-3

I am taking an assembly class and having a terrible time trying to figure out a question. We have the following:

enter image description here

For the life of me, I have been trying to Google this to figure it out, but haven't been able to find much and unfortunately, there is nothing in our text to guide me. I am hoping someone might be able to guide me on figuring this out.

1). What is the size of the .text section once it is loaded into memory? 2). What is the RVA of the .data section once it is loaded into memory? 3). What is the physical size of the .data section on disk?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
  • 3
    Do not post pictures of text please. [Edit] your question and add the text in the picture as text. Also, do you have additional information? From the information in the picture alone, I don't think it's possible to answer your question. – fuz Jul 16 '21 at 11:37
  • The first bytes are clearly the name in ascii. Consult your material to see what the other fields correspond to. Presumably the file offset, size and RVA are in there. – Jester Jul 16 '21 at 13:00

1 Answers1

5

If you would have googled for COFF specification, it would lead you to Section Table (Section Headers).
The dump apparently contains three COFF section headers. If you prefer their description in assembly, here you are:

COFF_SECTION_HEADER   STRUC
.Name                 DB 8*BYTE ; Section name, NULL padded.
.VirtualSize          DD  ; Total aligned section size when loaded in memory. 
.VirtualAddress       DD  ; RVA of section relative to ImageBase when loaded.
.SizeOfRawData        DD  ; Section size in the file (before loaded).
.PointerToRawData     DD  ; File pointer to section data. 
.PointerToRelocations DD  ; File pointer to relocations. NULL if no relocations.
.PointerToLinenumbers DD  ; File pointer to line-number entries or NULL. 
.NumberOfRelocations  DW  ; Number of relocation entries for this section.
.NumberOfLinenumbers  DW  ; Number of line-number entries for this section.
.Characteristics      DD  ; Section properties.
ENDSTRUC

Keep on mind that in LittleEndian the DWORDs start with the less significant byte (reversed), for instance .VirtualSize of .text section, which is dumped as 00100000 is in fact 0x00001000, i.e. 1 KB when loaded in memory. Size of .data or .text section in PE file is kept in the member .SizeOfRawData.

vitsoft
  • 5,515
  • 1
  • 18
  • 31