search

m4b / goblin

An impish, cross-platform binary parsing crate, written in Rust
MIT License
1.17k stars 156 forks source link

Parsing relocations in a PE file #392

Closed lexika979 closed 5 months ago

lexika979 commented 5 months ago

Hello, I may need some help understanding how to use goblin for my use case. I'd like to manually map a PE and execute it. Of course, i need to first fix the relocations so that the addresses match. Unfortunately, I cannot find a way to do this with goblin. I tried something like this:

        let pe = PE::parse(&self.bytes)?;
        for sec in pe.sections {
            if let Ok(mut v) = sec.relocations(&self.bytes) {
                debug!("{} {:?}", String::from_utf8(sec.name.to_vec())?, v.next());
            }
        }

And also some other things, but cannot get it to work. I'd appreciate any advice! :)

philipc commented 5 months ago

PE uses relocations in the base relocation data directory, not COFF relocations in sections. You can use get_base_relocation_table to get the data directory, but there doesn't appear to be anything to parse it yet.

lexika979 commented 5 months ago

Right, so maybe that should be something mentioned in the readme, especially if goblin claims to be the "one-stop shop for binary parsing, loading, and analysis"

philipc commented 5 months ago

No, it would be more appropriate for it to be added to goblin. PRs are accepted.