One more i made on rosasmboard. As usual, feel free to port it to masm or fasm etc
;;
OffsettoRVA Function
Routine Description:
This function locates the RVA through a inputed raw offset of the PE File.
Arguments:
Offset [in] - The offset to be calculated.
pPEHdr [in] - A pointer to an IMAGE_NT_HEADERS structure ('PE' signature). This structure can be obtained by
calling the ImageNtHeader function.
Return Value:
If the function suceeds it retuns the RVA of the offset
If the function fails, it retunr FALSE.
Example:
call OffsettoRVA 0F1B, D@PeOrigin
Reference: http://hi.baidu.com/ximo2006/blog/item/cbf745f82f19ffd2b58f315c.html
http://forum.exetools.com/showthread.php?t=6042
www.ntcore.com/files/netint_injection/SectComp.cff
Author:
Gustavo Trigueiros (aka: Beyond2000! or Guga)
;;
Proc OffsettoRVA:
Arguments @InputOffset, @pPEHdr
Uses edx, ecx, edi
mov edx D@pPEHdr
movzx ecx W$edx+PeHeader.FileHeader.NumberOfSectionsDis
mov edi D@InputOffset
add edx SizeOf_PeHeader ; point to IMAGE_SECTION_HEADER
.While ecx <> 0 ; check all sections
mov eax D$edx+SectionsHeaders.PointerToRawDataDis
add eax D$edx+SectionsHeaders.SizeOfRawDataDis
.If_And edi >= D$edx+SectionsHeaders.PointerToRawDataDis, edi < eax
mov eax D$edx+SectionsHeaders.PointerToRawDataDis
sub edi eax ; edi == Offset - PointerToRawData
mov eax D$edx+SectionsHeaders.VirtualAddressDis
add eax edi ; eax == Offset - PointerToRawData + VirtualAddress
; Offset = VirtualAddress+(InOffset-PointerToRawData)
ExitP
.End_If
add edx SizeOf_SectionsHeaders
dec ecx
.End_While
xor eax eax
EndP