flat assembler
Message board for the users of flat assembler.
Index
> High Level Languages > Define PE import table in HLL? |
Author |
|
revolution 09 Jun 2022, 10:24
What do you mean by "generate PE import table"?
Do you wan to create the text file for fasm to assemble? Do you want to create a binary output to attach to some other binary? Do you want to modify an existing binary file? Did you know there are Win API calls that can be used to explore and modify PE format files? Last edited by revolution on 09 Jun 2022, 10:51; edited 1 time in total |
|||
09 Jun 2022, 10:24 |
|
FlierMate1 09 Jun 2022, 10:32
I want to create a binary output directly from HLL.
Just an idea, users can select from GUI dialog, different combinations of icon and button, and customize the caption and message, then have the option to "Compile" or "Run" to show the message box (by generating the PE binary executable). revolution wrote:
Can you tell me what is it? Last time .NET allows reading from PE, but writing to PE was not supported (I haven't used it anyway). |
|||
09 Jun 2022, 10:32 |
|
FlierMate1 09 Jun 2022, 10:34
This one I did in the past: https://board.flatassembler.net/topic.php?t=21842
But it has import table and DOS header hardcoded. This time I want to improve, by generating the binary output of entire PE (maybe still except DOS header) dynamically from HLL. |
|||
09 Jun 2022, 10:34 |
|
revolution 09 Jun 2022, 10:50
You can create a text .asm file and use fasm to construct thebinary as normal. The macros will omit the unused APIs.
This what many HLLs do/did, they create a .asm file for NASM/MASM/GAS to assemble. |
|||
09 Jun 2022, 10:50 |
|
revolution 09 Jun 2022, 10:57
Forgot to link the ImageHLP.
https://docs.microsoft.com/en-us/windows/win32/debug/imagehlp-functions |
|||
09 Jun 2022, 10:57 |
|
FlierMate1 09 Jun 2022, 11:13
revolution wrote: You can create a text .asm file and use fasm to construct thebinary as normal. The macros will omit the unused APIs. Umm... let me think about it. I will consider this option. revolution wrote:
Thanks for it! |
|||
09 Jun 2022, 11:13 |
|
FlierMate1 16 Jun 2022, 07:24
FlierMate1 wrote: I want to create a binary output directly from HLL. I end up hardcoding the PE header and import table. Yes, I have done the PoC in Python, I use the ASM model from my Sambal compiler, which has been whitelisted by Windows Defender. It is safe (no malware detected) to generate the EXE this way.
|
|||||||||||||||||||||||||||||
16 Jun 2022, 07:24 |
|
revolution 16 Jun 2022, 07:48
FlierMate1 wrote: ... which has been whitelisted by Windows Defender. It is safe (no malware detected) to generate the EXE this way. |
|||
16 Jun 2022, 07:48 |
|
FlierMate1 16 Jun 2022, 08:18
revolution wrote: Yeah, I find it a bit sad that we have to go through the process of getting approval from MS for these things. So true. When I first created my EXE maker (prototype) in Pascal, the administrator of Free Pascal forum said this to me: (@marcov is also a member of this board) marcov wrote: Antivirus authors are lazy and reverse the burden of proof, basically denying everything unless proven otherwise. I was discouraged by his words at first, but now I fully understand his point of view. |
|||
16 Jun 2022, 08:18 |
|
revolution 16 Jun 2022, 08:41
It is all sold on FUD.
"If you don't have our AV just imagine all the bad things that could happen! OMG, you don't want to be without our stuff. Buy it today. Don't delay. Operators are standing by waiting for your call. Don't disappoint them." Haha. It misses the other side of the argument though: "Imagine all the great things that could happen if your AV didn't block all the things that don't follow your exact precise approved 'standard' ways." Without exploration there is no innovation. |
|||
16 Jun 2022, 08:41 |
|
FlierMate1 21 Jul 2022, 09:12
I think I found it, in Winnt.h:
Code: typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; // 0 for terminating null import descriptor DWORD OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA) } DUMMYUNIONNAME; DWORD TimeDateStamp; // 0 if not bound, // -1 if bound, and real date\time stamp // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) // O.W. date/time stamp of DLL bound to (Old BIND) DWORD ForwarderChain; // -1 if no forwarders DWORD Name; DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses) } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; Code: typedef struct _IMAGE_THUNK_DATA32 { union { DWORD ForwarderString; // PBYTE DWORD Function; // PDWORD DWORD Ordinal; DWORD AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA32; typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32; Code: typedef struct _IMAGE_THUNK_DATA64 { union { ULONGLONG ForwarderString; // PBYTE ULONGLONG Function; // PDWORD ULONGLONG Ordinal; ULONGLONG AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA64; typedef IMAGE_THUNK_DATA64 * PIMAGE_THUNK_DATA64; Yeah! |
|||
21 Jul 2022, 09:12 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.