How to find out where the code will be located in EXE memory?

P

pqgg7nwkd42016-07-04 17:59:04

Programming

pqgg7nwkd4, 2016-07-04 17:59:04

Good afternoon.
I'm making a patch for an EXE file.
I found the necessary place in the EXE file at offset O1.
The new code has a command:

CPU Disasm
Address   Hex dump          Command                                  Comments
008058D1    D80D F24C8000   FMUL DWORD PTR DS:[804CF2]               ; FLOAT 4472.420

Address 804CF2 should contain the number 100.00.
I put this number behind the code:

CPU Disasm
Address   Hex dump          Command                                  Comments
008058F0   /EB 08           JMP SHORT 008058FA
008058F2   |0000            ADD BYTE PTR DS:[EAX],AL
008058F4   |C8 4290 90      ENTER 9042,90
008058F8   |90              NOP
008058F9   |90              NOP
008058FA   \90              NOP

0000C842 is 100.00.
But at the patch stage, I cannot determine this address and write it to a file.
I add to the offset: O1 + $00400000, but still "miss".
How to do it?
Thanks?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir Martyanov, 2016-07-04
@vilgeforce

In general, it is not clear what exactly you want to get from what. Do you have some "address" - 0x804CF2 and want to find the offset in this EXE file that corresponds to this address?

N

none7, 2016-07-04
@none7

He said the evil hackers have already done everything for you. PE Tools utility, select process, select executable file, RMB, PE editor -> read only, FLC(File Location Calculator), RVA, VA, file offset, consider anything from anything. It makes no sense to do the calculation in the patcher, if this is not the same executable file that you have, then you will simply break it with your RVA to FO. Just write the hash of the file and the offset in the file to the patcher source. By the way, it was easier to google the function code with a simple rva to file offset