Jump to content
Tuts 4 You

How to Convert RVA to Offset ?


h4sh3m

Recommended Posts

hi dears

I'm looking for delphi source that convert RVA to Offset. I found some code but those not work and I can't fix them.

please help me to do it.

tnx & sorry for poor english

Link to comment

hi dears

I'm looking for delphi source that convert RVA to Offset. I found some code but those not work and I can't fix them.

please help me to do it.

tnx & sorry for poor english

try this:


/>http://www.woodmann.com/forum/archive/index.php/t-5213.html
/>http://www.woodmann.com/forum/archive/index.php/t-1798.html

Hug

Link to comment

tnx dears but I'm delphi coder and can't understand C++.

I found this function that contain some error in line 29 that can't get sections info !


function RVA2Offset(hFile: THANDLE;RVA: Cardinal): Cardinal;
var
Base: Pointer;
ISH : PIMAGESECTIONHEADER;
INH : PIMAGENTHEADERS;
hFM : THANDLE;
x : Integer;
begin
Result:=0;
hFM:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
Base:=MapViewOfFile(hFM,FILE_MAP_READ,0,0,0); if Base=nil then
begin
UnMapViewOfFile(Base);
CloseHandle(hFM);
exit;
end; INH:=ImageNTHeader(Base); if INH=nil then
begin
UnMapViewOfFile(Base);
CloseHandle(hFM);
exit;
end; ISH:=ImageRVAToSection(INH,Base,RVA);
if ISH=nil then
begin
UnMapViewOfFile(Base);
CloseHandle(hFM);
exit;
end; Result:=RVA-ISH.VirtualAddress+ISH.PointerToRawData;
UnMapViewOfFile(Base);
CloseHandle(hFM);
end;
Link to comment

1) The function you posted comes from this URL: http://pcg.3dn.ru/publ/2-1-0-33 There is complete sample application in that page, it compiles and works just fine. If your code doesn't work, you messed up something yourself.

2) I recommend that you look at the CheatEngine code (http://code.google.com/p/cheat-engine/), it's of much better quality. The function you need is called "VirtualAddressToFileAddress" and it's in the file http://cheat-engine.googlecode.com/svn/trunk/Cheat%20Engine/PEInfoFunctions.pas

Cheers,

kao.

Link to comment
  • 2 weeks later...

I'm not understand delphi but try this:


if ((RVA>=Section.rva) and (RVA<=Section.rva+Section.physical_size)) then
z:=Section.physical_offs+RVA-Section.rva;
Link to comment

Rva2Offset & Offset2Rva, It's here:


///////////////////////////////////////////////////////////////
// Coded by vic4key {CiN1} //
///////////////////////////////////////////////////////////////Procedure Msg(szType: Byte);
var
Text: String;
begin
case szType of
1, 2: Text:= 'This is not PE files.';
3: Text:= 'Error opening file.';
4: Text:= 'RVA or Offset is invalid.';
end;
MessageBox(0, PChar(Text), PChar('Error'), MB_ICONEXCLAMATION);
Exit;
end;Function Converter(FileName: String; _type: Byte; Offset, _RVA: Dword): String;
var
hfile, dwRead: Dword;
_i, _j, _x, _numberSS: Dword;
_ret, _save, _rvaCmp: Dword;
_maxAddr, _minAddr: Dword;
SS: Array Of TImageSectionHeader;
IDH: TImageDosHeader;
INtH: TImageNtHeaders;
IFH: _IMAGE_FILE_HEADER;
IOH: _IMAGE_OPTIONAL_HEADER;
begin
hFile:= CreateFile(PChar(FileName),
GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE,
Nil, OPEN_EXISTING, 0, 0); {Get handle of File.}
_save:= 0;
if hFile = INVALID_HANDLE_VALUE then begin Msg(3); Exit; end else
begin {OpenFile}
SetFilePointer(hFile, 0, Nil, FILE_BEGIN);
ReadFile(hFile, IDH, 64, dwRead, Nil); {*IDH: DOS Image Header*}
if IDH.e_magic <> IMAGE_DOS_SIGNATURE then Msg(1) else
begin {DOS}
SetFilePointer(hFile, IDH._lfanew, Nil, FILE_BEGIN);
ReadFile(hFile, INtH, 248, dwRead, Nil); {*INtH: NT Image Header*}
if INtH.Signature <> IMAGE_NT_SIGNATURE then Msg(2) else
begin {NT}
IFH:= INtH.FileHeader; {*FH: FILE Image Header*}
IOH:= INtH.OptionalHeader; {*OH: OPTIONAL Image Header*}
_numberSS:= IFH.NumberOfSections;
SetLength(SS, _numberSS); {Set length[max & min] for SS}
_x:= IDH._lfanew + 24 + IFH.SizeOfOptionalHeader; {_x = OffsetPEHeaer + 24 + SizeOPHeaer}
for _i:= Low(SS) to High(SS) do {Number of (SS[Min = 0] ~> SS[Max])}
begin
SetFilePointer(hFile, _x, Nil, FILE_BEGIN);
ReadFile(hFile, SS[_i], 40, dwRead, Nil); {*SS[i]: SECTONS Header*}
Inc(_x, 40);
end;
{*Choose type convert*}
_save:= 0;
_i:= 0;
_ret:= 0;
case _type of
1:
begin
{* Offset ~> RVA *}
if (Offset >= SS[Low(SS)].PointerToRawData) And (Offset <= SS[High(SS)].PointerToRawData) then
begin
for _i:= Low(SS) to High(SS) do
begin
if SS[_i].PointerToRawData > Offset then
begin
_ret:= _i - 1; {<~ Section contain Offset}
Break;
end;
end;
_save:= Offset - SS[_ret].PointerToRawData +
SS[_ret].VirtualAddress + IOH.ImageBase;
end
else begin _save:= 0; end;
end;
2:
begin
{* RVA ~> Offset *}
_maxAddr:= SS[High(SS)].VirtualAddress + IOH.ImageBase;
_minAddr:= SS[Low(SS)].VirtualAddress + IOH.ImageBase;
if (_RVA <= _maxAddr) And (_RVA >= _minAddr) then
begin
for _i:= Low(SS) to High(SS) do
begin
_rvaCmp:= SS[_i].VirtualAddress + IOH.ImageBase;
if _rvaCmp > _RVA then
begin
_ret:= _i - 1; {<~ Section contain RVA}
Break;
end;
end;
_save:= _RVA + SS[_ret].PointerToRawData -
SS[_ret].VirtualAddress - IOH.ImageBase;
end else begin _save:= 0; end;
end; {if}
end; {2}
end; {NT}
end; {DOS}
end; {OpenFile}
PAdressCvter:= _save;
end;
Edited by vic4key
Link to comment
  • 2 weeks later...

@vic4key :

tnx dear but your function don't have any result for me & it's contain some bug !

I'm edited it and work !

tnx.


Function Converter(FileName: String; _type: Byte;var Offset: Dword;var _RVA: Dword): String;
var
hfile, dwRead : Dword;
_i, _j, _x, _numberSS : Dword;
_ret, _save, _rvaCmp : Dword;
_maxAddr, _minAddr : Dword;
SS : Array Of TImageSectionHeader;
IDH : TImageDosHeader;
INtH : TImageNtHeaders;
IFH : _IMAGE_FILE_HEADER;
IOH : _IMAGE_OPTIONAL_HEADER;
x : cardinal;
begin
hFile:= CreateFile(PChar(FileName), GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE,
Nil, OPEN_EXISTING, 0, 0); {Get handle of File.}
_save:= 0;
if hFile = INVALID_HANDLE_VALUE then begin Msg(3); Exit; end else
begin {OpenFile}
SetFilePointer(hFile, 0, Nil, FILE_BEGIN);
ReadFile(hFile, IDH, 64, dwRead, Nil); {*IDH: DOS Image Header*}
if IDH.e_magic <> IMAGE_DOS_SIGNATURE then Msg(1) else
begin {DOS}
SetFilePointer(hFile, IDH._lfanew, Nil, FILE_BEGIN);
ReadFile(hFile, INtH, 248, dwRead, Nil); {*INtH: NT Image Header*}
if INtH.Signature <> IMAGE_NT_SIGNATURE then Msg(2) else
begin {NT}
IFH:= INtH.FileHeader; {*FH: FILE Image Header*}
IOH:= INtH.OptionalHeader; {*OH: OPTIONAL Image Header*}
_numberSS:= IFH.NumberOfSections;
SetLength(SS, _numberSS); {Set length[max & min] for SS}
_x:= IDH._lfanew + 24 + IFH.SizeOfOptionalHeader; {_x = OffsetPEHeaer + 24 + SizeOPHeaer}
for _i:= Low(SS) to High(SS) do {Number of (SS[Min = 0] ~> SS[Max])}
begin
SetFilePointer(hFile, _x, Nil, FILE_BEGIN);
ReadFile(hFile, SS[_i], 40, dwRead, Nil); {*SS[i]: SECTONS Header*}
Inc(_x, 40);
end;
{*Choose type convert*}
_save:= 0;
_i:= 0;
_ret:= 0;
case _type of
1:
begin {* Offset ~> RVA *}
if (Offset >= SS[Low(SS)].PointerToRawData) And (Offset <= SS[High(SS)].PointerToRawData) then
begin
for _i:= Low(SS) to High(SS) do
begin
if SS[_i].PointerToRawData > Offset then
begin
_ret:= _i - 1; {<~ Section contain Offset}
Break;
end;
end;
_save:= Offset - SS[_ret].PointerToRawData +
SS[_ret].VirtualAddress + IOH.ImageBase;
end
else
_save:= 0;
end;
2:
begin {* RVA ~> Offset *}
_maxAddr:= SS[High(SS)].VirtualAddress + IOH.ImageBase;
_minAddr:= SS[Low(SS)].VirtualAddress + IOH.ImageBase;
if (_RVA <= _maxAddr) And (_RVA >= _minAddr) then
begin
for _i:= Low(SS) to High(SS) do
begin
_rvaCmp:= SS[_i].VirtualAddress + IOH.ImageBase;
if _rvaCmp > _RVA then
begin
_ret:= _i - 1; {<~ Section contain RVA}
Break;
end;
end;
_save:= _RVA + SS[_ret].PointerToRawData -
SS[_ret].VirtualAddress - IOH.ImageBase;
end
else
_save:= 0;
end; {if}
end; {2}
end; {NT}
end; {DOS}
closehandle(hfile);
end; {OpenFile}
if _type = 1 then
writeprocessmemory(getcurrentprocess, @_RVA, @_save, sizeof(_save), x)
else if _type = 2 then
writeprocessmemory(getcurrentprocess, @Offset, @_save, sizeof(_save), x);
//PAdressCvter := _save;
end;
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...