Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   how to calculate RVA from file offset (https://forum.exetools.com/showthread.php?t=6042)

Shub-Nigurrath 12-24-2004 01:06
how to calculate RVA from file offset
 
Hi,
anyone could post here any how to convert a file offset to its' memory equivalent RVA address .. practically what the RVA converter from Lazarus does...but the question is "how".

I'm coding it in C and already have a library/class which gives me all the PE header fields..but I'm not sure of the formula to use.

Any help is welcome!

Eggi 12-24-2004 02:06
Code:
DWORD OffsetToRVA(DWORD offset, IMAGE_SECTION_HEADER *is_hdr, unsigned scount){
        // Find section holding the Offset
        for(unsigned i = 0; i < scount;i++)
                if((offset >= is_hdr[i].PointerToRawData) && (offset <= is_hdr[i].PointerToRawData +is_hdr[i].SizeOfRawData)){
                        // Convert Offset to RVA
                        return offset+is_hdr[i].VirtualAddress-is_hdr[i].PointerToRawData;
                }
                return 0;
}
should work...
is_hdr is a array of IMAGE_SECTION_HEADERS and scount is the number of sections (file header)

Shub-Nigurrath 12-24-2004 04:39
10x mate, nice to receive answers here from you ;-) :D

diablo2oo2 12-24-2004 04:43
1 Attachment(s)
for masm:
http://pe-lib.cjb.net

there is a newer (unofficial) version of this (0.3d see attachment).

code:

Code:
invoke plOpenFile,PL_NO_OPEN_DIALOG,chr$("C:\File.exe")
invoke plOffsetToRVA,00000200h
invoke plCloseFile

Shub-Nigurrath 12-24-2004 18:14
well, what Eggi posted suits my need excellently, the only thing is that the result must be added to the imagebase but it's ok for the tests I did..

xixiaolou 12-25-2004 11:46
As I know:
For language such as VC++ MFC, Delphi, VB, the compiler use RVA as event pointer, so File Offset = RVA
For language as asm and on, you must use code above to convert RVA to offset

LAVA 01-07-2005 20:25
I've read this article from (iczelion).
It has a section about converting RVA to offset (asm code)
I think that it will do what you want(with a little change).

h--p://spiff.tripnet.se/~iczelion/pe-tut7.html

SiNTAX 01-07-2005 23:56
This might come in handy too, straight from the evil empire:

Microsoft Portable Executable and Common Object File Format Specification
-- hxxp://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx

It doesn't have example code, but it's nice to have around as a reference.

Claudio 01-08-2005 05:08
There is another PE library.
pe library v1.2 - by death
http://www.polarhome.com:793/~execution/02/ex-pel12.zip

This is a c++ library for pe manipulation. also, the compiled samples are available below.
http://www.polarhome.com:793/~execution/02/pelsamples.zip

LaBBa 09-22-2009 12:33
i know this is a long time ago post and it was answered but still i found somthing good when i was looking for an answer to this question..

Understanding RVAs and Import Tables - by Sunshine
http://www.sunshine2k.de/Tuts/tut_rvait.htm

the only thing he didn't say is that the RVA is calculated first by
VA(the disassbler shown address) - ImageBase = RVA
and then it shows how to calc the offset from the RVA...

Regards,
LaBBa.


All times are GMT +8. The time now is 03:44.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX