flat assembler
Message board for the users of flat assembler.

Index > Windows > Manual PE Creation

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
Remy Vincent



Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent

optionalHeader: ; IMAGE_OPTIONAL_HEADER
.Magic dw 0x010B ; Normal executable file
.MajorLinkerVersion db 0
.MinorLinkerVersion db 0
.SizeOfCode dd 0
.SizeOfInitilaisedData dd 0
.SizeOfUninitialisedData dd 0
.AddressOfEntryPoint dd codeSection
.BaseOfCode dd 0
.BaseOfData dd 0


These full variables declarations looks like very funny ...

It looks like the declaration of android behaviour, looking like Pixie Lott, the english singer curently singing a dozen of songs ... Are you really planning to help me with a good looking androïd, acting like a """usually""" world wide respected """citizen""" ? It would be nice!

_________________
Groups lower your IQ
Post 14 Oct 2009, 10:36
View user's profile Send private message Visit poster's website Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 123
iic2
I found copies on a old CD and I think I was using revolution version mostly. Anyway, I comment code for personal readability but it's the original of others. I could have modified a few while I was testing but not by much. Maybe no use to you anyway but this use to be my favorite subject when I knew little about it. How about the Ancient One. He wrote a nice manual PE too. I did not find none of the old saved web pages yet. Nice to know who sleep sleep use to be.

See attachment:


Description:
Download
Filename: Manual PE.zip
Filesize: 19.66 KB
Downloaded: 47 Time(s)

Post 14 Oct 2009, 11:22
View user's profile Send private message Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal
iic2: Thanks for contributing to the thread. I'll have a decent look tomorrow, but I have to log in as admin and download them/turn off my AV Sad And it is too late for that now!

Cheers.
Post 15 Oct 2009, 22:56
View user's profile Send private message Reply with quote
wht36



Joined: 18 Sep 2005
Posts: 106
wht36
Here's my contribution, based on code from http://www.phreedom.org/solar/code/tinype/

It uses imports and does not work on win95 (because alignments are only 4). Only tested on XP.

The below example assembles to 244 bytes.
Code:
include '..\tiny'
import USER32,MessageBoxA
FormatPE GUI

Start:     call [MessageBoxA],0,"Hello World!","TinyPE",MB_OK
      ret

EndPE    

The include file looks like this:
Code:
macro align alignment*,char {
    if $ mod alignment > 0
 db alignment - ($ mod alignment) dup (char)
    end if       
}
macro     ddround n,r {      dd (n+r-1) and -r }

dll_tables equ
dll_imports equ dd 0,0,0,0,0
dll_strings equ

filealign = 4
sectalign = 4   ; must be 4 because of e_lfanew
adjust = sectalign - filealign
image_base = 0x400000
dll_count = 0

macro      import dll,[func] {
    common
      macro dll_tables \{
       dll_tables
          if dll_count > 0
             dd 0
            end if
      dll_count = dll_count + 1
           dll#_table: 
                forward
                 func = $ + image_base + adjust
                  dd _#func+adjust-2
          common
      \}
    macro dll_imports \{
      dd  0,0,0,dll#_name+adjust, dll#_table+adjust
       dll_imports
     \}
    macro dll_strings \{
      dll_strings
         dll#_name   db `dll,0
           forward
                 _#func      db `func,0
          common
      \}
}

macro FormatPE subsys {
format binary as 'exe'
use32

; MZ header
; The only two fields that matter are e_magic and e_lfanew
    dw "MZ"       ; e_magic
    dw 0          ; e_cblp UNUSED

    dd "PE"       ; e_cp, e_crlc UNUSED       ; PE signature

; PE header
    dw 0x014C     ; e_cparhdr UNUSED          ; Machine (Intel 386)
    dw 1          ; e_minalloc UNUSED         ; NumberOfSections

pe_entry:
    jmp near Start-image_base
    db 0,0,0
;   dd 0          ; e_maxalloc, e_ss UNUSED   ; TimeDateStamp UNUSED
;   dd 0          ; e_sp, e_csum UNUSED       ; PointerToSymbolTable UNUSED
    dd 0          ; e_ip, e_cs UNUSED         ; NumberOfSymbols UNUSED
    dw sections-opthdr ; e_lsarlc UNUSED      ; SizeOfOptionalHeader
    dw 0x103      ; e_ovno UNUSED             ; Characteristics

