Closed GoogleCodeExporter closed 9 years ago
OK, I think I have some insight on this now.
Distorm's decoder starts decoding from the start of the code you give it, which
is assumed to be located at the virtual address you pass to it via the
'offset' parameter.
*NOT*: Distorm will relocate the code I give it and seek to the vaddr I pass.
Can you confirm this?
I suppose this is what is meant by "Note: The first argument offset is the
virtual address of the code block. It is not an offset inside code! It is
similar to the [org] directive of Assemblers.", but I read this as, distorm
expects a virtual address, not a file offset.
In general I find this quite confusing. If you look at the ELF documentation
(www.skyfree.org/linux/references/ELF_Format.pdf), throughout this document the
term "offset" refers to a file offset, that is, code in a ELF file. Whereas, an
"address" is a virtual address in a relocated memory image.
This is why I find this sentence confusing: "The first argument offset is the
virtual address of the code block".
Anyway, have I answered my own question? Cheers
Original comment by vex...@gmail.com
on 17 May 2012 at 2:33
You answered your own question.
How should I rephrase it?
I think people still confuse between 'offset' and 'address'. I tried to clarify
and yet I failed.
Thanks
Original comment by distorm@gmail.com
on 17 May 2012 at 7:23
Original comment by distorm@gmail.com
on 19 May 2012 at 2:54
Original issue reported on code.google.com by
vex...@gmail.com
on 17 May 2012 at 11:26Attachments: