Some packers leave a dll's relocation directory intact (e.g. Armadildo). You just have to know the original reloc dir RVA which is easy to find in most cases.
However, you need to define the right reloc table size, since the PE loader subtracts every block from the size and checks for 0.
That means, you can't just guess and make it big enough to contain all elements. It has to be the exact size of the table.
Well, I was looking for a tool that could calculate the size but couldn't find any.
I started coding my own and that's the result
It takes a PE file, displays the correct size for the reloc table and optionally writes the right size to the file.
Supports both normal and PE32+ executables.
BEWARE! KOMMANDLINE-APPLIKASHUN!
Source and binary attached
However, you need to define the right reloc table size, since the PE loader subtracts every block from the size and checks for 0.
That means, you can't just guess and make it big enough to contain all elements. It has to be the exact size of the table.
Well, I was looking for a tool that could calculate the size but couldn't find any.
I started coding my own and that's the result
It takes a PE file, displays the correct size for the reloc table and optionally writes the right size to the file.
Supports both normal and PE32+ executables.
BEWARE! KOMMANDLINE-APPLIKASHUN!
Source and binary attached
Attached File(s)
-
GetRelocSize.zip (77.17K)
reflink:http://forum.tuts4you.com/index.php?s=8a2282d66b755d4ccdcf11bc2b3f14e9&app=blog&module=display§ion=blog&blogid=4&showentry=42
