News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

OffsettoRVA

Started by guga, April 11, 2012, 01:26:24 AM

Previous topic - Next topic

guga

One more i made on rosasmboard. As usual, feel free to port it to masm or fasm etc

;;
    OffsettoRVA Function

    Routine Description:

        This function locates the RVA through a inputed raw offset of the PE File.

    Arguments:

        Offset [in] - The offset to be calculated.
        pPEHdr [in] - A pointer to an IMAGE_NT_HEADERS structure ('PE' signature). This structure can be obtained by
                      calling the ImageNtHeader function.

    Return Value:
                    If the function suceeds it retuns the RVA of the offset
                    If the function fails, it retunr FALSE.

    Example:
   
                call OffsettoRVA 0F1B, D@PeOrigin

    Reference:  http://hi.baidu.com/ximo2006/blog/item/cbf745f82f19ffd2b58f315c.html
                http://forum.exetools.com/showthread.php?t=6042
                www.ntcore.com/files/netint_injection/SectComp.cff

    Author:
        Gustavo Trigueiros (aka: Beyond2000! or Guga)
;;

Proc OffsettoRVA:
    Arguments @InputOffset, @pPEHdr
    Uses edx, ecx, edi

    mov edx D@pPEHdr
    movzx ecx W$edx+PeHeader.FileHeader.NumberOfSectionsDis
    mov edi D@InputOffset
    add edx SizeOf_PeHeader ; point to  IMAGE_SECTION_HEADER

    .While ecx <> 0 ; check all sections
        mov eax D$edx+SectionsHeaders.PointerToRawDataDis
        add eax D$edx+SectionsHeaders.SizeOfRawDataDis
        .If_And edi >= D$edx+SectionsHeaders.PointerToRawDataDis, edi < eax
            mov eax D$edx+SectionsHeaders.PointerToRawDataDis
            sub edi eax ; edi == Offset - PointerToRawData
            mov eax D$edx+SectionsHeaders.VirtualAddressDis
            add eax edi ; eax == Offset - PointerToRawData + VirtualAddress
                        ; Offset = VirtualAddress+(InOffset-PointerToRawData)
            ExitP
        .End_If
        add edx SizeOf_SectionsHeaders
        dec ecx
    .End_While

    xor eax eax

EndP