Going back to exe image files and rebasing. Surely they can be rebased even
without a .reloc section? All I need to do is edit the image base in the PE
header then parse the assembly looking for absolute addresses such as
function addresses, static variables etc and modify these addresses, too.
For example assume an image base for an exe is 0x00400000 and the c code
does
without a .reloc section? All I need to do is edit the image base in the PE
header then parse the assembly looking for absolute addresses such as
function addresses, static variables etc and modify these addresses, too.
For example assume an image base for an exe is 0x00400000 and the c code
does
printf("hello");
This will generate something like
push 0x0042001C // push pointer to hello
call 0x00401060 // call printf
If I then make the image base 0x00410000 and I also change
push 0x0042001C
call 0x00401060
to become
push 0x0043001C
call 0x00411060
then the exe should still run (as long as you get all the absolute
addresses) and it has been rebased.
?
David
[ reply ]