Win32 虚拟偏移转换文件地址

.386
.model flat,stdcall
option casemap:none

include Windows.inc
include User32.inc
include Kernel32.inc
includelib User32.lib
includelib Kernel32.lib

.data
hMainHandle  dd  ?
hReturnAddress dd  ?
szPaintBuf  db  '%08x',0
szBuf   db  100 dup(0)
szSectionName db  9 dup(0)
.code 
;////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
_FindRvaSectionName  proc  _dwBase,_dwRva
 local @nIndex
 local @Ret
 local @szBuf
 pushad
 mov esi,_dwBase
 mov edi,_dwRva
 assume esi : ptr IMAGE_DOS_HEADER
 add esi, [esi].e_lfanew
 assume esi: ptr IMAGE_NT_HEADERS
 ;mov eax,[esi].OptionalHeader.ImageBase
 ;mov  @ImageBase,eax
 movzx ecx,[esi].FileHeader.NumberOfSections
 add esi,sizeof IMAGE_NT_HEADERS
 assume esi : ptr IMAGE_SECTION_HEADER
 .repeat
  mov eax,[esi].VirtualAddress
  add eax,[esi].SizeOfRawData
  .if (edi >= [esi].VirtualAddress) && (edi < eax)
   mov eax,esi
   jmp @F
  .endif
  add esi,sizeof IMAGE_SECTION_HEADER
 .untilcxz
 assume esi:nothing
 mov eax,0
 @@:
 mov @Ret,eax
 popad
 mov eax,@Ret
 ret
_FindRvaSectionName  endp
start:
 invoke GetModuleHandle,NULL
 mov hMainHandle,eax
 invoke _FindRvaSectionName,hMainHandle,00002100h
 invoke ExitProcess,NULL
end start