From 20e67a21fb8d0c3d6d221b9c27d87959e5cd0ea5 Mon Sep 17 00:00:00 2001
From: hasherezade <hasherezade@gmail.com>
Date: Fri, 1 Nov 2024 18:00:42 -0700
Subject: [PATCH] [BUGFIX] Allow to relocate to the original base for all modes
 except VIRTUAL

---
 libpeconv/src/pe_dumper.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libpeconv/src/pe_dumper.cpp b/libpeconv/src/pe_dumper.cpp
index 089ff2be3..978d01c28 100644
--- a/libpeconv/src/pe_dumper.cpp
+++ b/libpeconv/src/pe_dumper.cpp
@@ -54,13 +54,15 @@ bool peconv::dump_pe(
         if (is_dot_net(buffer, mod_size)) {
             fix_dot_net_ep(buffer, mod_size);
         }
+        const ULONGLONG hdr_base = peconv::get_image_base(buffer);
+        if (dump_mode != peconv::PE_DUMP_VIRTUAL) {
+            // relocate to the original base
+            peconv::update_image_base(buffer, (ULONGLONG)start_addr);
+        }
         if (dump_mode == peconv::PE_DUMP_UNMAP) {
-            unmapped_module = pe_virtual_to_raw(buffer, mod_size, (ULONGLONG)start_addr, out_size, false);
+            unmapped_module = pe_virtual_to_raw(buffer, mod_size, (ULONGLONG)hdr_base, out_size, false);
         }
         else if (dump_mode == peconv::PE_DUMP_REALIGN) {
-            // relocate to the original base
-            const ULONGLONG hdr_base = peconv::get_image_base(buffer);
-            peconv::update_image_base(buffer, (ULONGLONG)start_addr);
             unmapped_module = peconv::pe_realign_raw_to_virtual(buffer, mod_size, (ULONGLONG)hdr_base, out_size);
         }
         // unmap the PE file (convert from the Virtual Format into Raw Format)