Can there be an option that "Don't compact raw data"?

`Don't compact raw data` means keep the `RawOffset/RawSize` the same as `VirutalOffset/VirutalSize`.

Why?
In most case, we are researching the dumped file. Keep the same address/offset makes it easier to locate the data in hex editors, debuggers and other PE tools.
Of course, we can compact raw data giving a smaller final PE file.

Related code:
https://github.com/NtQuery/Scylla/blob/0ca2c1a0da5dca4bf124cbc9ab127439b2b8c097/Scylla/PeParser.cpp#L1083-L1092
https://github.com/NtQuery/Scylla/search?q=alignAllSectionHeaders&unscoped_q=alignAllSectionHeaders

	for (WORD i = 0; i < getNumberOfSections(); i++)
	{
	listPeSection[i].sectionHeader.VirtualAddress = alignValue(listPeSection[i].sectionHeader.VirtualAddress, sectionAlignment);
	listPeSection[i].sectionHeader.Misc.VirtualSize = alignValue(listPeSection[i].sectionHeader.Misc.VirtualSize, sectionAlignment);

	listPeSection[i].sectionHeader.PointerToRawData = alignValue(newFileSize, fileAlignment);
	listPeSection[i].sectionHeader.SizeOfRawData = alignValue(listPeSection[i].dataSize, fileAlignment);

	newFileSize = listPeSection[i].sectionHeader.PointerToRawData + listPeSection[i].sectionHeader.SizeOfRawData;
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Can there be an option that "Don't compact raw data"? #49

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Can there be an option that "Don't compact raw data"? #49

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions