chizui/Il2CppInspectorRedux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PE: Fix calculation of GlobalOffset

Browse Source
This commit is contained in:
Katy Coe
2019-10-29 01:15:48 +01:00
parent 858be5fa3e
commit e260a92f1b
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Il2CppInspector/FileFormatReaders/FormatLayouts/PE.cs
View File

@@ -35,6 +35,7 @@ namespace Il2CppInspector
PE ExpectedMagic { get; }
ushort Magic { get; }
ulong ImageBase { get; }
uint BaseOfCode { get; }
RvaEntry[] DataDirectory { get; }
}
@@ -43,6 +44,7 @@ namespace Il2CppInspector
public PE ExpectedMagic => PE.IMAGE_NT_OPTIONAL_HDR32_MAGIC;
public ushort Magic => f_Magic;
public ulong ImageBase => f_ImageBase;
public uint BaseOfCode => f_BaseOfCode;
public RvaEntry[] DataDirectory => f_DataDirectory;
public ushort f_Magic;
@@ -52,7 +54,7 @@ namespace Il2CppInspector
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint BaseOfCode;
public uint f_BaseOfCode;
public uint BaseOfData;
public uint f_ImageBase;
public uint SectionAlignment;
@@ -85,6 +87,7 @@ namespace Il2CppInspector
public PE ExpectedMagic => PE.IMAGE_NT_OPTIONAL_HDR64_MAGIC;
public ushort Magic => f_Magic;
public ulong ImageBase => f_ImageBase;
public uint BaseOfCode => f_BaseOfCode;
public RvaEntry[] DataDirectory => f_DataDirectory;
public ushort f_Magic;
@@ -94,7 +97,7 @@ namespace Il2CppInspector
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint BaseOfCode;
public uint f_BaseOfCode;
public ulong f_ImageBase;
public uint SectionAlignment;
public uint FileAlignment;

12
Il2CppInspector/FileFormatReaders/PEReader.cs
View File

@@ -10,6 +10,9 @@ using System.Linq;
namespace Il2CppInspector
{
// References:
// PE Header file: https://github.com/dotnet/llilc/blob/master/include/clr/ntimage.h
// PE format specification: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format?redirectedfrom=MSDN
internal class PEReader : FileFormatReader<PEReader>
{
private COFFHeader coff;
@@ -96,7 +99,8 @@ namespace Il2CppInspector
pFuncTable += 8;
}
GlobalOffset = pe.ImageBase;
// Get base of code
GlobalOffset = pe.ImageBase + pe.BaseOfCode - sections.First(x => x.Name == ".text").PointerToRawData;
return true;
}
@@ -113,9 +117,9 @@ namespace Il2CppInspector
if (uiAddr == 0)
return 0;
var section = sections.First(x => uiAddr - GlobalOffset >= x.VirtualAddress &&
uiAddr - GlobalOffset < x.VirtualAddress + x.SizeOfRawData);
return (uint) (uiAddr - section.VirtualAddress - GlobalOffset + section.PointerToRawData);
var section = sections.First(x => uiAddr - pe.ImageBase >= x.VirtualAddress &&
uiAddr - pe.ImageBase < x.VirtualAddress + x.SizeOfRawData);
return (uint) (uiAddr - section.VirtualAddress - pe.ImageBase + section.PointerToRawData);
}
}
}