.pvImageBase   = pImage->pvImage;
                 pReq->u.Out.fNeedsLoading = pImage->uState == SUP_IOCTL_LDR_OPEN;
@@ -5080,13 +5112,19 @@
      */
     pImage = (PSUPDRVLDRIMAGE)pv;
     pImage->pvImage         = NULL;
+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
+    pImage->hMemObjImage    = NIL_RTR0MEMOBJ;
+#else
     pImage->pvImageAlloc    = NULL;
-    pImage->cbImageWithTabs = pReq->u.In.cbImageWithTabs;
+#endif
+    pImage->cbImageWithEverything = pReq->u.In.cbImageWithEverything;
     pImage->cbImageBits     = pReq->u.In.cbImageBits;
     pImage->cSymbols        = 0;
     pImage->paSymbols       = NULL;
     pImage->pachStrTab      = NULL;
     pImage->cbStrTab        = 0;
+    pImage->cSegments       = 0;
+    pImage->paSegments      = NULL;
     pImage->pfnModuleInit   = NULL;
     pImage->pfnModuleTerm   = NULL;
     pImage->pfnServiceReqHandler = NULL;
@@ -5104,10 +5142,19 @@
     rc = supdrvOSLdrOpen(pDevExt, pImage, pReq->u.In.szFilename);
     if (rc == VERR_NOT_SUPPORTED)
     {
+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
+        rc = RTR0MemObjAllocPage(&pImage->hMemObjImage, pImage->cbImageBits, true /*fExecutable*/);
+        if (RT_SUCCESS(rc))
+        {
+            pImage->pvImage = RTR0MemObjAddress(pImage->hMemObjImage);
+            pImage->fNative = false;
+        }
+#else
         pImage->pvImageAlloc = RTMemExecAlloc(pImage->cbImageBits + 31);
         pImage->pvImage     = RT_ALIGN_P(pImage->pvImageAlloc, 32);
         pImage->fNative     = false;
         rc = pImage->pvImageAlloc ? VINF_SUCCESS : VERR_NO_EXEC_MEMORY;
+#endif
         SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
     }
     if (RT_FAILURE(rc))
@@ -5140,41 +5187,83 @@
 
 
 /**
+ * Formats a load error message.
+ *
+ * @returns @a rc
+ * @param   rc                  Return code.
+ * @param   pReq                The request.
+ * @param   pszFormat           The error message format string.
+ * @param   ...                 Argument to the format string.
+ */
+int VBOXCALL supdrvLdrLoadError(int rc, PSUPLDRLOAD pReq, const char *pszFormat, ...)
+{
+    va_list va;
+    va_start(va, pszFormat);
+    pReq->u.Out.uErrorMagic = SUPLDRLOAD_ERROR_MAGIC;
+    RTStrPrintfV(pReq->u.Out.szError, sizeof(pReq->u.Out.szError), pszFormat, va);
+    va_end(va);
+    Log(("SUP_IOCTL_LDR_LOAD: %s [rc=%Rrc]\n", pReq->u.Out.szError, rc));
+    return rc;
+}
+
+
+/**
  * Worker that validates a pointer to an image entrypoint.
  *
+ * Calls supdrvLdrLoadError on error.
+ *
  * @returns IPRT status code.
  * @param   pDevExt         The device globals.
  * @param   pImage          The loader image.
  * @param   pv              The pointer into the image.
  * @param   fMayBeNull      Whether it may be NULL.
- * @param   fCheckNative    Whether to check with the native loaders.
- * @param   pszSymbol       The entrypoint name or log name.  If the symbol
+ * @param   pszSymbol       The entrypoint name or log name.  If the symbol is
  *                          capitalized it signifies a specific symbol, otherwise it
  *                          for logging.
  * @param   pbImageBits     The image bits prepared by ring-3.
+ * @param   pReq            The request for passing to supdrvLdrLoadError.
  *
- * @remarks Will leave the lock on failure.
+ * @note    Will leave the loader lock on failure!
  */
 static int supdrvLdrValidatePointer(PSUPDRVDEVEXT pDevExt, PSUPDRVLDRIMAGE pImage, void *pv, bool fMayBeNull,
-                                    bool fCheckNative, const uint8_t *pbImageBits, const char *pszSymbol)
+                                    const uint8_t *pbImageBits, const char *pszSymbol, PSUPLDRLOAD pReq)
 {
     if (!fMayBeNull || pv)
     {
-        if ((uintptr_t)pv - (uintptr_t)pImage->pvImage >= pImage->cbImageBits)
+        uint32_t iSeg;
+
+        /* Must be within the image bits: */
+        uintptr_t const uRva = (uintptr_t)pv - (uintptr_t)pImage->pvImage;
+        if (uRva >= pImage->cbImageBits)
         {
             supdrvLdrUnlock(pDevExt);
-            Log(("Out of range (%p LB %#x): %s=%p\n", pImage->pvImage, pImage->cbImageBits, pszSymbol, pv));
-            return VERR_INVALID_PARAMETER;
+            return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
+                                      "Invalid entry point address %p given for %s: RVA %#zx, image size %#zx",
+                                      pv, pszSymbol, uRva, pImage->cbImageBits);
         }
 
-        if (pImage->fNative && fCheckNative)
+        /* Must be in an executable segment: */
+        for (iSeg = 0; iSeg < pImage->cSegments; iSeg++)
+            if (uRva - pImage->paSegments[iSeg].off < (uintptr_t)pImage->paSegments[iSeg].cb)
+            {
+                if (pImage->paSegments[iSeg].fProt & SUPLDR_PROT_EXEC)
+                    break;
+                supdrvLdrUnlock(pDevExt);
+                return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
+                                          "Bad entry point %p given for %s: not executable (seg #%u: %#RX32 LB %#RX32 prot %#x)",
+                                          pv, pszSymbol, iSeg, pImage->paSegments[iSeg].off, pImage->paSegments[iSeg].cb,
+                                          pImage->paSegments[iSeg].fProt);
+            }
+
+        if (pImage->fNative)
         {
+            /** @todo pass pReq along to the native code.   */
             int rc = supdrvOSLdrValidatePointer(pDevExt, pImage, pv, pbImageBits, pszSymbol);
             if (RT_FAILURE(rc))
             {
                 supdrvLdrUnlock(pDevExt);
-                Log(("Bad entry point address: %s=%p (rc=%Rrc)\n", pszSymbol, pv, rc));
-                return rc;
+                return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
+                                          "Bad entry point address %p for %s: rc=%Rrc\n", pv, pszSymbol, rc);
             }
         }
     }
@@ -5183,27 +5272,6 @@
 
 
 /**
- * Formats a load error message.
- *
- * @returns @a rc
- * @param   rc                  Return code.
- * @param   pReq                The request.
- * @param   pszFormat           The error message format string.
- * @param   ...                 Argument to the format string.
- */
-int VBOXCALL supdrvLdrLoadError(int rc, PSUPLDRLOAD pReq, const char *pszFormat, ...)
-{
-    va_list va;
-    va_start(va, pszFormat);
-    pReq->u.Out.uErrorMagic = SUPLDRLOAD_ERROR_MAGIC;
-    RTStrPrintfV(pReq->u.Out.szError, sizeof(pReq->u.Out.szError), pszFormat, va);
-    va_end(va);
-    Log(("SUP_IOCTL_LDR_LOAD: %s [rc=%Rrc]\n", pReq->u.Out.szError, rc));
-    return rc;
-}
-
-
-/**
  * Loads the image bits.
  *
  * This is the 2nd step of the loading.
@@ -5219,7 +5287,7 @@
     PSUPDRVLDRIMAGE pImage;
     int             rc;
     SUPDRV_CHECK_SMAP_SETUP();
-    LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithBits=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithTabs));
+    LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithEverything=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithEverything));
     SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
 
     /*
@@ -5241,12 +5309,12 @@
     /*
      * Validate input.
      */
-    if (   pImage->cbImageWithTabs != pReq->u.In.cbImageWithTabs
-        || pImage->cbImageBits     != pReq->u.In.cbImageBits)
+    if (   pImage->cbImageWithEverything != pReq->u.In.cbImageWithEverything
+        || pImage->cbImageBits           != pReq->u.In.cbImageBits)
     {
         supdrvLdrUnlock(pDevExt);
-        return supdrvLdrLoadError(VERR_INVALID_HANDLE, pReq, "Image size mismatch found: %d(prep) != %d(load) or %d != %d",
-                                  pImage->cbImageWithTabs, pReq->u.In.cbImageWithTabs, pImage->cbImageBits, pReq->u.In.cbImageBits);
+        return supdrvLdrLoadError(VERR_INVALID_HANDLE, pReq, "Image size mismatch found: %u(prep) != %u(load) or %u != %u",
+                                  pImage->cbImageWithEverything, pReq->u.In.cbImageWithEverything, pImage->cbImageBits, pReq->u.In.cbImageBits);
     }
 
     if (pImage->uState != SUP_IOCTL_LDR_OPEN)
@@ -5272,29 +5340,30 @@
             break;
 
         case SUPLDRLOADEP_VMMR0:
-            rc = supdrvLdrValidatePointer(    pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0,          false, false, pReq->u.In.abImage, "pvVMMR0");
-            if (RT_SUCCESS(rc))
-                rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false,  true, pReq->u.In.abImage, "VMMR0EntryFast");
-            if (RT_SUCCESS(rc))
-                rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx,   false,  true, pReq->u.In.abImage, "VMMR0EntryEx");
+            if (pReq->u.In.EP.VMMR0.pvVMMR0 != pImage->pvImage)
+            {
+                supdrvLdrUnlock(pDevExt);
+                return supdrvLdrLoadError(rc, pReq, "Invalid pvVMMR0 pointer: %p, expected %p", pReq->u.In.EP.VMMR0.pvVMMR0, pImage->pvImage);
+            }
+            rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false, pReq->u.In.abImage, "VMMR0EntryFast", pReq);
             if (RT_FAILURE(rc))
-                return supdrvLdrLoadError(rc, pReq, "Invalid VMMR0 pointer");
+                return rc;
+            rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx,   false, pReq->u.In.abImage, "VMMR0EntryEx", pReq);
+            if (RT_FAILURE(rc))
+                return rc;
             break;
 
         case SUPLDRLOADEP_SERVICE:
-            rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.Service.pfnServiceReq, false,  true, pReq->u.In.abImage, "pfnServiceReq");
+            rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.Service.pfnServiceReq, false, pReq->u.In.abImage, "pfnServiceReq", pReq);
             if (RT_FAILURE(rc))
-                return supdrvLdrLoadError(rc, pReq, "Invalid pfnServiceReq pointer: %p", pReq->u.In.EP.Service.pfnServiceReq);
+                return rc;
             if (    pReq->u.In.EP.Service.apvReserved[0] != NIL_RTR0PTR
                 ||  pReq->u.In.EP.Service.apvReserved[1] != NIL_RTR0PTR
                 ||  pReq->u.In.EP.Service.apvReserved[2] != NIL_RTR0PTR)
             {
                 supdrvLdrUnlock(pDevExt);
-                return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
-                                          "Out of range (%p LB %#x): apvReserved={%p,%p,%p} MBZ!",
-                                          pImage->pvImage, pReq->u.In.cbImageWithTabs,
-                                          pReq->u.In.EP.Service.apvReserved[0],
-                                          pReq->u.In.EP.Service.apvReserved[1],
+                return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "apvReserved={%p,%p,%p} MBZ!",
+                                          pReq->u.In.EP.Service.apvReserved[0], pReq->u.In.EP.Service.apvReserved[1],
                                           pReq->u.In.EP.Service.apvReserved[2]);
             }
             break;
@@ -5304,12 +5373,12 @@
             return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "Invalid eEPType=%d", pReq->u.In.eEPType);
     }
 
-    rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleInit, true, true, pReq->u.In.abImage, "ModuleInit");
+    rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleInit, true, pReq->u.In.abImage, "ModuleInit", pReq);
     if (RT_FAILURE(rc))
-        return supdrvLdrLoadError(rc, pReq, "Invalid pfnModuleInit pointer: %p", pReq->u.In.pfnModuleInit);
-    rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleTerm, true, true, pReq->u.In.abImage, "ModuleTerm");
+        return rc;
+    rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleTerm, true, pReq->u.In.abImage, "ModuleTerm", pReq);
     if (RT_FAILURE(rc))
-        return supdrvLdrLoadError(rc, pReq, "Invalid pfnModuleTerm pointer: %p", pReq->u.In.pfnModuleTerm);
+        return rc;
     SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
 
     /*
@@ -5321,10 +5390,8 @@
         pImage->cbStrTab = pReq->u.In.cbStrTab;
         if (pImage->cbStrTab)
         {
-            pImage->pachStrTab = (char *)RTMemAlloc(pImage->cbStrTab);
-            if (pImage->pachStrTab)
-                memcpy(pImage->pachStrTab, &pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab);
-            else
+            pImage->pachStrTab = (char *)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab);
+            if (!pImage->pachStrTab)
                 rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for string table: %#x", pImage->cbStrTab);
             SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
         }
@@ -5333,17 +5400,27 @@
         if (RT_SUCCESS(rc) && pImage->cSymbols)
         {
             size_t  cbSymbols = pImage->cSymbols * sizeof(SUPLDRSYM);
-            pImage->paSymbols = (PSUPLDRSYM)RTMemAlloc(cbSymbols);
-            if (pImage->paSymbols)
-                memcpy(pImage->paSymbols, &pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols);
-            else
+            pImage->paSymbols = (PSUPLDRSYM)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols);
+            if (!pImage->paSymbols)
                 rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for symbol table: %#x", cbSymbols);
             SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
         }
+
+        pImage->cSegments = pReq->u.In.cSegments;
+        if (RT_SUCCESS(rc))
+        {
+            size_t  cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
+            pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
+            if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
+                pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
+            else
+                rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
+            SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+        }
     }
 
     /*
-     * Copy the bits / complete native loading.
+     * Copy the bits and apply permissions / complete native loading.
      */
     if (RT_SUCCESS(rc))
     {
@@ -5355,7 +5432,26 @@
             rc = supdrvOSLdrLoad(pDevExt, pImage, pReq->u.In.abImage, pReq);
         else
         {
+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
+            uint32_t i;
             memcpy(pImage->pvImage, &pReq->u.In.abImage[0], pImage->cbImageBits);
+
+            for (i = 0; i < pImage->cSegments; i++)
+            {
+                rc = RTR0MemObjProtect(pImage->hMemObjImage, pImage->paSegments[i].off, pImage->paSegments[i].cb,
+                                       pImage->paSegments[i].fProt);
+                if (RT_SUCCESS(rc))
+                    continue;
+                if (rc == VERR_NOT_SUPPORTED)
+                    rc = VINF_SUCCESS;
+                else
+                    rc = supdrvLdrLoadError(rc, pReq, "RTR0MemObjProtect failed on seg#%u %#RX32 LB %#RX32 fProt=%#x",
+                                            i, pImage->paSegments[i].off, pImage->paSegments[i].cb, pImage->paSegments[i].fProt);
+                break;
+            }
+#else
+            memcpy(pImage->pvImage, &pReq->u.In.abImage[0], pImage->cbImageBits);
+#endif
             Log(("vboxdrv: Loaded '%s' at %p\n", pImage->szName, pImage->pvImage));
         }
         SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
@@ -5950,12 +6046,20 @@
     pImage->pDevExt = NULL;
     pImage->pNext   = NULL;
     pImage->uState  = SUP_IOCTL_LDR_FREE;
+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
+    RTR0MemObjFree(pImage->hMemObjImage, true /*fMappings*/);
+    pImage->hMemObjImage = NIL_RTR0MEMOBJ;
+#else
     RTMemExecFree(pImage->pvImageAlloc, pImage->cbImageBits + 31);
     pImage->pvImageAlloc = NULL;
+#endif
+    pImage->pvImage = NULL;
     RTMemFree(pImage->pachStrTab);
     pImage->pachStrTab = NULL;
     RTMemFree(pImage->paSymbols);
     pImage->paSymbols = NULL;
+    RTMemFree(pImage->paSegments);
+    pImage->paSegments = NULL;
     RTMemFree(pImage);
 }
 
Index: include/VBox/sup.h
===================================================================
diff --git a/include/VBox/sup.h b/include/VBox/sup.h
--- a/include/VBox/sup.h	(revision 85508)
+++ b/include/VBox/sup.h	(revision 85509)
@@ -1555,6 +1555,7 @@
  *
  * @returns VBox status code.
  * @deprecated  Use SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase)
+ * @param   pszFilename     Full path to the VMMR0.r0 file (silly).
  * @param   pErrInfo        Where to return extended error information.
  *                          Optional.
  */
Index: src/VBox/HostDrivers/Support/SUPDrv.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrv.cpp b/src/VBox/HostDrivers/Support/SUPDrv.cpp
--- a/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85509)
+++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85510)
@@ -5343,7 +5343,7 @@
             if (pReq->u.In.EP.VMMR0.pvVMMR0 != pImage->pvImage)
             {
                 supdrvLdrUnlock(pDevExt);
-                return supdrvLdrLoadError(rc, pReq, "Invalid pvVMMR0 pointer: %p, expected %p", pReq->u.In.EP.VMMR0.pvVMMR0, pImage->pvImage);
+                return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "Invalid pvVMMR0 pointer: %p, expected %p", pReq->u.In.EP.VMMR0.pvVMMR0, pImage->pvImage);
             }
             rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false, pReq->u.In.abImage, "VMMR0EntryFast", pReq);
             if (RT_FAILURE(rc))
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85510)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85511)
@@ -593,7 +593,8 @@
         LogRel(("SUP: RTLdrEnumSegments failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
         return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #2 failed");
     }
-    SegArgs.uEndRva = cbImage;
+    SegArgs.uEndRva = (uint32_t)cbImage;
+    AssertReturn(SegArgs.uEndRva == cbImage, VERR_OUT_OF_RANGE);
     if (SegArgs.uEndRva > SegArgs.uStartRva)
     {
         SegArgs.paSegs[SegArgs.iSegs].off   = SegArgs.uStartRva;
@@ -758,7 +759,7 @@
         if (RT_SUCCESS(rc))
         {
             Assert(SegArgs.uEndRva <= RTLdrSize(hLdrMod));
-            SegArgs.uEndRva = RTLdrSize(hLdrMod);
+            SegArgs.uEndRva = (uint32_t)CalcArgs.cbImage; /* overflow is checked later */
             if (SegArgs.uEndRva > SegArgs.uStartRva)
                 SegArgs.iSegs++;
 
