Changeset 8913 for trunk/src

Timestamp:

Jul 23, 2002, 3:51:49 PM (23 years ago)

Author:

sandervl

Message:

Enhanced PE loader class to support files with PE image starting at an offset ..= 0 (custom build) & Fixes for memory map view with offset

Location:

trunk/src/kernel32

Files:

• mmap.cpp (modified) (2 diffs)
• mmap.h (modified) (2 diffs)
• windllpeldr.cpp (modified) (3 diffs)
• windllpeldr.h (modified) (2 diffs)
• winexepeldr.cpp (modified) (3 diffs)
• winexepeldr.h (modified) (2 diffs)
• winimagepeldr.cpp (modified) (43 diffs)
• winimagepeldr.h (modified) (3 diffs)

trunk/src/kernel32/mmap.cpp

@@ -1 @@
-/* $Id: mmap.cpp,v 1.58 2002-07-15 14:28:51 sandervl Exp $ */
+/* $Id: mmap.cpp,v 1.59 2002-07-23 13:51:47 sandervl Exp $ */
 
 /*
@@ -434 +434 @@
         }
     }
-    mapview = new Win32MemMapView(this, offset, (size == 0) ? mSize : size, fdwAccess);
+    mapview = new Win32MemMapView(this, offset, (size == 0) ? (mSize - offset) : size, fdwAccess);
     if(mapview == NULL) {
         goto fail;

trunk/src/kernel32/mmap.h

@@ -1 @@
-/* $Id: mmap.h,v 1.23 2002-07-21 09:20:56 sandervl Exp $ */
+/* $Id: mmap.h,v 1.24 2002-07-23 13:51:48 sandervl Exp $ */
 
 /*
@@ -122 +122 @@
    DWORD  getAccessFlags()               { return mfAccess; };
    DWORD  getSize()                      { return mSize;    };
-   LPVOID getViewAddr()                  { return pMapView; };
    ULONG  getOffset()                    { return mOffset;  };
+   LPVOID getViewAddr()                  { return (LPVOID)((char *)pMapView + getOffset()); };
 
    BOOL   everythingOk()                 { return errorState == 0; };

trunk/src/kernel32/windllpeldr.cpp

@@ -1 @@
-/* $Id: windllpeldr.cpp,v 1.10 2002-07-18 11:52:56 achimha Exp $ */
+/* $Id: windllpeldr.cpp,v 1.11 2002-07-23 13:51:48 sandervl Exp $ */
 
 /*
@@ -34 +34 @@
 #include "dbglocal.h"
 
-//******************************************************************************
-// Design information on PE DLL memory layout - AH 2002-07-18
-//
-// We are currently using (high) private memory for all PE objects, including the
-// read/execute code segments, constant data segments and global data segments.
-// Global data segments might not be implemented correctly at all as we've never
-// encountered any applictions making use of them. Therefore we are actually
-// wasting memory when running multiple processes using the same PE DLLs.
-//
-// There are several reasons for this design decisions. Both OS/2 (LX) and
-// Windows NT put all DLL segments into the shared arena. What they do for
-// instance data is map it for each process to read-only pages initially. When
-// a write attempt is made by a process, an exception will be triggered. This
-// makes the operating system to copy the data to a new page that is read/write
-// and change the page table of the process to map the linear process in the
-// shared arena to private memory (this is called "copy-on-write").
-// Even though an application is not guaranteed any virtual address for instance
-// data segments, they always end up in the shared region and the virtual addreses
-// are contiguous. An application could therefore make nasty assumptions.
-// Unfortunately, it is not possible for us from ring 3 to replicate the behavior
-// for our PE loader. While we can make the page read only and catch the
-// exception, we have no method to remap the pages to private memory.
-//
-// One solution would be to create another reagion with the private region,
-// i.e. define some address space range as reserved in Odin (configurable to
-// workaround issues with certain PE images requiring those addresses). We
-// could then load the instance data segments of PE DLLs into this private
-// memory arena and still guarantee identical virtual addresses for each
-// process.
-//
-// While the above method should work fine (assuming an application does not
-// make any nasty assumptions), there is one major problem. If we enable the
-// PE on-demand loader (i.e. the mmap loads each page from the PE file when
-// it is accesses for the first time - very much like NT), then we would have
-// nasty concurrency issues. A process could access a page for the first time
-// and the exception is triggered. We commit the page read the data in using
-// a call to DosRead. If the very same page is accessed from a different
-// process after we have committed it but before we have finished the DosRead,
-// we would run into problems. Unfortunately, there does not seem to be any
-// solution for this.
-//
-// The bottomline is that we put everything into private memory and accept the
-// drawback of wasting memory.
-//******************************************************************************
-
 
 //******************************************************************************
@@ -98 +53 @@
 //******************************************************************************
 //******************************************************************************
-BOOL Win32PeLdrDll::init(ULONG reservedMem)
+BOOL Win32PeLdrDll::init(ULONG reservedMem, ULONG ulPEOffset)
 {
  char   modname[CCHMAXPATH];

trunk/src/kernel32/windllpeldr.h

@@ -1 @@
-/* $Id: windllpeldr.h,v 1.2 2001-06-15 09:42:49 bird Exp $ */
+/* $Id: windllpeldr.h,v 1.3 2002-07-23 13:51:48 sandervl Exp $ */
 
 /*
@@ -22 +22 @@
 virtual ~Win32PeLdrDll();
 
-virtual BOOL  init(ULONG reservedMem);
+virtual BOOL  init(ULONG reservedMem, ULONG ulPEOffset = 0);
 
         BOOL  isLxDll() const;

trunk/src/kernel32/winexepeldr.cpp

@@ -1 @@
-/* $Id: winexepeldr.cpp,v 1.18 2002-07-23 13:25:34 sandervl Exp $ */
+/* $Id: winexepeldr.cpp,v 1.19 2002-07-23 13:51:48 sandervl Exp $ */
 
 /*
@@ -135 +135 @@
 
   OS2SetExceptionHandler(&exceptFrame);
-  if(WinExe->init(reservedMem) == FALSE) 
+  if(WinExe->init(reservedMem, ulPEOffset) == FALSE) 
   {
         if(szErrorModule[0] != 0) {
@@ -185 +185 @@
 //******************************************************************************
 //******************************************************************************
-BOOL Win32PeLdrExe::init(ULONG reservedMem)
-{
- BOOL rc;
-
-  rc = Win32PeLdrImage::init(reservedMem);
-  return rc;
-}
-//******************************************************************************
-//******************************************************************************

trunk/src/kernel32/winexepeldr.h

@@ -1 @@
-/* $Id: winexepeldr.h,v 1.6 2002-07-23 13:25:34 sandervl Exp $ */
+/* $Id: winexepeldr.h,v 1.7 2002-07-23 13:51:48 sandervl Exp $ */
 
 /*
@@ -25 +25 @@
 virtual ~Win32PeLdrExe();
 
-virtual BOOL init(ULONG reservedMem);
-
 protected:
 private:

trunk/src/kernel32/winimagepeldr.cpp

@@ -1 @@
-/* $Id: winimagepeldr.cpp,v 1.98 2002-07-17 21:09:20 achimha Exp $ */
+/* $Id: winimagepeldr.cpp,v 1.99 2002-07-23 13:51:49 sandervl Exp $ */
 
 /*
@@ -21 +21 @@
  *       So an instance of this type can't be used for anything but resource lookup!
  *
+ * NOTE: File pointer operations relative to the start of the file must add
+ *       ulPEOffset (in case PE image start != file start)
  *
  */
@@ -118 +120 @@
     nrOrdExportsRegistered(0)
 {
- HFILE  dllfile;
+    HFILE  dllfile;
 
     fIsPEImage = TRUE;
@@ -173 +175 @@
 //******************************************************************************
 //******************************************************************************
-BOOL Win32PeLdrImage::init(ULONG reservedMem)
+BOOL Win32PeLdrImage::init(ULONG reservedMem, ULONG ulPEOffset)
 {
  LPVOID win32file = NULL;
@@ -184 +186 @@
  IMAGE_DOS_HEADER doshdr;
  ULONG  signature;
+
+    //offset in executable image where real PE file starts (default 0)
+    this->ulPEOffset = ulPEOffset;
 
     hFile = OSLibDosOpen(szFileName, OSLIB_ACCESS_READONLY|OSLIB_ACCESS_SHAREDENYNONE);
@@ -200 +205 @@
         goto failure;
     }
-    if(OSLibDosSetFilePtr(hFile, doshdr.e_lfanew, OSLIB_SETPTR_FILE_BEGIN) == -1) {
+    if(OSLibDosSetFilePtr(hFile, ulPEOffset+doshdr.e_lfanew, OSLIB_SETPTR_FILE_BEGIN) == -1) {
         goto failure;
     }
@@ -236 +241 @@
         goto failure;
     }
-    win32file = memmap->mapViewOfFile(0, 0, 2);
+    //PE image starts at offset ulPEOffset (default 0)
+    win32file = memmap->mapViewOfFile(0, ulPEOffset, 2);
 
     if(DosQueryPathInfo(szFileName, FIL_QUERYFULLNAME, szFullPath, sizeof(szFullPath)) == 0) {
@@ -580 +586 @@
 
 #ifdef COMMIT_ALL
-        // this is a workaround until we have full page fault handling. We
-        // just commit all pages here, i.e. do the DosReads
         for (i=0; i<nSections; i++) {
             commitPage((ULONG)section[i].realvirtaddr, FALSE, COMPLETE_SECTION);
@@ -597 +601 @@
         }
 #endif
-        // here we are going to parse the export table and build a list
-        // in memory of what this module exports
         if(processExports((char *)win32file) == FALSE) {
             dprintf((LOG, "Failed to process exported apis" ));
@@ -612 +614 @@
 #endif
 
-    // a HINSTANCE in Windows is actually a pointer to the PE header!
+    //SvL: Use pointer to image header as module handle now. Some apps needs this
     hinstance = (HINSTANCE)realBaseAddress;
 
@@ -627 +629 @@
     }
 
-    // Allocate TLS index for this module
-    // Must do this before dlls are loaded for this module. Some apps assume
-    // they get TLS index 0 for their main executable
-    // AH TODO: is this really safe here? We call processExports before and
-    // the module might export forwarders so additional DLLs are loaded which
-    // in turn might allocate TLS in the initterm routine!
+    //Allocate TLS index for this module
+    //Must do this before dlls are loaded for this module. Some apps assume
+    //they get TLS index 0 for their main executable
     {
       USHORT sel = SetWin32TIB(TIB_SWITCH_FORCE_WIN32);
@@ -642 +641 @@
     if(!(dwFlags & (FLAG_PELDR_LOADASDATAFILE | FLAG_PELDR_SKIPIMPORTS)))
     {
-        // this will process all import statements and resolve them. I.e.
-        // additional DLLs will be loaded automatically.
         if(processImports((char *)win32file) == FALSE) {
             dprintf((LOG, "Failed to process imports!" ));
@@ -737 +734 @@
 {
  Section *section;
- ULONG fileoffset; // this will be the offset in the file we have to read at
-                   // it will be calculated from the virtual address
- ULONG    offset, size, sectionsize, protflags, range, attr;
+ ULONG    offset, size, sectionsize, protflags, fileoffset, range, attr;
  ULONG    ulNewPos, ulRead, orgVirtAddress = virtAddress;
  APIRET   rc;
@@ -748 +743 @@
     }
 
-    // round down to nearest page boundary
+    //Round down to nearest page boundary
     virtAddress = virtAddress & ~0xFFF;
 
-    // check if this address corresponds to any PE section
     section = findSectionByOS2Addr(virtAddress);
     if(section == NULL) {
-        // maybe the section does not start at a page boundary?
         section = findSectionByOS2Addr(orgVirtAddress);
         if(section) {
@@ -760 +753 @@
         }
     }
-    // if we still haven't found the section, it's a special case
     if(section == NULL) {
         size        = 4096;
@@ -766 +758 @@
         //Header page must be readonly (same as in NT)
         protflags   = PAG_READ;
-
-        // check if there is a previous section
         section = findPreviousSectionByOS2Addr(virtAddress);
-
-        // no, so it must be the PE header
-        if(section == NULL) {
+        if(section == NULL) {//access to header
             offset     = 0;
             fileoffset = virtAddress - realBaseAddress;
@@ -785 +773 @@
         sectionsize = section->virtualsize - offset;
 
-        // check if this is unitialized data (i.e. not present in the PE file
-        // and set to 0 by the PE loader
         if(offset > section->rawsize || section->type == SECTION_UNINITDATA) {
-            // AH TODO shouldn't be abusing these variables here...
+            //unintialized data (set to 0)
             size = 0;
             fileoffset = -1;
         }
         else {
-            size = section->rawsize - offset;
+            size = section->rawsize-offset;
             fileoffset = section->rawoffset + offset;
         }
@@ -801 +787 @@
         }
     }
-    // we completely ignore debug sections!
-    if(fPageCmd == COMPLETE_SECTION && (section && section->type == SECTION_DEBUG)) {
+    if(fPageCmd == COMPLETE_SECTION && (section && section->type == SECTION_DEBUG)) {//ignore
         return TRUE;
     }
@@ -832 +817 @@
     sectionsize = min(sectionsize, range);
 
-    // make sure this is not address space that has no backing PE file data
-    // (i.e. uninitialized data)
-    // AH TODO: don't abuse these variables!
     if(size && fileoffset != -1) {
         rc = DosEnterCritSec();
@@ -841 +823 @@
             goto fail;
         }
-        // we need write permissions for now to do the actual loading
         rc = DosSetMem((PVOID)virtAddress, sectionsize, PAG_READ|PAG_WRITE|PAG_COMMIT);
         if(rc) {
@@ -849 +830 @@
         }
 
-        if(DosSetFilePtr(hFile, fileoffset, FILE_BEGIN, &ulNewPos) == -1) {
+        if(DosSetFilePtr(hFile, ulPEOffset+fileoffset, FILE_BEGIN, &ulNewPos) == -1) {
             DosExitCritSec();
             dprintf((LOG, "Win32PeLdrImage::commitPage: DosSetFilePtr failed for 0x%x!", fileoffset));
@@ -874 +855 @@
         setFixups(virtAddress, sectionsize);
 
-        // set the protection flags to what the section requests
         rc = DosSetMem((PVOID)virtAddress, sectionsize, protflags);
         DosExitCritSec();
@@ -883 +863 @@
     }
     else {
-        // unitialized data section, padded with 0 (done by OS/2)
-
         rc = DosEnterCritSec();
         if(rc) {
@@ -891 +869 @@
         }
 
-        // get temporary write permission
         rc = DosSetMem((PVOID)virtAddress, sectionsize, PAG_READ|PAG_WRITE|PAG_COMMIT);
         if(rc) {
@@ -900 +877 @@
         setFixups(virtAddress, sectionsize);
 
-        // set the protection flags to what the section requests
         rc = DosSetMem((PVOID)virtAddress, sectionsize, protflags);
         DosExitCritSec();
@@ -955 +931 @@
         return allocFixedMem(reservedMem);
     }
-    // AH TODO: aren't we wasting 64kb address space here if things go bad?
     rc = OSLibDosAllocMem((PPVOID)&baseAddress, imageSize, PAG_READ | PAG_WRITE);
     if(rc) {
@@ -1129 +1104 @@
 }
 //******************************************************************************
-// setFixups:
-//   this is the main fixup processing function. It uses the virtual image base
-//   address (oh.ImageBase) and replaces all fixups by the relative virtual address
-//   plus the image base address
 //******************************************************************************
 BOOL Win32PeLdrImage::setFixups(ULONG virtAddress, ULONG size)
 {
- int i;
+ int   i, j;
  char *page;
  ULONG count, newpage;
@@ -1142 +1113 @@
  PIMAGE_BASE_RELOCATION prel = pFixups;
 
-  // is fixup processing required?
   if(realBaseAddress == oh.ImageBase || fh.Characteristics & IMAGE_FILE_RELOCS_STRIPPED) {
         return(TRUE);
   }
 
-  // convert the virtual address to a relative virtual address
   virtAddress -= realBaseAddress;
-
-  // round size to next page boundary
-  size  = (size - 1) & ~0xFFF;
+  //round size to next page boundary
+  size  = (size-1) & ~0xFFF;
   size += PAGE_SIZE;
 
-  // do we have relocation records (aka fixups)?
   if(prel) {
-        // move to the first relocation record
-        while(((ULONG)prel < (ULONG)pFixups + dwFixupSize) &&
+        j = 1;
+        while(((ULONG)prel < (ULONG)pFixups+dwFixupSize) &&
               prel->VirtualAddress && prel->VirtualAddress < virtAddress)
         {
             prel = (PIMAGE_BASE_RELOCATION)((char*)prel + prel->SizeOfBlock);
         }
-        // go through all relocation records
-        while(((ULONG)prel < (ULONG)pFixups + dwFixupSize) &&
+        while(((ULONG)prel < (ULONG)pFixups+dwFixupSize) &&
                prel->VirtualAddress && prel->VirtualAddress < virtAddress + size)
         {
             page = (char *)((char *)prel + (ULONG)prel->VirtualAddress);
-            // determine how many fixups we have to process
-            count = (prel->SizeOfBlock - 8) / 2;
-            for(i = 0; i < count; i++) {
+            count  = (prel->SizeOfBlock - 8)/2;
+            j++;
+            for(i=0;i<count;i++) {
                 int type   = prel->TypeOffset[i] >> 12;
                 int offset = prel->TypeOffset[i] & 0xFFF;
@@ -1184 +1150 @@
                     break;
                 }
-                // if the fixup crosses the final page boundary,
-                // then we have to load another page
+                //If the fixup crosses the final page boundary,
+                //then we have to load another page
                 if(prel->VirtualAddress + offset + fixupsize > virtAddress + size)
                 {
@@ -1191 +1157 @@
                     newpage &= ~0xFFF;
 
-                    // find the corresponding section so that we know lateron
-                    // what permission bits we have to assign to the new page
                     section  = findSectionByOS2Addr(newpage);
                     if(section == NULL) {
-                        // should never happen
-                        dprintf((LOG, "setFixups -> section == NULL!!"));
+                        //should never happen
+                        dprintf((LOG, "::setFixups -> section == NULL!!"));
                         return FALSE;
                     }
-                    // explicitly read page from disk
+                    //SvL: Read page from disk
                     commitPage(newpage, FALSE, SINGLE_PAGE);
 
                     //SvL: Enable write access (TODO: may need to prevent other threads from being active)
-                    DosSetMem((PVOID)newpage, PAGE_SIZE, PAG_READ | PAG_WRITE);
+                    DosSetMem((PVOID)newpage, PAGE_SIZE, PAG_READ|PAG_WRITE);
                 }
 
@@ -1224 +1188 @@
                         break;
                 }
-                // did we have to load another page?
                 if(prel->VirtualAddress + offset + fixupsize > virtAddress + size)
                 {
@@ -1231 +1194 @@
                 }
             }
-            // move to the next relocation record
             prel = (PIMAGE_BASE_RELOCATION)((char*)prel + prel->SizeOfBlock);
         }//while
@@ -1245 +1207 @@
 BOOL Win32PeLdrImage::setFixups(PIMAGE_BASE_RELOCATION prel)
 {
- int   i;
- #if DEBUG
- int j;
- #endif
+ int   i, j;
  char *page;
  ULONG count;
 
-  // if there are no fixups, we have nothing to do...
   if(fh.Characteristics & IMAGE_FILE_RELOCS_STRIPPED) {
         return(TRUE);
@@ -1258 +1216 @@
 
   if(prel) {
-        #if DEBUG
         j = 1;
-        #endif
-        // loop through all relocation records
         while(prel->VirtualAddress) {
             page = (char *)((char *)prel + (ULONG)prel->VirtualAddress);
-            // determine how many fixups we have to process
-            count  = (prel->SizeOfBlock - 8) / 2;
-
-            dprintf((LOG, "Page %d Address %x Count %d", j, prel->VirtualAddress, count));
-            #if DEBUG
+            count  = (prel->SizeOfBlock - 8)/2;
+            dprintf((LOG, "Page %d Address %x Count %d", j, prel->VirtualAddress, count ));
             j++;
-            #endif
-
-            for(i = 0; i < count; i++) {
+            for(i=0;i<count;i++) {
                 int type   = prel->TypeOffset[i] >> 12;
                 int offset = prel->TypeOffset[i] & 0xFFF;
@@ -1296 +1246 @@
                 }
             }
-            // advance to the next relocation record
             prel = (PIMAGE_BASE_RELOCATION)((char*)prel + prel->SizeOfBlock);
         }//while
@@ -1316 +1265 @@
     fixup   = (ULONG *)(fixupaddr + realBaseAddress);
     orgaddr = *fixup;
-////  dprintf((LOG, "AddOff32Fixup 0x%x org 0x%x -> new 0x%x", fixup, orgaddr, realBaseAddress + (*fixup - oh.ImageBase)));
+//  dprintf((LOG, "AddOff32Fixup 0x%x org 0x%x -> new 0x%x", fixup, orgaddr, realBaseAddress + (*fixup - oh.ImageBase)));
     *fixup  = realBaseAddress + (*fixup - oh.ImageBase);
 }
@@ -1619 +1568 @@
     }
 
-    // if it's not a PE image, we let OS/2 load it (LX image)
     if(isPEImage(modname, NULL, NULL) != ERROR_SUCCESS_W)
-    {
+    {//LX image, so let OS/2 do all the work for us
         APIRET rc;
         char   szModuleFailure[CCHMAXPATH] = "";
@@ -1627 +1575 @@
         Win32LxDll *lxdll;
 
-        // check if we have the .DLL extension or have to add it first
         char *dot = strchr(modname, '.');
         if(dot == NULL) {
             strcat(modname, DLL_EXTENSION);
         }
-        // here we load the module. This will also execute the initterm
-        // function in the DLL. We expect the LX DLL to callback RegisterLxDll
-        // to register with Odin. This also means we cannot load "standard"
-        // LX DLLs with this method - they have to be Odin aware
         rc = DosLoadModule(szModuleFailure, sizeof(szModuleFailure), modname, (HMODULE *)&hInstanceNewDll);
         if(rc) {
@@ -1643 +1586 @@
             return NULL;
         }
-        // due to the callback requirement, we can expect to have a structure
-        // for it by now. Otherwise it didn't work out
         lxdll = Win32LxDll::findModuleByOS2Handle(hInstanceNewDll);
         if(lxdll == NULL) {//shouldn't happen!
             dprintf((LOG, "Just loaded the dll, but can't find it anywhere?!!?"));
-            // AH TODO: shouldn't we do a DosFreeModule here?
             errorState = ERROR_INTERNAL;
             return NULL;
         }
         lxdll->setDllHandleOS2(hInstanceNewDll);
-        // AddRef for a LX DLL is special - it does not increase the reference counter
         if(lxdll->AddRef() == -1) {//-1 -> load failed (attachProcess)
             dprintf((LOG, "Dll %s refused to be loaded; aborting", modname));
@@ -1664 +1603 @@
     else {
          Win32PeLdrDll *pedll;
-            // create an object for that DLL
+
             pedll = new Win32PeLdrDll(modname, this);
             if(pedll == NULL) {
@@ -1675 +1614 @@
             dprintf((LOG, "**********************     Loading Module        *********************" ));
             dprintf((LOG, "**********************************************************************" ));
-            // do the actual loading including all imports - so this is a point of recursion
             if(pedll->init(0) == FALSE) {
                 dprintf((LOG, "Internal WinDll error ", pedll->getError() ));
@@ -1684 +1622 @@
             pedll->AddRef(getModuleName());
 #else
-            // increase the reference count
             pedll->AddRef();
 #endif
-            // send the attach process message to the DLL, i.e. call the handler
             if(pedll->attachProcess() == FALSE) {
                 dprintf((LOG, "attachProcess failed!" ));
@@ -2122 +2058 @@
 }
 //******************************************************************************
-// we link this function to all imports we couldn't resolve in our DLLs so the
-// user gets a stupid error message dialog
 //******************************************************************************
 ULONG WIN32API MissingApi(char *message)

trunk/src/kernel32/winimagepeldr.h

@@ -1 @@
-/* $Id: winimagepeldr.h,v 1.16 2001-06-06 10:01:48 phaller Exp $ */
+/* $Id: winimagepeldr.h,v 1.17 2002-07-23 13:51:49 sandervl Exp $ */
 
 /*
@@ -76 +76 @@
 virtual ~Win32PeLdrImage();
 
-        //reservedMem is address of memory reserved in peldr.dll (allocated before
-        //any dlls are loaded, so that exes without fixups can be loaded at a low
-        //address)
-    virtual BOOL  init(ULONG reservedMem);
+    //reservedMem: address of memory reserved in peldr.dll (allocated before
+    //             any dlls are loaded, so that exes without fixups can be 
+    //             loaded at a low address)
+    //ulPEOffset:  offset in file where real PE image starts
+    virtual BOOL  init(ULONG reservedMem, ULONG ulPEOffset = 0);
 
     virtual BOOL  insideModule(ULONG address);
@@ -140 +141 @@
         Section               *section;
 
+        //offset in executable image where real PE file starts (default 0)
+        ULONG                 ulPEOffset;
+
         //internal flags (see FLAGS_PELDR_*)
         DWORD                 dwFlags;