PE Relocation Builder
1. 获取一个 PE(目前仅适用于 x86)文件并显示要扫描的部分列表,有一个选项可以扫描所有部分。2. 扫描指定部分以查找引用到图像中的双字,即:在 ImageBase 之上但在 ImageBase + SizeOfImage 之下。
3. 用详细信息填充树视图,并允许用户仔细阅读引用以删除虚假条目,显示结果的十六进制和反汇编,并允许偏移检查它是否是有效的代码引用。
4. 将文件复制到内存中,为新的重定位记录分配更多空间并添加节头。调整 PE 标头并插入记录。
(1. Take a PE (x86 only at the moment) file and present a list of sections to scan, there is an option to scan all sections.
2. Scan designated sections for dwords which reference into the image, ie: above ImageBase but below ImageBase + SizeOfImage.
3. Fill treeview with details and allow user to peruse references to delete bogus entries, present hex and disasm of results and allow offsetting to check if it is a valid code reference.
4. Copy file into memory, allocate more for new relocation records and add a section header. Adjust PE header and insert records.)
页:
[1]