From 5c2d4397f5ed493905796c15ea32d2f483e1e078 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Tue, 8 Jun 2021 00:09:09 -0700
Subject: [PATCH] fixed an issue with virtual instruction rva being over
 32bits...

---
 src/vminstrs.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/vminstrs.cpp b/src/vminstrs.cpp
index a38a5ae..3301df3 100644
--- a/src/vminstrs.cpp
+++ b/src/vminstrs.cpp
@@ -241,7 +241,6 @@ namespace vm
                                                   possible_block_2 > vmctx.module_base &&
                                                   possible_block_2 < vmctx.module_base + vmctx.image_size;
                                        }
-
                                        return false;
                                    } );
 
@@ -267,13 +266,12 @@ namespace vm
 
         std::uintptr_t code_block_addr( const vm::ctx_t &ctx, const vmp2::v2::entry_t &entry )
         {
-            return ( ( entry.vsp.qword[ 0 ] + ( ctx.image_base & ~0xFFFFFFFFull ) ) - ctx.image_base ) +
-                   ctx.module_base;
+            return ( ( entry.vsp.qword[ 0 ] & 0xFFFFFFFFull ) - ( ctx.image_base & 0xFFFFFFFFull ) ) + ctx.module_base;
         }
 
         std::uintptr_t code_block_addr( const vm::ctx_t &ctx, const std::uint32_t lower_32bits )
         {
-            return ( ( lower_32bits + ( ctx.image_base & ~0xFFFFFFFFull ) ) - ctx.image_base ) + ctx.module_base;
+            return ( lower_32bits - ( ctx.image_base & 0xFFFFFFFFull ) ) + ctx.module_base;
         }
     } // namespace instrs
 } // namespace vm
\ No newline at end of file