Position Independent Executables (PIE)
In order to extract complex blocks, basic blocks, and instructions from PIE files, OFRAK changes the virtual address of
CodeRegions unpacked from the file format to match the virtual address used by the backend (Ghidra, Angr, etc.)
This is because different backends load PIE files at different virtual addresses. For example Ghidra loads them at
0x10000 whereas Angr loads them at
0x400000. However, for file formats such as ELF, the virtual address taken from the header is
Therefore, when analyzing/modifying PIE files, addresses used should be those from the backend you are using. This also lowers friction when developing an OFRAK script in parallel with manual analysis in the backend of your choice.