Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Sections

Guest [n]ewcom3R
Guest [n]ewcom3R
in Programming and Coding

Featured Replies

Posted

Hi,

i'm new here on this board. I want to code an Offset converter in Delphi. There is only one problem!! How can I calculate the section from the RVA or from the VA?

(sections .text, .data, .idata ....)

google,google,google & google and you know all.

first start with what is RVA what VA, then download PE format file aroung 100kb txt, then read what is virtual offset and what is raw offset. and then think what you want to do, convert from file or memory, in memory all is dependent on imagebase, in file all is dependent on raw offset, but not always:P due if exe is packed, protected it can have 3 sections but all 3 have raw offset 0, due they are merged and unpacked to right place by stub

Hello [n]ewcom3R:

Here I expose a way to implement this:

You load all sections data in an array of record like the following:

type
  TypeSection = record
	rvirt_off : Cardinal;
	raw_size : Cardinal;
  end;var
  sec : array of TypeSection;
  rvirt_addr, virt_addr : Cardinal; // RVA and VA addresses
  imagebase : Cardinal;
  i, numsec : Integer;begin
  SetLength(sec,numsec);
...
... some lines of code, where you extract numsec, imagebase and load in sec PE header values
...
  rvirt_addr := virt_addr - imagebase;  for i := 0 to numsec - 1 do
	if (rvirt_addr >= sec [i].rvirt_off) AND (rvirt_addr < (sec [i].rvirt_off + sec [i].raw_size)) then
	  Break;

i + 1 yields as the counter of section where RVA is (remember that you have used a dinamic array whose first element is sec [0]).

The code of above is not complete, you will need to implement the opening and closing of the file to read the PE header of the file, they are just a few lines more.

If you need more details just let me know...

Cheers

Nacho_dj

Well, as i see human has done a nice job by advicing you :P

and Nacho-dj gave you nice tips the only thing left is to ask do

you know anything about PE format ?? is a good question you know !!

if you don't or at least not that good try reading a few tutorials about it

there are 3 of my favorite 1) Recardo Narvaja , 2) Yates , 3) Goppit

they can be found on web and google too it's nice to have a more

information than you need trust me it's great ;)

Cheer To All

  • 2 weeks later...

Hi all

thx for your answers! I was on holiday so i couldn't read your posts.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.