Geek Answers Handbook

What is “alignment” and how to convert from one alignment to another?

Here are the steps to convert from section alignment to file alignment:

  • Find RVA for data
  • From the RVA, derive the section that owns the data that it refers to. This is trivial as sections do not overlap. The source addresses of the various sections are available in the file header.
  • Find the difference between the RVA and the starting address of the section to find the data offset, that is, the offset of the data in the section.
  • In the file header for the same section, find the location of the same section in the file.
  • Add the data offset to the location of the section in the file to find the address of the data in the file.

But I just don’t understand this, can someone clarify the details?

+4
source share
1 answer

Alignment is a rounded value. The size of these partitions is rounded for efficiency, because the OS moves things around in chunks anyway.

File alignment is typically 512 bytes, which correspond to the block size of most file systems.

Partition alignment is typically 4096 bytes, which correspond to the size of the memory page.

So, if you have a PE file with a section (for example, " .text ") that contains 513 bytes of data:

  • The .text section will be rounded to 1024 bytes in the file.
  • The .text section will be rounded to 4096 bytes in memory.

Pay attention to the amount of free space both in the file and in memory.

I'm not sure why you want to "convert from one alignment to another." The recipe you received leaves the goal of the exercise a secret. If your goal is to manipulate PE files, then all you need to consider is file alignment. The Windows boot loader will process the partition alignment material when it issues it to memory, so you don’t have to think about it at all.

Read more about PE here .

+9
source

More articles:


All Articles