前言

公式

  1. RVA = 内存地址-ImageBase

  2. 判断RVA在哪一个节上:

    1. RVA>=节n.VirtualAddress
    2. RVA<=(节n.VirtualAddress+节.SizeofRawData)内存对齐

    偏移=RVA-节n.VirtualAddress

  3. FOA=节n.PointerToRawData+偏移

实验-对齐大小一样

#include <stdio.h>

char str[] = "ABC";
int main()
{
	printf("Address: %p\\\\n", &str);
	printf("V: %s\\\\n", str);
	return 0;
}

Address: 00424D8C
V: ABC

获取ImageBase

计算RVA

获取内存对齐和文件对齐

判断在哪一个节

计算偏移

获取节表的PointerToRawData

计算FOA

验证

Address: 00424D8C
V: AAA

实验-对齐大小不一样

#pragma comment(linker, "/ALIGN:0x4000")
#pragma comment(linker, "/FILEALIGN:0x1000")

#include <stdio.h>

char str[] = "ABCD";
int main()
{
	printf("Address: %p\\\\n", &str);
	printf("V: %s\\\\n", str);
	return 0;
}

Address: 0042CA30
V: ABCD

获取ImageBase

计算RVA

获取内存对齐和文件对齐

判断在哪一个节

计算偏移

获取节表的PointerToRawData

计算FOA

验证

Address: 0042CA30
V: AAAA

哔哩哔哩

RVA2FOA_哔哩哔哩_bilibili

Powered by Kali-Team