Back to home page

DOS ain't dead

Forum index page

Log in | Register

Search:  
Back to the board
Thread view  Mix view  Order
DOS386

21.05.2009, 12:08
 

[BUG] Garbage RVA's Japheth's "PE" vs DAMPFPLAUDERER's (DOSX)

Post reply

Feeding DKRNL32.DLL into "PE" :

Name   vSize     RVA  pSize  pOffset pRelocs nRel    flags
----------------------------------------------------------
.text   E08C    1000   E200      400       0    0 60000020 c e r
.rdata  3AD4   10000   3C00     E600       0    0 40000040 d(i) r
.data   1B44   14000    800    12200       0    0 C0000040 d(i) r w
.reloc   800   16000    800    12A00       0    0 42000040 d(i) r d

Name: 11A0A KERNEL32.DLL
Base: 1
Functions: 556
Names: 507
Address of Functions: 10578
Address of Names: 10E28
Address of Name Ordinals: 11614

  RVA     # RVA-target Name
-----------------------------
10578    32       7978 AddAtomA
1057C    33       7ADC AllocConsole
10580    34       7B1C AreFileApisANSI
10584    35       7AE4 AttachConsole
10588    36       7B20 BackupRead

The most left column ("RVA") is apparently wrong :-( - it fails to skip
the $31=#49 anonymous exports. The other 3 are good however :-) Checked
against "GT2" tool by PhaX and got even better resuts: it doesn't provide
the most left column, so it can't be wrong, and even less correct
here ;-) , OTOH the target addresses are wrong :clap:

Of course I don't expect a fix ... it's sufficiently obvious that this BUG
has been implemented deliberately to keep out the DAMPFPLAUDERER's :clap:

---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***
Japheth

Homepage

Germany (South),
25.05.2009, 20:17

@ DOS386

[BUG] confirmed and fixed

Post reply

> The most left column ("RVA") is apparently wrong :-( - it fails to skip
> the $31=#49 anonymous exports. The other 3 are good however :-) Checked
> against "GT2" tool by PhaX and got even better resuts: it doesn't provide
> the most left column, so it can't be wrong, and even less correct
> here ;-) , OTOH the target addresses are wrong :clap:
Fixed with v1.11 (http://www.japheth.de/Download/pe.zip)

---
MS-DOS forever!
DOS386

01.06.2009, 15:22

@ Japheth

[BUG] confirmed and fixed

Post reply

> Fixed with v1.11

It's indeed fixed ... you are great :-)

> V1.11 05/25/2009:
> relocations offset and length displayed.
Apparently affects COFF only ...

> bugfix: display of exports was inaccurate if
> the table of exports contained unnamed functions
> (big thanks to DOS386 who reported this bug!).
:-)

---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***
Back to the board
Thread view  Mix view  Order
22049 Postings in 2034 Threads, 396 registered users, 280 users online (0 registered, 280 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum