section of type lief.PE.Section return RVA if invoke section.virtual_address

[seekamoon]

Describe the bug
Hi,

Thank you for your nice work. I just found that for an obejct section of type lief.PE.Section, if we invoke section.virtual_address, it will return the relative virtual address (RVA) with respect to the imagebase rather than the actual virtual address (i.e., imagebase + RVA).

And, I make another test. For an object section of type lief.ELF.Section, section.virtual_address will return the actual virtual address rather than RVA.

Is this discrepancy expected?

To Reproduce

import lief

# PE sample
binary = lief.parse('notepad.exe')
print('ImageBase:', hex(binary.imagebase))
print('EP:', hex(binary.entrypoint))

section = binary.get_section('.text')
assert isinstance(section, lief.PE.Section)
print(section.name, hex(section.virtual_address))

# ELF sample
binary = lief.parse('elf_sample')
print('ImageBase:', hex(binary.imagebase))
print('EP:', hex(binary.entrypoint))

section = binary.get_section('.text')
assert isinstance(section, lief.ELF.Section)
print(section.name, hex(section.virtual_address))

Output:

# PE sample
ImageBase: 0x400000
EP: 0x45d3d3
.text 0x1000

# ELF sample
ImageBase: 0x8048000
EP: 0x80498f0
.text 0x80498f0

Expected behavior
IIRC, virtual_address should refer to imagebase + RVA rather than RVA.

Environment (please complete the following information):

• System and Version : MacOS 14.2.1
• Target format: PE, ELF
• LIEF commit version: 0.13.2-2d9855fc
• samples.zip

[romainthomas]

Hi @seekamoon

Actually this is on purpose to return an RVA and not a VA since the imagebase is stored in another header.

I agree that it's confusing but this is how the PE format is documented:

VirtualAddress: For executable images, the address of the first byte of the section relative to the image base when the section is loaded into memory

[seekamoon]

Thank you for explanation. Now I see.