Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

[BUG] Garbage RVA's Japheth's "PE" vs DAMPFPLAUDERER's (DOSX)

posted by DOS386(R), 21.05.2009, 12:08

Feeding DKRNL32.DLL into "PE" :

Name   vSize     RVA  pSize  pOffset pRelocs nRel    flags
----------------------------------------------------------
.text   E08C    1000   E200      400       0    0 60000020 c e r
.rdata  3AD4   10000   3C00     E600       0    0 40000040 d(i) r
.data   1B44   14000    800    12200       0    0 C0000040 d(i) r w
.reloc   800   16000    800    12A00       0    0 42000040 d(i) r d

Name: 11A0A KERNEL32.DLL
Base: 1
Functions: 556
Names: 507
Address of Functions: 10578
Address of Names: 10E28
Address of Name Ordinals: 11614

  RVA     # RVA-target Name
-----------------------------
10578    32       7978 AddAtomA
1057C    33       7ADC AllocConsole
10580    34       7B1C AreFileApisANSI
10584    35       7AE4 AttachConsole
10588    36       7B20 BackupRead


The most left column ("RVA") is apparently wrong :-( - it fails to skip
the $31=#49 anonymous exports. The other 3 are good however :-) Checked
against "GT2" tool by PhaX and got even better resuts: it doesn't provide
the most left column, so it can't be wrong, and even less correct
here ;-) , OTOH the target addresses are wrong :clap:

Of course I don't expect a fix ... it's sufficiently obvious that this BUG
has been implemented deliberately
to keep out the DAMPFPLAUDERER's :clap:

---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***

 

Complete thread:

Back to the forum
Board view  Mix view
15188 Postings in 1365 Threads, 250 registered users, 17 users online (0 registered, 17 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum