Skip to content

Commit

Permalink
[FEATURE] In realign mode: preserve the original module base
Browse files Browse the repository at this point in the history
  • Loading branch information
@hasherezade
hasherezade committed Sep 7, 2024
1 parent 2ba7bdc commit e4841b6
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion libpeconv/src/pe_dumper.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,10 @@ bool peconv::dump_pe(
unmapped_module = pe_virtual_to_raw(buffer, mod_size, (ULONGLONG)start_addr, out_size, false);
}
else if (dump_mode == peconv::PE_DUMP_REALIGN) {
unmapped_module = peconv::pe_realign_raw_to_virtual(buffer, mod_size, (ULONGLONG)start_addr, out_size);
// relocate to the original base
const ULONGLONG hdr_base = peconv::get_image_base(buffer);
peconv::update_image_base(buffer, (ULONGLONG)start_addr);
unmapped_module = peconv::pe_realign_raw_to_virtual(buffer, mod_size, (ULONGLONG)hdr_base, out_size);
}
// unmap the PE file (convert from the Virtual Format into Raw Format)
if (unmapped_module) {
Expand Down

0 comments on commit e4841b6

Please sign in to comment.