The only thing you're guaranteed (for a wellbehaving PE anyway) is 512 byte alignment (since that's the lowest alignment that works across all win32 ranges).
Posted on 2003-05-08 10:34:03 by f0dder
Yeah,i guess if there was a section missing or another added it would change. You could just jump through the file in 512 byte increments and look for "ZZZZ" then, as long as it's the first entry in the data segment, that is something you can control though. Alternatively you could decode the PE header and just go straight to the data segment. In either case by dynamically obtaining the offset you have the opiton of changing the file if you want to without breaking your program.
Posted on 2003-05-08 10:38:43 by donkey