在DFCG回答过,再转过来吧。+---------+---------+---------+---------+---------+---------+| 段名称 虚拟地址 虚拟大小 物理地址 物理大小 标志 |+---------+---------+---------+---------+---------+---------+| Name VOffset VSize ROffset RSize Flags |+---------+---------+---------+---------+---------+---------+| .text 00001000 00000092 00000400 00000200 60000020|| .rdata 00002000 000000F6 00000600 00000200 40000040|| .data 00003000 0000018E 00000800 00000200 C0000040|| .rsrc 00004000 000003A0 00000A00 00000400 C0000040|+---------+---------+---------+---------+---------+---------+文件虚拟偏移地址和文件物理偏移地址的计算公式如下:>>>>>>>VaToFileOffset(虚拟地址转文件偏移地址)如VA = 00401000 (虚拟地址)ImageBase = 00400000 (基地址)VRk = VOffset - ROffset = 00001000 - 00000400 = C00 (得出文件虚拟地址和文件物理址之间的VRk值)FileOffset = VA - ImageBase - VRk = 00401000 - 00400000 - C00 = 400(文件物理地址的偏移地址)如VA = 00401325,则:FileOffset = VA - ImageBase - VRk = 00401325 - 00400000 - C00 = 725>>>>>>FileOffsetToVa(文件偏移地址转虚拟地址)如FileOffset = 435(文件偏移地址)VA = FileOffset + ImageBase + VRk = 435 + 00400000 + C00 = 00401035(虚拟地址) 还有老大给的一张图: 相关文章:
