From ae1e21851e6e8e560c0a674c3e3ed7bff4455500 Mon Sep 17 00:00:00 2001 From: Ben Frederickson Date: Fri, 1 Nov 2024 10:58:28 -0700 Subject: [PATCH] Use RVA for PE symbols --- src/binary_parser.rs | 6 ++---- src/python_process_info.rs | 18 ++++++++++++++++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/binary_parser.rs b/src/binary_parser.rs index a0b3f688..4df02687 100644 --- a/src/binary_parser.rs +++ b/src/binary_parser.rs @@ -234,10 +234,8 @@ pub fn parse_binary(filename: &Path, addr: u64, size: u64) -> Result { for export in pe.exports { if let Some(name) = export.name { - if let Some(export_offset) = export.offset { - if let Some(addr) = offset.checked_add(export_offset as u64) { - symbols.insert(name.to_string(), addr); - } + if let Some(addr) = offset.checked_add(export.rva as u64) { + symbols.insert(name.to_string(), addr); } } } diff --git a/src/python_process_info.rs b/src/python_process_info.rs index 55b8cbef..3fc90f1f 100644 --- a/src/python_process_info.rs +++ b/src/python_process_info.rs @@ -75,7 +75,14 @@ impl PythonProcessInfo { let map = maps.iter().find(|m| { if let Some(pathname) = m.filename() { if let Some(pathname) = pathname.to_str() { - return is_python_bin(pathname) && m.is_exec(); + #[cfg(not(windows))] + { + return is_python_bin(pathname) && m.is_exec(); + } + #[cfg(windows)] + { + return is_python_bin(pathname); + } } } false @@ -139,7 +146,14 @@ impl PythonProcessInfo { let libmap = maps.iter().find(|m| { if let Some(pathname) = m.filename() { if let Some(pathname) = pathname.to_str() { - return is_python_lib(pathname) && m.is_exec(); + #[cfg(not(windows))] + { + return is_python_lib(pathname) && m.is_exec(); + } + #[cfg(windows)] + { + return is_python_lib(pathname); + } } } false