Index: src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85513)
+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85514)
@@ -52,6 +52,13 @@
 # define PAGE_READONLY_EXEC PAGE_READONLY
 #endif
 
+/** @def IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
+ * Whether we use alloc_vm_area (3.2+) for executable memory.
+ * This is a must for 5.8+, but we'll enable it for earlier kernels later. */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) || defined(DOXYGEN_RUNNING)
+# define IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
+#endif
+
 /*
  * 2.6.29+ kernels don't work with remap_pfn_range() anymore because
  * track_pfn_vma_new() is apparently not defined for non-RAM pages.
@@ -105,7 +112,7 @@
     bool                fExecutable;
     /** Set if we've vmap'ed the memory into ring-0. */
     bool                fMappedToRing0;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+#ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
     /** Return from alloc_vm_area() that we now need to use for executable
      *  memory. */
     struct vm_struct   *pArea;
@@ -544,7 +551,7 @@
             pgprot_val(fPg) |= _PAGE_NX;
 # endif
 
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
         if (fExecutable)
         {
             pte_t **papPtes = (pte_t **)kmalloc_array(pMemLnx->cPages, sizeof(papPtes[0]), GFP_KERNEL);
@@ -612,7 +619,7 @@
 static void rtR0MemObjLinuxVUnmap(PRTR0MEMOBJLNX pMemLnx)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 4, 22)
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
     if (pMemLnx->pArea)
     {
 #  if 0
@@ -1828,7 +1835,7 @@
 
 DECLHIDDEN(int) rtR0MemObjNativeProtect(PRTR0MEMOBJINTERNAL pMem, size_t offSub, size_t cbSub, uint32_t fProt)
 {
-# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
     /*
      * Currently only supported when we've got addresses PTEs from the kernel.
      */
Index: src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85515)
+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c	(revision 85516)
@@ -54,8 +54,9 @@
 
 /** @def IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
  * Whether we use alloc_vm_area (3.2+) for executable memory.
- * This is a must for 5.8+, but we'll enable it for earlier kernels later. */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) || defined(DOXYGEN_RUNNING)
+ * This is a must for 5.8+, but we enable it all the way back to 3.2.x for
+ * better W^R compliance (fExecutable flag). */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0) || defined(DOXYGEN_RUNNING)
 # define IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
 #endif
 
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85516)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85517)
@@ -497,7 +497,7 @@
 }
 
 
-/** 
+/**
  * Worker for supLoadModule().
  */
 static int supLoadModuleInner(RTLDRMOD hLdrMod, PSUPLDRLOAD pLoadReq, uint32_t cbImageWithEverything,
Index: src/VBox/Runtime/r0drv/linux/the-linux-kernel.h
===================================================================
diff --git a/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h b/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h
--- a/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h	(revision 85517)
+++ b/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h	(revision 85518)
@@ -176,6 +176,11 @@
 # include <asm/set_memory.h>
 #endif
 
+/* for __flush_tlb_all() */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && (defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86))
+# include <asm/tlbflush.h>
+#endif
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)
 # include <asm/smap.h>
 #else
Index: src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
===================================================================
diff --git a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
--- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85524)
+++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85525)
@@ -133,6 +133,8 @@
     /** Base section number, either 1 or zero depending on whether we've
      *  re-used the NULL entry for .elf.headers in ET_EXEC/ET_DYN. */
     unsigned                iFirstSect;
+    /** Set if the SHF_ALLOC section headers are in order of sh_addr. */
+    bool                    fShdrInOrder;
     /** The size of the loaded image. */
     size_t                  cbImage;
 
