Guest [n]ewcom3R Posted May 24, 2007 Share Posted May 24, 2007 Hi,i'm new here on this board. I want to code an Offset converter in Delphi. There is only one problem!! How can I calculate the section from the RVA or from the VA?(sections .text, .data, .idata ....) Link to comment
human Posted May 24, 2007 Share Posted May 24, 2007 google,google,google & google and you know all.first start with what is RVA what VA, then download PE format file aroung 100kb txt, then read what is virtual offset and what is raw offset. and then think what you want to do, convert from file or memory, in memory all is dependent on imagebase, in file all is dependent on raw offset, but not always:P due if exe is packed, protected it can have 3 sections but all 3 have raw offset 0, due they are merged and unpacked to right place by stub Link to comment
Nacho_dj Posted May 25, 2007 Share Posted May 25, 2007 Hello [n]ewcom3R:Here I expose a way to implement this:You load all sections data in an array of record like the following:type TypeSection = record rvirt_off : Cardinal; raw_size : Cardinal; end;var sec : array of TypeSection; rvirt_addr, virt_addr : Cardinal; // RVA and VA addresses imagebase : Cardinal; i, numsec : Integer;begin SetLength(sec,numsec);...... some lines of code, where you extract numsec, imagebase and load in sec PE header values... rvirt_addr := virt_addr - imagebase; for i := 0 to numsec - 1 do if (rvirt_addr >= sec [i].rvirt_off) AND (rvirt_addr < (sec [i].rvirt_off + sec [i].raw_size)) then Break;i + 1 yields as the counter of section where RVA is (remember that you have used a dinamic array whose first element is sec [0]).The code of above is not complete, you will need to implement the opening and closing of the file to read the PE header of the file, they are just a few lines more.If you need more details just let me know...CheersNacho_dj Link to comment
Angel-55 Posted May 25, 2007 Share Posted May 25, 2007 Well, as i see human has done a nice job by advicing you and Nacho-dj gave you nice tips the only thing left is to ask do you know anything about PE format ?? is a good question you know !! if you don't or at least not that good try reading a few tutorials about it there are 3 of my favorite 1) Recardo Narvaja , 2) Yates , 3) Goppit they can be found on web and google too it's nice to have a more information than you need trust me it's great Cheer To All Link to comment
Guest [n]ewcom3R Posted June 9, 2007 Share Posted June 9, 2007 Hi all thx for your answers! I was on holiday so i couldn't read your posts. Link to comment
![Guest [n]ewcom3R](https://forum.tuts4you.com/uploads/set_resources_9/84c1e40ea0e759e3f1505eb1788ddf3c_default_photo.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now