flat assembler
Message board for the users of flat assembler.

Index > Windows > Is my understanding about PE's File Alignment correct?

Author
Thread Post new topic Reply to topic
uu



Joined: 20 Jul 2024
Posts: 44
uu 13 Aug 2024, 10:24
This is more related to creating tiny PE by adjusting the size of File Alignment setting.

If my understanding is correct, then my newly drawn diagrams are all set.

Normally the default value of File Alignment is 512, and let's say I have two sections with each 300 bytes and 200 bytes, that would make the total EXE size 1536 bytes.
If I reduce it by halve to 256, only code section cannot fit single section, so there's need for multiple of 256. Correct?

If I further set the File Alignment to 4 or 16, it would make sure no unused null padded bytes. Question


Description: 256 File Alignment
Filesize: 31.09 KB
Viewed: 432 Time(s)

256file_alignment.PNG


Description: 512 File Alignment
Filesize: 26.77 KB
Viewed: 432 Time(s)

512file_alignment.PNG


Post 13 Aug 2024, 10:24
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20333
Location: In your JS exploiting you and your system
revolution 13 Aug 2024, 10:53
The Windows loader has some restrictions that you need to comply with.

You are correct that the formal PE spec can accommodate different alignments, but the standard Windows loader doesn't accept all of those configurations.
Post 13 Aug 2024, 10:53
View user's profile Send private message Visit poster's website Reply with quote
uu



Joined: 20 Jul 2024
Posts: 44
uu 13 Aug 2024, 11:09
revolution wrote:
The Windows loader has some restrictions that you need to comply with.

You are correct that the formal PE spec can accommodate different alignments, but the standard Windows loader doesn't accept all of those configurations.


Thank you for the answer, I will only take my chance during size coding competition. Laughing
Post 13 Aug 2024, 11:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20333
Location: In your JS exploiting you and your system
revolution 14 Aug 2024, 02:08
There is also the native PE format.
Code:
~ cat test.asm
format pe TYPE
entry $
ret

~ fasm -d TYPE=native test.asm
flat assembler  version 1.73.31  (16384 kilobytes memory)
1 passes, 448 bytes.

~ fasm -d TYPE=gui test.asm
flat assembler  version 1.73.31  (16384 kilobytes memory)
1 passes, 1024 bytes.

~ fasm -d TYPE=console test.asm
flat assembler  version 1.73.31  (16384 kilobytes memory)
1 passes, 1024 bytes.

~    
Post 14 Aug 2024, 02:08
View user's profile Send private message Visit poster's website Reply with quote
uu



Joined: 20 Jul 2024
Posts: 44
uu 14 Aug 2024, 05:11
revolution wrote:
There is also the native PE format.


Small, but native is generating .SYS file, which is driver I think. Rolling Eyes
Post 14 Aug 2024, 05:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20333
Location: In your JS exploiting you and your system
revolution 14 Aug 2024, 05:35
Tell the competition organiser to run your code as a kernel mode driver. Twisted Evil

Nothing can possibly go wrong.
Post 14 Aug 2024, 05:35
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.