Hex-Rays' blog

Igor’s Tip of the Week #113: Image-relative Offsets (RVA) – Hex Rays

Written by Igor Skochinsky | Nov 3, 2022

Image-relative offsets are values that represent an offset from the image base of the current module (image) in memory. This means that they can be used to refer to other locations in the same module regardless of its real, final load address, and thus can be used to make the code position-independent (PIC), similarly to the self-relative offsets. The alternative name RVA means “Relative virtual address” and is often used in the context of the PE file format.

However, PIC is not the only advantage of RVAs. For example, on x64-bit platforms RVA values usually use 32 bits instead of 64 like a full pointer. While this makes their range more limited (4GiB from imagebase), the savings from pointer-type values can be substantial when accumulated over the whole binary.

For known RVA values, such as those in the PE headers or EH structures, IDA can usually convert them to an assembler-specific expression automatically:

However, sometimes there may be a need to do it manually, for example, when dealing with another update of the file format not yet handled by IDA, or a custom format/structure which uses RVAs for addressing. In that case, you can use yet another variation of the User-defined offset. The option to turn on is Use image base as offset base. When it’s enabled, IDA will ignore the entered offset base and will always use the imagebase.

However, even if you use this approach in a 64-bit program, you may fail to reach the desired effect: the value will be displayed in red to indicate an error and not show a nice expression with the final address, as expected.

This happens because the command defaults to OFF32 for 32-bit values, but the final address does not fit into 32 bits. The fix is simple: select OFF64 instead of OFF32.

 

NOTE: for ARM binaries, the imagerel keyword is used instead of rva.

See also:

Igor’s tip of the week #105: Offsets with custom base

Igor’s tip of the week #110: Self-relative offsets