@@ -1376,6 +1378,45 @@
     return NULL;
 }
 
+/**
+ * Helper that locates the next allocated section logically by RVA (sh_addr).
+ *
+ * @returns Pointer to the section header if found, NULL if none.
+ * @param   pModElf The module instance.
+ * @param   iCur    The current section header.
+ */
+static const Elf_Shdr *RTLDRELF_NAME(GetNextAllocatedSection)(PRTLDRMODELF pModElf, unsigned iCur)
+{
+    unsigned const          cShdrs  = pModElf->Ehdr.e_shnum;
+    const Elf_Shdr * const  paShdrs = pModElf->paShdrs;
+    if (pModElf->fShdrInOrder)
+    {
+        for (; iCur < cShdrs; iCur++)
+            if (paShdrs[iCur].sh_flags & SHF_ALLOC)
+                return &paShdrs[iCur];
+    }
+    else
+    {
+        Elf_Addr const uEndCur = paShdrs[iCur].sh_addr + paShdrs[iCur].sh_size;
+        Elf_Addr       offBest = ~(Elf_Addr)0;
+        unsigned       iBest   = cShdrs;
+        for (iCur = pModElf->iFirstSect; iCur < cShdrs; iCur++)
+            if (paShdrs[iCur].sh_flags & SHF_ALLOC)
+            {
+                Elf_Addr const offDelta = paShdrs[iCur].sh_addr - uEndCur;
+                if (   offDelta < offBest
+                    && paShdrs[iCur].sh_addr >= uEndCur)
+                {
+                    offBest = offDelta;
+                    iBest = iCur;
+                }
+            }
+        if (iBest < cShdrs)
+            return &paShdrs[iBest];
+    }
+    return NULL;
+}
+
 /** @copydoc RTLDROPS::pfnEnumSegments. */
 static DECLCALLBACK(int) RTLDRELF_NAME(EnumSegments)(PRTLDRMODINTERNAL pMod, PFNRTLDRENUMSEGS pfnCallback, void *pvUser)
 {
@@ -1427,14 +1468,11 @@
         {
             Seg.LinkAddress = paOrgShdrs[iShdr].sh_addr;
             Seg.RVA         = paShdrs[iShdr].sh_addr;
-            const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&paShdrs[iShdr + 1],
-                                                                             pModElf->Ehdr.e_shnum - iShdr - 1);
-            if (   pShdr2
-                && pShdr2->sh_addr >= paShdrs[iShdr].sh_addr
-                && Seg.RVA >= uPrevMappedRva)
+            const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetNextAllocatedSection)(pModElf, iShdr);
+            if (pShdr2)
                 Seg.cbMapped = pShdr2->sh_addr - paShdrs[iShdr].sh_addr;
             else
-                Seg.cbMapped = RT_MAX(paShdrs[iShdr].sh_size, paShdrs[iShdr].sh_addralign);
+                Seg.cbMapped = pModElf->cbImage - paShdrs[iShdr].sh_addr;
             uPrevMappedRva = Seg.RVA;
         }
         else
@@ -2837,6 +2875,7 @@
     //pModElf->Dyn.cbStr    = 0;
     //pModElf->Dyn.pStr     = NULL;
     //pModElf->iFirstSect   = 0;
+    //pModElf->fShdrInOrder = false;
     //pModElf->cbImage      = 0;
     pModElf->LinkAddress    = ~(Elf_Addr)0;
     //pModElf->cbShStr      = 0;
@@ -2939,9 +2978,27 @@
                     }
                 }
 
-                Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR "\n",
+                /*
+                 * Check if the sections are in order by address, as that will simplify
+                 * enumeration and address translation.
+                 */
+                pModElf->fShdrInOrder = true;
+                Elf_Addr uEndAddr = 0;
+                for (unsigned i = pModElf->iFirstSect; i < pModElf->Ehdr.e_shnum; i++)
+                    if (paShdrs[i].sh_flags & SHF_ALLOC)
+                    {
+                        if (uEndAddr <= paShdrs[i].sh_addr)
+                            uEndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
+                        else
+                        {
+                            pModElf->fShdrInOrder = false;
+                            break;
+                        }
+                    }
+
+                Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR " fShdrInOrder=%RTbool\n",
                       pModElf->Rel.iSymSh, pModElf->Rel.cSyms, pModElf->Rel.iStrSh, pModElf->Rel.cbStr, rc,
-                      pModElf->cbImage, pModElf->LinkAddress));
+                      pModElf->cbImage, pModElf->LinkAddress, pModElf->fShdrInOrder));
                 if (RT_SUCCESS(rc))
                 {
                     pModElf->Core.pOps      = &RTLDRELF_MID(s_rtldrElf,Ops);
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85524)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85525)
@@ -373,8 +373,8 @@
     uint32_t cbMapped = (uint32_t)pSeg->cbMapped;
     AssertReturn(pSeg->RVA      < _1G, VERR_INTERNAL_ERROR_3);
     uint32_t uRvaSeg  = (uint32_t)pSeg->RVA;
-    Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr prot %#x %s\n",
-          pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->fProt, pSeg->pszName));
+    Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr/%RTptr prot %#x %s\n",
+          pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->cb, pSeg->fProt, pSeg->pszName));
 
     /*
      * If the protection is the same as the previous segment,
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85525)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85526)
@@ -450,9 +450,10 @@
                 if (pArgs->paSegs)
                 {
                     AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
-                    pArgs->paSegs[pArgs->iSegs].off   = pArgs->uStartRva;
-                    pArgs->paSegs[pArgs->iSegs].cb    = pArgs->uEndRva - pArgs->uStartRva;
-                    pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
+                    pArgs->paSegs[pArgs->iSegs].off     = pArgs->uStartRva;
+                    pArgs->paSegs[pArgs->iSegs].cb      = pArgs->uEndRva - pArgs->uStartRva;
+                    pArgs->paSegs[pArgs->iSegs].fProt   = pArgs->fProt;
+                    pArgs->paSegs[pArgs->iSegs].fUnused = 0;
                 }
                 pArgs->iSegs++;
                 pArgs->uStartRva = pArgs->uEndRva;
@@ -480,9 +481,10 @@
         if (pArgs->paSegs)
         {
             AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
-            pArgs->paSegs[pArgs->iSegs].off   = pArgs->uStartRva;
-            pArgs->paSegs[pArgs->iSegs].cb    = pArgs->uEndRva - pArgs->uStartRva;
-            pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
+            pArgs->paSegs[pArgs->iSegs].off     = pArgs->uStartRva;
+            pArgs->paSegs[pArgs->iSegs].cb      = pArgs->uEndRva - pArgs->uStartRva;
+            pArgs->paSegs[pArgs->iSegs].fProt   = pArgs->fProt;
+            pArgs->paSegs[pArgs->iSegs].fUnused = 0;
         }
         pArgs->iSegs++;
     }
@@ -597,9 +599,10 @@
     AssertReturn(SegArgs.uEndRva == cbImage, VERR_OUT_OF_RANGE);
     if (SegArgs.uEndRva > SegArgs.uStartRva)
     {
-        SegArgs.paSegs[SegArgs.iSegs].off   = SegArgs.uStartRva;
-        SegArgs.paSegs[SegArgs.iSegs].cb    = SegArgs.uEndRva - SegArgs.uStartRva;
-        SegArgs.paSegs[SegArgs.iSegs].fProt = SegArgs.fProt;
+        SegArgs.paSegs[SegArgs.iSegs].off     = SegArgs.uStartRva;
+        SegArgs.paSegs[SegArgs.iSegs].cb      = SegArgs.uEndRva - SegArgs.uStartRva;
+        SegArgs.paSegs[SegArgs.iSegs].fProt   = SegArgs.fProt;
+        SegArgs.paSegs[SegArgs.iSegs].fUnused = 0;
         SegArgs.iSegs++;
     }
     for (uint32_t i = 0; i < SegArgs.iSegs; i++)
Index: src/VBox/HostDrivers/Support/SUPDrv.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrv.cpp b/src/VBox/HostDrivers/Support/SUPDrv.cpp
--- a/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85526)
+++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85527)
@@ -1804,7 +1804,7 @@
                                        ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx = %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb, (long)(paSegs[i].off + paSegs[i].cb), (long)pReq->u.In.cbImageBits));
                     REQ_CHECK_EXPR_FMT(paSegs[i].fProt != 0,
                                        ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb));
-                    REQ_CHECK_EXPR_FMT(paSegs[i].fUnused == 0, ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx\n", (long)i, (long)paSegs[i].off));
+                    REQ_CHECK_EXPR_FMT(paSegs[i].fUnused == 0, ("SUP_IOCTL_LDR_LOAD: seg #%ld: fUnused=1\n", (long)i));
                     REQ_CHECK_EXPR_FMT(offPrevEnd == paSegs[i].off,
                                        ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx offPrevEnd %#lx\n", (long)i, (long)paSegs[i].off, (long)offPrevEnd));
                     offPrevEnd = paSegs[i].off + paSegs[i].cb;
Index: Config.kmk
===================================================================
diff --git a/Config.kmk b/Config.kmk
--- a/Config.kmk	(revision 85532)
+++ b/Config.kmk	(revision 85533)
@@ -4651,7 +4651,7 @@
  ## @todo WTF doesn't the globals work? Debug info is supposed to be split everywhere. GRR
  TEMPLATE_VBoxR0_LD_DEBUG           = split
  endif
- if 0 #1of ($(KBUILD_TARGET), linux)
+ if1of ($(KBUILD_TARGET), linux)
 VBOX_WITH_VBOXR0_AS_DLL = 1
 TEMPLATE_VBoxR0_DLLSUFF             = .r0
 TEMPLATE_VBoxR0_CFLAGS             += -fPIC
Index: src/VBox/HostDrivers/Support/SUPDrvInternal.h
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrvInternal.h b/src/VBox/HostDrivers/Support/SUPDrvInternal.h
--- a/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85532)
+++ b/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85533)
@@ -145,8 +145,7 @@
 # define SUPDRV_USE_MUTEX_FOR_GIP
 #endif
 
-
-#if 0 /*def RT_OS_LINUX*/
+#if defined(RT_OS_LINUX) /** @todo make everyone do this */
 /** Use the RTR0MemObj API rather than the RTMemExecAlloc for the images.
  * This is a good idea in general, but a necessity for @bugref{9801}. */
 # define SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
Index: src/VBox/HostDrivers/Support/SUPDrvInternal.h
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrvInternal.h b/src/VBox/HostDrivers/Support/SUPDrvInternal.h
--- a/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85533)
+++ b/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85534)
@@ -145,7 +145,7 @@
 # define SUPDRV_USE_MUTEX_FOR_GIP
 #endif
 
-#if defined(RT_OS_LINUX) /** @todo make everyone do this */
+#if 0 /*defined(RT_OS_LINUX)*/ /** @todo make everyone do this */
 /** Use the RTR0MemObj API rather than the RTMemExecAlloc for the images.
  * This is a good idea in general, but a necessity for @bugref{9801}. */
 # define SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
Index: src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
===================================================================
diff --git a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
--- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85539)
+++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85540)
@@ -1361,54 +1361,38 @@
 
 
 /**
- * Helper that locates the first allocated section.
+ * Locate the next allocated section by RVA (sh_addr).
  *
- * @returns Pointer to the section header if found, NULL if none.
- * @param   pShdr   The section header to start searching at.
- * @param   cLeft   The number of section headers left to search. Can be 0.
- */
-static const Elf_Shdr *RTLDRELF_NAME(GetFirstAllocatedSection)(const Elf_Shdr *pShdr, unsigned cLeft)
-{
-    while (cLeft-- > 0)
-    {
-        if (pShdr->sh_flags & SHF_ALLOC)
-            return pShdr;
-        pShdr++;
-    }
-    return NULL;
-}
-
-/**
- * Helper that locates the next allocated section logically by RVA (sh_addr).
+ * This is a helper for EnumSegments and SegOffsetToRva.
  *
  * @returns Pointer to the section header if found, NULL if none.
- * @param   pModElf The module instance.
- * @param   iCur    The current section header.
+ * @param   pModElf     The module instance.
+ * @param   iShdrCur    The current section header.
  */
-static const Elf_Shdr *RTLDRELF_NAME(GetNextAllocatedSection)(PRTLDRMODELF pModElf, unsigned iCur)
+static const Elf_Shdr *RTLDRELF_NAME(GetNextAllocatedSection)(PRTLDRMODELF pModElf, unsigned iShdrCur)
 {
     unsigned const          cShdrs  = pModElf->Ehdr.e_shnum;
     const Elf_Shdr * const  paShdrs = pModElf->paShdrs;
     if (pModElf->fShdrInOrder)
     {
-        for (; iCur < cShdrs; iCur++)
-            if (paShdrs[iCur].sh_flags & SHF_ALLOC)
-                return &paShdrs[iCur];
+        for (unsigned iShdr = iShdrCur + 1; iShdr < cShdrs; iShdr++)
+            if (paShdrs[iShdr].sh_flags & SHF_ALLOC)
+                return &paShdrs[iShdr];
     }
     else
     {
-        Elf_Addr const uEndCur = paShdrs[iCur].sh_addr + paShdrs[iCur].sh_size;
+        Elf_Addr const uEndCur = paShdrs[iShdrCur].sh_addr + paShdrs[iShdrCur].sh_size;
         Elf_Addr       offBest = ~(Elf_Addr)0;
         unsigned       iBest   = cShdrs;
-        for (iCur = pModElf->iFirstSect; iCur < cShdrs; iCur++)
-            if (paShdrs[iCur].sh_flags & SHF_ALLOC)
+        for (unsigned iShdr = pModElf->iFirstSect; iShdr < cShdrs; iShdr++)
+            if ((paShdrs[iShdr].sh_flags & SHF_ALLOC) && iShdr != iShdrCur)
             {
-                Elf_Addr const offDelta = paShdrs[iCur].sh_addr - uEndCur;
+                Elf_Addr const offDelta = paShdrs[iShdr].sh_addr - uEndCur;
                 if (   offDelta < offBest
-                    && paShdrs[iCur].sh_addr >= uEndCur)
+                    && paShdrs[iShdr].sh_addr >= uEndCur)
                 {
                     offBest = offDelta;
-                    iBest = iCur;
+                    iBest   = iShdr;
                 }
             }
         if (iBest < cShdrs)
@@ -1417,6 +1401,7 @@
     return NULL;
 }
 
+
 /** @copydoc RTLDROPS::pfnEnumSegments. */
 static DECLCALLBACK(int) RTLDRELF_NAME(EnumSegments)(PRTLDRMODINTERNAL pMod, PFNRTLDRENUMSEGS pfnCallback, void *pvUser)
 {
@@ -1562,8 +1547,7 @@
     iSeg += pModElf->iFirstSect; /* skip section 0 if not used */
     if (offSeg > pModElf->paShdrs[iSeg].sh_size)
     {
-        const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&pModElf->paShdrs[iSeg + 1],
-                                                                         pModElf->Ehdr.e_shnum - iSeg - 1);
+        const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetNextAllocatedSection)(pModElf, iSeg);
         if (   !pShdr2
             || offSeg > (pShdr2->sh_addr - pModElf->paShdrs[iSeg].sh_addr))
             return VERR_LDR_INVALID_SEG_OFFSET;
Index: src/VBox/Runtime/testcase/tstLdr-4.cpp
===================================================================
diff --git a/src/VBox/Runtime/testcase/tstLdr-4.cpp b/src/VBox/Runtime/testcase/tstLdr-4.cpp
--- a/src/VBox/Runtime/testcase/tstLdr-4.cpp	(revision 85540)
+++ b/src/VBox/Runtime/testcase/tstLdr-4.cpp	(revision 85541)
@@ -60,6 +60,16 @@
              , *piSeg, pSeg->RVA, pSeg->cbMapped, pSeg->pszName,
              pSeg->LinkAddress, pSeg->cb, pSeg->Alignment, pSeg->fProt, pSeg->offFile);
 
+    if (pSeg->RVA != NIL_RTLDRADDR)
+    {
+        RTTESTI_CHECK(pSeg->cbMapped != NIL_RTLDRADDR);
+        RTTESTI_CHECK(pSeg->cbMapped >= pSeg->cb);
+    }
+    else
+    {
+        RTTESTI_CHECK(pSeg->cbMapped == NIL_RTLDRADDR);
+    }
+
     /*
      * Do some address conversion tests:
      */
Index: src/VBox/HostDrivers/Support/SUPDrv.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrv.cpp b/src/VBox/HostDrivers/Support/SUPDrv.cpp
--- a/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85544)
+++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp	(revision 85545)
@@ -5254,6 +5254,13 @@
                                           pv, pszSymbol, iSeg, pImage->paSegments[iSeg].off, pImage->paSegments[iSeg].cb,
                                           pImage->paSegments[iSeg].fProt);
             }
+        if (iSeg >= pImage->cSegments)
+        {
+            supdrvLdrUnlock(pDevExt);
+            return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
+                                      "Bad entry point %p given for %s: no matching segment found (RVA %#zx)!",
+                                      pv, pszSymbol, uRva);
+        }
 
         if (pImage->fNative)
         {
@@ -5334,6 +5341,26 @@
         return supdrvLdrLoadError(VERR_PERMISSION_DENIED, pReq, "Loader is locked down");
     }
 
+    /*
+     * Copy the segments before we start using supdrvLdrValidatePointer for entrypoint validation.
+     */
+    pImage->cSegments = pReq->u.In.cSegments;
+    {
+        size_t  cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
+        pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
+        if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
+            pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
+        else
+        {
+            supdrvLdrUnlock(pDevExt);
+            return supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
+        }
+        SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+    }
+
+    /*
+     * Validate entrypoints.
+     */
     switch (pReq->u.In.eEPType)
     {
         case SUPLDRLOADEP_NOTHING:
@@ -5405,18 +5432,6 @@
                 rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for symbol table: %#x", cbSymbols);
             SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
         }
-
-        pImage->cSegments = pReq->u.In.cSegments;
-        if (RT_SUCCESS(rc))
-        {
-            size_t  cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
-            pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
-            if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
-                pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
-            else
-                rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
-            SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-        }
     }
 
     /*
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85545)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85546)
@@ -358,9 +358,15 @@
     AssertCompile(RTMEM_PROT_EXEC  == SUPLDR_PROT_EXEC);
     RT_NOREF(hLdrMod);
 
+    Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr/%RTptr prot %#x %s\n",
+          pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->cb, pSeg->fProt, pSeg->pszName));
+
     /* Ignore segments not part of the loaded image. */
     if (pSeg->RVA == NIL_RTLDRADDR || pSeg->cbMapped == 0)
+    {
+        Log2(("supLoadModuleCompileSegmentsCB: -> skipped\n"));
         return VINF_SUCCESS;
+    }
 
     /* We currently ASSUME that all relevant segments are in ascending RVA order. */
     AssertReturn(pSeg->RVA >= pArgs->uEndRva,
@@ -373,8 +379,6 @@
     uint32_t cbMapped = (uint32_t)pSeg->cbMapped;
     AssertReturn(pSeg->RVA      < _1G, VERR_INTERNAL_ERROR_3);
     uint32_t uRvaSeg  = (uint32_t)pSeg->RVA;
-    Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr/%RTptr prot %#x %s\n",
-          pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->cb, pSeg->fProt, pSeg->pszName));
 
     /*
      * If the protection is the same as the previous segment,
Index: src/VBox/HostDrivers/Support/SUPDrvInternal.h
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrvInternal.h b/src/VBox/HostDrivers/Support/SUPDrvInternal.h
--- a/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85551)
+++ b/src/VBox/HostDrivers/Support/SUPDrvInternal.h	(revision 85552)
@@ -145,7 +145,7 @@
 # define SUPDRV_USE_MUTEX_FOR_GIP
 #endif
 
-#if 0 /*defined(RT_OS_LINUX)*/ /** @todo make everyone do this */
+#if defined(RT_OS_LINUX) /** @todo make everyone do this */
 /** Use the RTR0MemObj API rather than the RTMemExecAlloc for the images.
  * This is a good idea in general, but a necessity for @bugref{9801}. */
 # define SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
Index: src/VBox/HostDrivers/Support/SUPLibLdr.cpp
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85554)
+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp	(revision 85555)
@@ -392,7 +392,7 @@
     if (pSeg->fProt == pArgs->fProt)
     {
         pArgs->uEndRva = uRvaSeg + cbMapped;
-        Log2(("supLoadModuleCompileSegmentsCB: -> merged\n"));
+        Log2(("supLoadModuleCompileSegmentsCB: -> merged, end %#x\n", pArgs->uEndRva));
         return VINF_SUCCESS;
     }
 
@@ -419,7 +419,8 @@
             if (cbCommon >= cbMapped)
             {
                 pArgs->uEndRva = uRvaSeg + cbMapped;
-                Log2(("supLoadModuleCompileSegmentsCB: -> merge, %#x common, upgrading prot to %#x\n", cbCommon, pArgs->fProt));
+                Log2(("supLoadModuleCompileSegmentsCB: -> merge, %#x common, upgrading prot to %#x, end %#x\n",
+                      cbCommon, pArgs->fProt, pArgs->uEndRva));
                 return VINF_SUCCESS; /* New segment was smaller than a page. */
             }
             cbMapped -= cbCommon;
@@ -437,7 +438,7 @@
             {
                 pArgs->fProt   = fProt;
                 pArgs->uEndRva = uRvaSeg + cbMapped;
-                Log2(("supLoadModuleCompileSegmentsCB: -> upgrade current protection\n"));
+                Log2(("supLoadModuleCompileSegmentsCB: -> upgrade current protection, end %#x\n", pArgs->uEndRva));
                 return VINF_SUCCESS; /* Current segment was smaller than a page. */
             }
             Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into new\n", (uint32_t)(pSeg->RVA & PAGE_OFFSET_MASK)));
@@ -445,7 +446,7 @@
         else
         {
             /* Create a new segment for the common page with the combined protection. */
-            Log2(("supLoadModuleCompileSegmentsCB: -> its complicated...\n"));
+            Log2(("supLoadModuleCompileSegmentsCB: -> it's complicated...\n"));
             pArgs->uEndRva &= ~(uint32_t)PAGE_OFFSET_MASK;
             if (pArgs->uEndRva > pArgs->uStartRva)
             {
@@ -465,7 +466,7 @@
             pArgs->fProt |= fProt;
 
             uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
-            if (cbCommon <= cbMapped)
+            if (cbCommon >= cbMapped)
             {
                 fProt |= pArgs->fProt;
                 pArgs->uEndRva = uRvaSeg + cbMapped;
@@ -768,7 +769,11 @@
             Assert(SegArgs.uEndRva <= RTLdrSize(hLdrMod));
             SegArgs.uEndRva = (uint32_t)CalcArgs.cbImage; /* overflow is checked later */
             if (SegArgs.uEndRva > SegArgs.uStartRva)
+            {
+                Log2(("supLoadModule:                  SUP Seg #%u: %#x LB %#x prot %#x\n",
+                      SegArgs.iSegs, SegArgs.uStartRva, SegArgs.uEndRva - SegArgs.uStartRva, SegArgs.fProt));
                 SegArgs.iSegs++;
+            }
 
             const uint32_t offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
             const uint32_t offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
Index: src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
===================================================================
diff --git a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
--- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85555)
+++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h	(revision 85556)
@@ -2858,7 +2858,7 @@
     pModElf->Dyn.iStrSh     = ~0U;
     //pModElf->Dyn.cbStr    = 0;
     //pModElf->Dyn.pStr     = NULL;
-    //pModElf->iFirstSect   = 0;
+    pModElf->iFirstSect     = 1;
     //pModElf->fShdrInOrder = false;
     //pModElf->cbImage      = 0;
     pModElf->LinkAddress    = ~(Elf_Addr)0;
Index: src/VBox/HostDrivers/Support/SUPDrvIOC.h
===================================================================
diff --git a/src/VBox/HostDrivers/Support/SUPDrvIOC.h b/src/VBox/HostDrivers/Support/SUPDrvIOC.h
--- a/src/VBox/HostDrivers/Support/SUPDrvIOC.h	(revision 85589)
+++ b/src/VBox/HostDrivers/Support/SUPDrvIOC.h	(revision 85590)
@@ -221,6 +221,7 @@
  *
  * @todo Pending work on next major version change:
  *          - Nothing.
+ * @note 0x002f0000 is used by 6.0. The next version number must be 0x00300000.
  */
 #define SUPDRV_IOC_VERSION                              0x002e0000