[PE] Section alignment breaks the translation of an offset to a virtual address

[icecr4ck]

Hello,

When I use the function off2virt on a PE executable loaded with the miasm sandbox, it does not return the correct virtual address. After some digging, I suspect the issue comes from the section alignment done when the PE is loaded into "memory" (see the code below).

https://github.com/cea-sec/miasm/blob/232accb6b23c284bf4c30ac89c6f0524010fbfa1/miasm/jitter/loader/pe.py#L218-L231

I am not sure to understand the line 227 in which you set the offset attribute to the addr attribute of a section. As the function off2virt calls off2rva which the return value depends on the value of section.offset, it can't return the correct value if the offset of a section is replaced by its rva.

https://github.com/cea-sec/miasm/blob/232accb6b23c284bf4c30ac89c6f0524010fbfa1/miasm/loader/pe_init.py#L489

What do you think about it?

Thanks!

[serpilliere]

Yep I am not remembering why it's there. But I will double check as it seems weird. Thank you for the feedback!