二鸟学Win32 汇编——PE头文件

2020-11-19 11:33

阅读:675

 
;代码段
    .code
;---------------------
; 将内存偏移量RVA转换为文件偏移
; lp_FileHead为文件头的起始地址
; _dwRVA为给定的RVA地址
;---------------------

_RVAToOffset proc _lpFileHead, _dwRVA
  local @ret

  pushad
  mov esi, _lpFileHead
  assume esi:ptr IMAGE_DOS_HEADER
  add esi, [esi].e_lfanew
  assume esi:ptr IMAGE_NT_HEADERS
  
  mov edx, esi
  add edx, sizeof IMAGE_NT_HEADERS
  assume edx, IMAGE_SECTION_HEADER
  
  mov edi,_dwRVA
  mov ecx, [esi].FileHeader.NumberOfSections
  
  .repeat
    mov eax, [edx].VirtualAddress
    add eax, [edx].SizeOfRawData
    .if (edi>=[edx].VirtualAddress) && (edi      sub edi, [edx].VirtualAddress
      mov eax, [edx].PointerToRawData
      add eax, edi
      jmp @F
    .endif  
  .untilcxz
mov eax, -1

@@:assume esi:nothing
  assume edx:nothing
  mov @ret, eax
  popad
  mov eax, @ret
  ret  
_RVAToOffset endp


评论


亲,登录后才可以留言!