; PE optional header

opthdr:
    dw 0x010B     ; e_res UNUSED              ; Magic (PE32)
    db 8                                      ; MajorLinkerVersion UNUSED
    db 0                                      ; MinorLinkerVersion UNUSED

sections:
    ddround codesize, filealign               ; SizeOfCode UNUSED             ; Name UNUSED
    dd 0          ; e_oemid, e_oeminfo UNUSED ; SizeOfInitializedData UNUSED
    dd codesize          ; e_res2 UNUSED             ; SizeOfUninitializedData UNUSED  ; VirtualSize
    dd pe_entry                               ; AddressOfEntryPoint            ; VirtualAddress
    dd codesize                                   ; BaseOfCode UNUSED               ; SizeOfRawData
    dd pe_entry                                    ; BaseOfData UNUSED               ; PointerToRawData
    dd 0x400000                               ; ImageBase                 ; PointerToRelocations UNUSED
    dd sectalign  ; e_lfanew                  ; SectionAlignment               ; PointerToLinenumbers UNUSED
    dd filealign                              ; FileAlignment                  ; NumberOfRelocations UNUSED
                                                                                ; NumberOfLinenumbers UNUSED
    dw 4                                      ; MajorOSVersion UNUSED           ; Characteristics UNUSED 
    dw 0                                      ; MinorOSVersion UNUSED
    dw 0                                      ; MajorImageVersion UNUSED
    dw 0                                      ; MinorImageVersion UNUSED
    dw 4                                      ; MajorSubsystemVersion
    dw 0                                      ; MinorSubsystemVersion UNUSED
    dd 0                                      ; Win32VersionValue UNUSED
    dd ((hdrsize + sectalign-1) and -sectalign) + ((codesize + sectalign-1) and -sectalign)
                                            ; SizeOfImage

    ddround hdrsize, filealign                ; SizeOfHeaders
    dd 0                                      ; CheckSum UNUSED
    subsystem = 3
match =GUI any,subsys \{ subsystem = 2 \}
    dw subsystem                         ; Subsystem (Win32 CONSOLE)       ;GUI = 2, CONSOLE = 3
    dw 0x400                                  ; DllCharacteristics UNUSED
    dd 0x100000                               ; SizeOfStackReserve
    dd 0x1000                                 ; SizeOfStackCommit
    dd 0x100000                               ; SizeOfHeapReserve
    dd 0x1000                                 ; SizeOfHeapCommit UNUSED
    dd 0                                      ; LoaderFlags UNUSED
    dd 2                                      ; NumberOfRvaAndSizes UNUSED

; Data directories
; The debug directory size at offset 0x34 from here must be 0
    dq 0                ;export
    dd idata+adjust  ;import section rva
    dd idata.size        ;import section size

opthdrsize = $ - opthdr
hdrsize = $ - $$

 dll_tables
  idata:      dll_imports
 .size = $-idata
     dll_strings
 org     $ + image_base
      purge   align
}

macro    pushd [args] {
 reverse
     match any, args \{
            local ..continue
            if args eqtype ''
             CALL ..continue
             db args,0
                   ..continue:
         else
                    pushd args
              end if \}
}

macro  call proc,[args] {
     common
          pushd args
          call dword proc }

macro EndPE {
        codesize = $ - pe_entry
     filesize = $ - $$ }    

Problems: This version doesn't allow sections. Also it doesn't add padding for the directory entries so it does not alwayswork.

I have made another version with section & resource support as well as directory padding. It's output will be bigger then this example. See minipad.asm (from FASM example) in the updated attachment for usage. Again it won't work under win95 because of alignment settings. I also can't get icons to display properly for some reason (just figured it out, for windows explorer to display the icon of the program, it must have 16 directory entries and the section header must come after the directory entries).


Description: New example with resource support.
Download
Filename: tinype.zip
Filesize: 8.47 KB
Downloaded: 26 Time(s)

Description: Above example with included output EXE zipped.
Download
Filename: tinype.zip
Filesize: 2.5 KB
Downloaded: 24 Time(s)

Post 07 Nov 2009, 09:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.