Board view
Mix view[BUG] Garbage RVA's Japheth's "PE" vs DAMPFPLAUDERER's (DOSX)
Feeding DKRNL32.DLL into "PE" :
Name vSize RVA pSize pOffset pRelocs nRel flags
----------------------------------------------------------
.text E08C 1000 E200 400 0 0 60000020 c e r
.rdata 3AD4 10000 3C00 E600 0 0 40000040 d(i) r
.data 1B44 14000 800 12200 0 0 C0000040 d(i) r w
.reloc 800 16000 800 12A00 0 0 42000040 d(i) r d
Name: 11A0A KERNEL32.DLL
Base: 1
Functions: 556
Names: 507
Address of Functions: 10578
Address of Names: 10E28
Address of Name Ordinals: 11614
RVA # RVA-target Name
-----------------------------
10578 32 7978 AddAtomA
1057C 33 7ADC AllocConsole
10580 34 7B1C AreFileApisANSI
10584 35 7AE4 AttachConsole
10588 36 7B20 BackupRead
The most left column ("RVA") is apparently wrong 
- it fails to skip
the $31=#49 anonymous exports. The other 3 are good however 
Checked
against "GT2" tool by PhaX and got even better resuts: it doesn't provide
the most left column, so it can't be wrong, and even less correct
here 
, OTOH the target addresses are wrong 
Of course I don't expect a fix ... it's sufficiently obvious that this BUG
has been implemented deliberately to keep out the DAMPFPLAUDERER's
---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***
Complete thread:
- [BUG] Garbage RVA's Japheth's "PE" vs DAMPFPLAUDERER's - DOS386, 21.05.2009, 12:08
![[Board]](img/board_d.gif "Open in board view")
![[Mix]](img/mix_d.gif "Open in mix view")
- [BUG] confirmed and fixed - Japheth, 25.05.2009, 20:17
- [BUG] confirmed and fixed - DOS386, 01.06.2009, 15:22
- [BUG] confirmed and fixed - Japheth, 25.05.2009, 20:17
