From 18fbfe62aca2f33498914567cfc19ae326493b01 Mon Sep 17 00:00:00 2001
From: unspeaker <hora.nqma@protonmail.com>
Date: Thu, 20 Feb 2025 02:28:22 +0200
Subject: [PATCH] rip must start 0x1000

---
 crates/vestal/src/main.rs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crates/vestal/src/main.rs b/crates/vestal/src/main.rs
index 1bbf072..ee0672e 100644
--- a/crates/vestal/src/main.rs
+++ b/crates/vestal/src/main.rs
@@ -60,7 +60,7 @@ impl Vestal {
                 let section_ptr  = section.pointer_to_raw_data.0 as usize;
                 let section_len  = section.size_of_raw_data as usize;
                 let section_data = &buf[section_ptr..section_ptr+section_len];
-                let mut decoder  = iced_x86::Decoder::with_ip(64, section_data, 0, 0);
+                let mut decoder  = iced_x86::Decoder::with_ip(64, section_data, 0x1000, 0);
                 while decoder.can_decode() {
                     let position = decoder.position();
                     let instruction = decoder.decode();
@@ -86,10 +86,12 @@ impl Vestal {
                             _ => {}
                         }
                         let offset = (position + section_ptr) as u32;
-                        println!("0x{:08x} (0x{:08x}) {:32} {instruction}",
+                        println!("0x{:08x} (0x{:08x}) {:32} {}",
                             position + section_ptr,
                             dll.offset_to_rva(Offset(offset))?.0,
-                            opcodes.iter().map(|x|format!("{x:>02x}")).collect::<Vec<_>>().join(" "));
+                            opcodes.iter().map(|x|format!("{x:>02x}")).collect::<Vec<_>>().join(" "),
+                            instruction);
+                        break
                         //println!("0x{:08x} {}", decoder.position(), instruction);
                         //return Ok(())
                     }