La conversión se puede realizar a mano con la siguiente formula: Offset = (RVA - VirtualAddress) + PointerToRawData
#cs ----------------------------------------------------------------------------
AutoIt Version: 3.3.8.1
Author: Naker90
Script Function:
Pasa una direccion virtual relativa (Rva) a offset
#ce ----------------------------------------------------------------------------
Func RvaToOffset($nFile, $nRva)
Local $nOpen = FileOpen($nFile, 16)
Local $nSize = FileGetSize($nFile)
Local $nRead = FileRead($nOpen)
FileClose($nOpen)
Local $nFileStruct = DllStructCreate('Byte[' & $nSize & ']')
DllStructSetData($nFileStruct, 1, $nRead)
Local $nPointer = DllStructGetPtr($nFileStruct)
Local $nDosStruct = DllStructCreate('WORD e_magic;WORD e_cblp;WORD e_cp;WORD e_crlc;WORD e_cparhdr;WORD e_minalloc;WORD e_maxalloc;WORD e_ss;WORD e_sp;WORD e_csum;WORD e_ip;' & _
'WORD e_cs;WORD e_lfarlc;WORD e_ovno;WORD e_res[4];WORD e_oemid;WORD e_oeminfo;WORD e_res2[10];LONG e_lfanew;', $nPointer)
Local $nPE0x0x = DllStructGetData($nDosStruct, 'e_lfanew')
$nPointer += $nPE0x0x
Local $nNTStruct = DllStructCreate('DWORD Signature;CHAR FileHeader[20];CHAR OptionalHeader[224]', $nPointer)
Local $nFileHeaderStruct = DllStructCreate('WORD Machine;WORD NumberOfSections;DWORD TimeDateStamp;DWORD PointerToSymbolTable;DWORD NumberOfSymbols;' & _
'WORD SizeOfOptionalHeader;WORD Characteristics;', DllStructGetPtr($nNTStruct, 'FileHeader'))
$nPointer += (DllStructGetData($nFileHeaderStruct, 'SizeOfOptionalHeader') + 24)
Local $nSectionHeader = 'CHAR name[8];DWORD VirtualAddress;DWORD SizeOfRawData;DWORD PointerToRawData;DWORD PointerToRelocations;DWORD PointerToLinenumbers;' & _
'WORD NumberOfRelocations;WORD NumberOfLinenumbers;DWORD Characteristics;'
Local $nSectionStruct, $nReturn = 0
For $i = 1 to DllStructGetData($nFileHeaderStruct, 'NumberOfSections')
$nPointer += ($i * 0x28)
$nSectionStruct = DllStructCreate($nSectionHeader, $nPointer)
if DllStructGetData($nSectionStruct, 'SizeOfRawData') + DllStructGetData($nSectionStruct, 'VirtualAddress') > $nRva then
$nReturn = ($nRva - DllStructGetData($nSectionStruct, 'VirtualAddress')) + DllStructGetData($nSectionStruct, 'PointerToRawData')
ExitLoop
Else
$nPointer = $nPointer - ($i * 0x28)
EndIf
Next
if $nReturn <> 0 then
Return $nReturn
Else
Return 0
EndIf
EndFunc
Saludos