What is "alignment", and how to convert from one alignment to another?

Question

Here's the steps to convert from section alignment to file alignment:

1. Find the RVA for the data
2. From the RVA, derive the section to which the data referenced belongs. This is trivial, since sections don’t overlap. The starting addresses of the various sections are available in the file header
3. Find the difference between the RVA and the starting address of the section to find the data offset, ie, offset of that data within a section.
4. From the file header, for the same section, find the location of the same section in the file.
5. Add the data offset to the location of section in the file, to find the address of the data in the file.

But I just don't understand that, can someone elaborate with more details?

Answer 1

Alignment is a rounded up value. Section data size is rounded up for effeciency because the OS moves stuff around in chunks anyway.

The File Alignment is usually 512 bytes which fit the blocksize of most filesystems.

The Section Alignment is usually 4096 bytes which fit the size of a memory page.

So if you have a PE-file with a section (like ".text") that contains 513 bytes of data:

• Section .text will be rounded up to 1024 bytes on file.
• Section .text will be rounded up to 4096 bytes in memory.

Note the amount of slack space possible both on file and in memory.

I'm unsure about why you want to "convert from one alignment to the other". The recipe you got there leaves the goal of the exercise as a mystery. If your goal is to manipulate PE-files then all you have to consider is the File Alignment. The Windows loader will handle the Section Alignment stuff when it throws it into memory, so you usually don't need to think about that at all.

You can read more about PE here.