Jump to content
Tuts 4 You

Kibloy's Blog

  • entries
    7
  • comments
    19
  • views
    51,210

GetRelocSize

Sign in to follow this  
Killboy

3,888 views

Some packers leave a dll's relocation directory intact (e.g. Armadildo). You just have to know the original reloc dir RVA which is easy to find in most cases.

However, you need to define the right reloc table size, since the PE loader subtracts every block from the size and checks for 0.

That means, you can't just guess and make it big enough to contain all elements. It has to be the exact size of the table.

Well, I was looking for a tool that could calculate the size but couldn't find any.

I started coding my own and that's the result :D

It takes a PE file, displays the correct size for the reloc table and optionally writes the right size to the file.

Supports both normal and PE32+ executables.

BEWARE! KOMMANDLINE-APPLIKASHUN!

Source and binary attached :)

Sign in to follow this  


3 Comments


Recommended Comments

Nacho_dj

Posted

Thanks Killboy, I'll have a look at it. By the way, one of the tasks of Armageddon tool is fixing the reloc section (when it exists), as you mentioned here. And you are right, it seems there is (well, was) not any standalone tool performing that task...

Cheers

Nacho_dj

Share this comment


Link to comment

thanks Killboy, but don't know why i can't download it :dunno:

Share this comment


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...