二鸟学Win32 汇编——PE头文件

时间:2014-05-04 10:14:26   收藏:0   阅读:430
bubuko.com,布布扣
 
;代码段
    .code
;---------------------
; 将内存偏移量RVA转换为文件偏移
; lp_FileHead为文件头的起始地址
; _dwRVA为给定的RVA地址
;---------------------

_RVAToOffset proc _lpFileHead, _dwRVA
  local @ret

  pushad
  mov esi, _lpFileHead
  assume esi:ptr IMAGE_DOS_HEADER
  add esi, [esi].e_lfanew
  assume esi:ptr IMAGE_NT_HEADERS
  
  mov edx, esi
  add edx, sizeof IMAGE_NT_HEADERS
  assume edx, IMAGE_SECTION_HEADER
  
  mov edi,_dwRVA
  mov ecx, [esi].FileHeader.NumberOfSections
  
  .repeat
    mov eax, [edx].VirtualAddress
    add eax, [edx].SizeOfRawData
    .if (edi>=[edx].VirtualAddress) && (edi<eax)
      sub edi, [edx].VirtualAddress
      mov eax, [edx].PointerToRawData
      add eax, edi
      jmp @F
    .endif  
  .untilcxz
mov eax, -1

@@:assume esi:nothing
  assume edx:nothing
  mov @ret, eax
  popad
  mov eax, @ret
  ret  
_RVAToOffset endp
bubuko.com,布布扣

 

二鸟学Win32 汇编——PE头文件,布布扣,bubuko.com

评论(0
© 2014 mamicode.com 版权所有 京ICP备13008772号-2  联系我们:gaon5@hotmail.com
迷上了代码!