.386
.model flat,stdcall
option casemap:none
include Windows.inc
include User32.inc
include Kernel32.inc
includelib User32.lib
includelib Kernel32.lib
.data
hMainHandle dd ?
hReturnAddress dd ?
szPaintBuf db '%08x',0
szBuf db 100 dup(0)
szSectionName db 9 dup(0)
.code
;////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
_FindRvaSectionName proc _dwBase,_dwRva
local @nIndex
local @Ret
local @szBuf
pushad
mov esi,_dwBase
mov edi,_dwRva
assume esi : ptr IMAGE_DOS_HEADER
add esi, [esi].e_lfanew
assume esi: ptr IMAGE_NT_HEADERS
;mov eax,[esi].OptionalHeader.ImageBase
;mov @ImageBase,eax
movzx ecx,[esi].FileHeader.NumberOfSections
add esi,sizeof IMAGE_NT_HEADERS
assume esi : ptr IMAGE_SECTION_HEADER
.repeat
mov eax,[esi].VirtualAddress
add eax,[esi].SizeOfRawData
.if (edi >= [esi].VirtualAddress) && (edi < eax)
mov eax,esi
jmp @F
.endif
add esi,sizeof IMAGE_SECTION_HEADER
.untilcxz
assume esi:nothing
mov eax,0
@@:
mov @Ret,eax
popad
mov eax,@Ret
ret
_FindRvaSectionName endp
start:
invoke GetModuleHandle,NULL
mov hMainHandle,eax
invoke _FindRvaSectionName,hMainHandle,00002100h
invoke ExitProcess,NULL
end start