Hi! a have a question about this, how a convert the offset to RVA? is very Hard??? please helpme. :(
(Y)SALUDOS!:alright:
(Y)SALUDOS!:alright:
Now why would a first time poster be interested in converting RVAs? I hope your not looking to make patcher of some sort....?
:NaN:
:NaN:
Sorry for my english.
Is Only for curiosity, nothing but. Thanks!
(Y)SALUDOS! :alright:
Is Only for curiosity, nothing but. Thanks!
(Y)SALUDOS! :alright:
I am making a patcher. Now what?
Ok friend but... how convert RVA to offset????? please dont Fight.....with anothers members... :) :) :) :) be happy!
Excume my English, I study very hard this.
(Y)SALUDOS!:alright:
Excume my English, I study very hard this.
(Y)SALUDOS!:alright:
To find the rva from an offset o:
1. Find the section corresponding to this offset, then
2. RVA = offset + (section's virtual offset - section's raw offset)
Here is some code i wrote ages ago so it's probably rubbish but gives the idea.
1. Find the section corresponding to this offset, then
2. RVA = offset + (section's virtual offset - section's raw offset)
Here is some code i wrote ages ago so it's probably rubbish but gives the idea.
option prologue:none
option epilogue:none
; DWORD __stdcall ofstorva(LPVOID lpImage, DWORD dwOffset)
ofstorva proc
; offstorva(o) === o + (sec.virtoffs - sec.rawoffs)
push ebx
push esi
mov ebx,[esp+8+4]
mov esi,[esp+8+8]
mov edx,ebx
cmp word ptr [edx],IMAGE_DOS_SIGNATURE
jnz otv_err
assume edx:ptr IMAGE_DOS_HEADER
add edx,[edx].e_lfanew
assume edx:ptr IMAGE_NT_HEADERS
mov eax,[edx].Signature
cmp eax,IMAGE_NT_SIGNATURE
jnz otv_err
xor ecx,ecx
mov cx,[edx].FileHeader.NumberOfSections
test ecx,ecx
jz otv_err ; no sections
xor eax,eax
mov ax,[edx].FileHeader.SizeOfOptionalHeader
push [edx].OptionalHeader.ImageBase
assume edx:nothing
; move past file header and optional header
lea edx,[edx+18h+eax] ; edx -> section table
; search object table for section containing this rva
assume edx:ptr IMAGE_SECTION_HEADER
next:
mov eax,[edx].PointerToRawData
cmp esi,eax
jb skipsec ; if esi < sec_ra, skip sec
add eax,[edx].SizeOfRawData
cmp esi,eax ; if esi < (sec_ra + rsize), found
jb found
skipsec:
lea edx,[edx+28h] ; go to next section
dec ecx
jnz next
pop eax ; clean image base off stack
jmp otv_err
found:
; calculate file offset from rva
mov eax,[edx].VirtualAddress
sub eax,[edx].PointerToRawData
add esi,eax ; esi -> rva
assume edx:nothing
pop eax
; rva to va (commented here to get rva)
; lea eax,[esi+eax]
jmp otv_ok
otv_err:
xor eax,eax
otv_ok:
pop esi
pop ebx
retn 8
ofstorva endp
option prologue:prologuedef
option epilogue:epiloguedef
"I am making a patcher. Now what?"
Seichas v milicii, potom v Sibiri
Seichas v milicii, potom v Sibiri
You might want to read through Iczelion's PE tutorials... and get the Microsoft PE docs, and read the Pietrek articles.
Thanks friends!!!!!!