PE--重定位表

遍历重定位表

////////////////重定位表/////////////////////////////////
VOID _GetRelocInfo(PVOID pFileBuffer)
{
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_NT_HEADERS pNtHeaders = NULL;

    PIMAGE_BASE_RELOCATION pBaseRelocation=NULL;
    PWORD pRelocData=NULL;
    DWORD dwRVA=0;

    pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
    if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
    {
        printf("not a mz header!\n");
        return ;
    }
    pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew);
    if (pNtHeaders->Signature != IMAGE_NT_SIGNATURE)
    {
        printf("not a PE header!\n");
        return ;
    }

    //重定位表位置
    pBaseRelocation=(PIMAGE_BASE_RELOCATION)((DWORD)pFileBuffer+_RVAToOffset(pFileBuffer,pNtHeaders->OptionalHeader.DataDirectory[5].VirtualAddress));

    while(pBaseRelocation->VirtualAddress!=0&&pBaseRelocation->SizeOfBlock!=0)
    {
        printf("VirtualAddress: 0x%x\n",pBaseRelocation->VirtualAddress);
        printf("SizeOfBlock:　0x%x\n",pBaseRelocation->SizeOfBlock);
        printf("RVA                        TYPE\n");
        printf("-----------------------------------------------\n");
        pRelocData=(PWORD)((DWORD)pBaseRelocation+0x8);
        for(int i=0;i<(pBaseRelocation->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2;i++)
        {
            if(*(pRelocData+i)>>12==3)
            {
                dwRVA=*(pRelocData+i)&0x0fff+pBaseRelocation->VirtualAddress;
                printf("0x%x                         HIGHLOW\n",dwRVA);
            }
            else
            {
                printf("0xffffffff                 ABSOLUTE\n");
            }
        }
        pBaseRelocation=(PIMAGE_BASE_RELOCATION)((DWORD)pBaseRelocation+pBaseRelocation->SizeOfBlock);
    }
    return;
}