Archive

Archive for October, 2016

Get RVA for offset in exe

October 21, 2016 Leave a comment

if you want to know where a particular sequence of byte will be loaded at run time in memory and you only have there offset from 0 position in exe file then use following:

  1. open exe and check sections tables
  2. check which section this offset belong to.
  3. load exe and get base address.
  4. you can calculate offset as below:
    1. RVA = offset in exe – rawaddress from section + virtual address + base address of exe
Advertisements
Categories: Uncategorized
%d bloggers like this: