PE文件的三个地址分别是VA(虚拟地址)、RVA(相对虚拟地址)和FileOffset(文件偏移地址)。手动计算这三个地址的转换会很累,所以通常的方式是使用工具来完成。在这里写一个工具来转换这三个地址。该工具如图1所示。图1地址转换器该工具是在前两个工具的基础上完成的。因此,在进行计算时,应先“看”,再“算”。否则,获取到的指针还没有获取到。在界面上,左边的三个按钮是“单选框”,单选框的设置方法如图2所示。图2单选按钮的设置3个单选按钮只能选择一个。为了记录选择了哪个单选按钮,在类中定义了一个成员变量m_nSelect。对于3个单选按钮,分别使m_nSelect值1、2、3。让我们看一下主要代码。点击“计算”按钮后,响应按钮的代码如下:voidCPeParseDlg::OnBtnCalc(){//TODO:AddyourcontrolnotificationhandlercodehereDWORDdwAddr=0;//获取地址dwAddr=GetAddr();//所在部分地址位于intnInNum=GetAddrInSecNum(dwAddr);//计算其他地址CalcAddr(nInNum,dwAddr);}分别看GetAddr()、GetAddrInSecNum()和CalcAddr()的实现。获取编辑框输入的地址内容的代码如下:szAddr,10);HexStrToInt(szAddr,&dwAddr);break;}case2:{GetDlgItemText(IDC_EDIT_RVA,szAddr,10);HexStrToInt(szAddr,&dwAddr);break;}case3:{GetDlgItemText(IDC_EDIT_FILEOFFSET,szAddr,10);HexStrToInt(szAddr),&dw;break;}}returndwAddr;}获取地址段号的代码如下:intCPeParseDlg::GetAddrInSecNum(DWORDdwAddr){intnInNum=0;intnSecNum=m_pNtHdr->FileHeader.NumberOfSections;switch(m_nSelect){case1:{DWORDdwImageBase=m_pNtHdr->OptionalHeader.ImageBase;for(nInNum=0;nInNum=dwImageBase+m_pSecHdr[nInNum].VirtualAddress&&dwAddr<=dwImageBase+m_pSecHdr[nInNum].VirtualInAddress+.m_pSec.VirtualSize){returnInNum;}}break;}case2:{for(nInNum=0;nInNum=m_pSecHdr[nInNum].VirtualAddress&&dwAddr<=m_pSecHdr[nInNum].VirtualAddress+m_pSecHdr[nInNum].Misc.VirtualSize){returnInNum;}}break;}case3:{for(nInNum=0;nInNum=m_pSecHdr[nInNum].PointerToRawData&&dwAddr<=m_pSecHdr[nInNum]););.PointerToRawData+m_pSecHdr[nInNum].SizeOfRawData){returnInNum;}}break;}}return-1;}计算其他第二存的明是:VOIDCPeParseDlg::CalcAddr(intnInNum,DWORDdwAddr){DWORDdwVa=0;DWORDdwFileOffset=0;=0;switch(m_nSelect){case1:{dwVa=dwAddr;dwRva=dwVa-m_pNtHdr->OptionalHeader.ImageBase;dwFileOffset=m_pSecHdr[nInNum].PointerToRawData+(dwRva-m_pSecHdr[nInNum].VirtualAddress);中断;}案例2:{dwVa=dwAddr+m_pNtHdr->OptionalHeader.ImageBase;dwRva=dwAddr;dwFileOffset=m_pSecHdr[nInNum].PointerToRawData+(dwRva-m_pSecHdr[nInNum].VirtualAddress);break;}case3:{dwFileOffset=m_pSecHdr[nInNum].].VirtualAddress+(dwFileOffset-m_pSecHdr[nInNum].PointerToRawData);dwVa=dwRva+m_pNtHdr->OptionalHeader.ImageBase;break;}}SetDlgItemText(IDC_EDIT_SECTION,(constchar*)m_pSecHdr[nInNum].PointerToRawData);我);CStringstr;str.Format("%08X",dwVa);SetDlgItemText(IDC_EDIT_VA,str);str.Format("%08X",dwRva);SetDlgItemText(IDC_EDIT_RVA,str);str.Format("%08X",dwFileOffset);SetDlgItemText(IDC_EDIT_FILEOFFSET,str);}代码并不复杂,关键是CalcAddr()中三个地址的转换
