The virtual address is not necessarily the same as the disk offset.
Actually, it seems that the security directory is one of the few places
where a disk offset is intentionally used. Trying to compensate for the
virtual address results in failure in this case.
I have been amending the code t
Owen Rudge writes:
> +sd = &nt_hdr.OptionalHeader.DataDirectory[IMAGE_FILE_SECURITY_DIRECTORY];
> +
> +sd->Size = dwSize;
> +sd->VirtualAddress = dwOfs;
> +
> +TRACE("size = %x addr = %x\n", sd->Size, sd->VirtualAddress);
> +
> +/* write the header back again */
> +count =
