[BUGFIX] Updated libpeconv with a bugfix (rebase). Set original base …

…in the dump report only if it was used
hasherezade · Nov 2, 2024 · 1dedbd0 · 1dedbd0
1 parent bd4b656
commit 1dedbd0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/libpeconv b/libpeconv
diff --git a/postprocessors/results_dumper.cpp b/postprocessors/results_dumper.cpp
@@ -311,9 +311,6 @@ bool pesieve::ResultsDumper::dumpModule(IN HANDLE processHandle,
 	ModuleDumpReport *modDumpReport = new ModuleDumpReport(module_buf.getModuleBase(), module_buf.getBufferSize());
 	dumpReport.appendReport(modDumpReport);
 
-	if (out_base) {
-		modDumpReport->rebasedTo = out_base;
-	}
 	modDumpReport->dumpFileName = makeModuleDumpPath(module_buf.getModuleBase(), module_name, payload_ext);
 	modDumpReport->is_corrupt_pe = is_corrupt_pe;
 	modDumpReport->is_shellcode = !module_buf.isValidPe() && module_buf.isCode();
@@ -342,6 +339,9 @@ bool pesieve::ResultsDumper::dumpModule(IN HANDLE processHandle,
 			modDumpReport->isDumped = module_buf.dumpToFile(modDumpReport->dumpFileName);
 			curr_dump_mode = peconv::PE_DUMP_VIRTUAL;
 		}
+		if (curr_dump_mode != peconv::PE_DUMP_VIRTUAL && out_base) {
+			modDumpReport->rebasedTo = out_base;
+		}
 		modDumpReport->mode_info = get_dump_mode_name(curr_dump_mode);
 		bool iat_not_rebuilt = (imprec_res == ImpReconstructor::IMP_RECOVERY_ERROR) || (imprec_res == ImpReconstructor::IMP_RECOVERY_NOT_APPLICABLE);
 		if (iat_not_rebuilt || save_imp_report) {