flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > [fasm2] Selective modification of headers
Author
Thread Post new topic Reply to topic
AE



Joined: 07 Apr 2022
Posts: 74
AE 13 Dec 2025, 20:10
I wonder if there's a way in fasm2 to change the values ​​of PE header fields directly from the main source file (I mean DOS_HEADER/OptionalHeader etc)?
I know you can create them entirely manually, but I haven't found a convenient way to do this for individual fields (without touching inc files).
Post 13 Dec 2025, 20:10
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8490
Location: Kraków, Poland
Tomasz Grysztar 13 Dec 2025, 20:26
First, if you include "pe.inc" directly instead of using the "format PE" wrapper, you can set up some of the header fields with "PE.Settings" symbols, like in the fasmg's examples:
Code:
PE.Settings.Machine = IMAGE_FILE_MACHINE_AMD64
PE.Settings.Stub = 'nul'
PE.Settings.Magic = 0x20B
PE.Settings.ImageBase = 0x140000000
PE.Settings.Characteristics = IMAGE_FILE_EXECUTABLE_IMAGE + IMAGE_FILE_LARGE_ADDRESS_AWARE
PE.Settings.DllCharacteristics = IMAGE_DLLCHARACTERISTICS_NX_COMPAT + IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
PE.Settings.Subsystem = IMAGE_SUBSYSTEM_WINDOWS_GUI
include 'format/pe.inc'

Second, if you need to alter header fields not covered by "PE.Settings", you can still rewrite any of the output values with STORE directive. There is a STORE variant that allow to write at any offset in the output:
Code:
store "ZM":word at :0 ; change the "MZ" signature to "ZM" (a trick to force stub execution)
But there is also a cleaner way. The global "PE" symbol, which is the base for the namespace, is defined as "PE::", allowing to access the headers:
Code:
store -1 at PE : PE.OptionalHeader.MajorLinkerVersion
These labels are correctly sized, that's why the size setting can be omitted. Of course you need to place STORE in the source after the headers have already been generated. I would even recommend to put any patching in a "postpone ?" block.

The STORE method works when you use "format PE" wrapper, too.
Post 13 Dec 2025, 20:26
View user's profile Send private message Visit poster's website Reply with quote
AE



Joined: 07 Apr 2022
Posts: 74
AE 14 Dec 2025, 07:45
Tomasz Grysztar, 🙏 Thank you very much!
Post 14 Dec 2025, 07:45
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.