My test.asm file contains the _start function while the the test.c file contains main function
I need to get the offset address of the labels main and _start in my test.asm file
for example if my program's base address is 0x400000
I can get the effective address of main during runtime which is 0x401260
however how do i calculate the offset of main function in relative to the base address?
i.e 0x401260 - 0x400000 = 0x1260
how do i get the value 0x1260 which is the offset for main function in nasm?
same for the _start function
I tried:
mov rdi, main
mov rsi, _start
sub rsi, main
call poly
As you can see i can get the full address in this way, however how do i get offsets for the above functions in relative to base address?
Edit: I actually have a use case for this
For example, I am making a self replicable polymorphic virus as such I would need to encrypt a section of executable.
My replicable virus works like this: 1) Run virus.exe
2) virus.exe base address is 0x400000 knows it’s ‘main’ address and starts decrypting ‘main’ 0x401260 until ‘main.end’ 0x402260and virus does nasty stuff
3) now virus.exe wants to replicate and morph as such virus.exe opens virus.exe file inorder to decrypt the encrypted region, generate new decryption routine and write both the new encrypted region and corresponding decryption scheme into the virus.exe file.
The virus.exe file is read in an allocated memory this memory starts from 0x40b620. Virus.exe needs to first decrypt the encrypted region ‘main’ to ‘main.end’ in the opened virus.exe file as such virus.exe needs to know the offset at which the ‘main’ function resides. PROBLEM!! because the opened virus.exe file allocated memory starts at a different offset b620 relative to the base of the current running virus.exe as such to access the main function starting point in the virus.exe I will need to calculate ‘b620’ + ‘1260’ to get the offset of the main function relative to my base address OR 0x40b620 + 1260 to get full address of the ‘main’ function in the opened virus.exe file in memory.
One method that can solve this issue is when I allocate memory for the file being read in in the test.c file, if I can find out the offset the allocation happens relative to the start of the program. Then I can use that value which would be 0xb620 And pass this as an argument to my test.asm file.
MORE EDIT a different explaination:
i am creating a polymorphic virus which does enc/dec to sections of its own file as such need to open own file and operate on it. say i want to decrypt region A to B in the file, i do not know address of A in the file, however what i know is [current_running_virus_program_base_addr + A] = full address of A, since A is a label in my executable so i know the full address of A
so lets say:
current running virus [base_addr + A] = 0x400000
file malloc start address = 0x4068b0
if i know the difference of 0x68b0
then i can calculate the full address of function A in the virus file as such:
[current_running_virus_program_base_addr + A] + 0x68b0
What I tried:
Get my current memory for ‘main’ which is 0x401260 and remove the first char which is ‘4’ which gives 0x1260.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《How do i get offset of a label in relative to the 》','https://www.manongdao.com/article-934838.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}