flat assembler
Message board for the users of flat assembler.

Index > Windows > Manual PE Creation

Goto page Previous  1, 2
Thread Post new topic Reply to topic
Remy Vincent

Joined: 16 Sep 2005
Posts: 155
Location: France
Remy Vincent 14 Oct 2009, 10:36

.Magic dw 0x010B ; Normal executable file
.MajorLinkerVersion db 0
.MinorLinkerVersion db 0
.SizeOfCode dd 0
.SizeOfInitilaisedData dd 0
.SizeOfUninitialisedData dd 0
.AddressOfEntryPoint dd codeSection
.BaseOfCode dd 0
.BaseOfData dd 0

These full variables declarations looks like very funny ...

It looks like the declaration of android behaviour, looking like Pixie Lott, the english singer curently singing a dozen of songs ... Are you really planning to help me with a good looking androïd, acting like a """usually""" world wide respected """citizen""" ? It would be nice!

Groups lower your IQ
Post 14 Oct 2009, 10:36
View user's profile Send private message Visit poster's website Reply with quote

Joined: 26 Jun 2008
Posts: 122
iic2 14 Oct 2009, 11:22
I found copies on a old CD and I think I was using revolution version mostly. Anyway, I comment code for personal readability but it's the original of others. I could have modified a few while I was testing but not by much. Maybe no use to you anyway but this use to be my favorite subject when I knew little about it. How about the Ancient One. He wrote a nice manual PE too. I did not find none of the old saved web pages yet. Nice to know who sleep sleep use to be.

See attachment:

Filename: Manual PE.zip
Filesize: 19.66 KB
Downloaded: 168 Time(s)

Post 14 Oct 2009, 11:22
View user's profile Send private message Reply with quote

Joined: 26 Aug 2008
Posts: 227
pal 15 Oct 2009, 22:56
iic2: Thanks for contributing to the thread. I'll have a decent look tomorrow, but I have to log in as admin and download them/turn off my AV Sad And it is too late for that now!

Post 15 Oct 2009, 22:56
View user's profile Send private message Reply with quote

Joined: 18 Sep 2005
Posts: 106
wht36 07 Nov 2009, 09:15
Here's my contribution, based on code from http://www.phreedom.org/solar/code/tinype/

It uses imports and does not work on win95 (because alignments are only 4). Only tested on XP.

The below example assembles to 244 bytes.
include '..\tiny'
import USER32,MessageBoxA
FormatPE GUI

Start:     call [MessageBoxA],0,"Hello World!","TinyPE",MB_OK


The include file looks like this:
macro align alignment*,char {
    if $ mod alignment > 0
 db alignment - ($ mod alignment) dup (char)
    end if       
macro     ddround n,r {      dd (n+r-1) and -r }

dll_tables equ
dll_imports equ dd 0,0,0,0,0
dll_strings equ

filealign = 4
sectalign = 4   ; must be 4 because of e_lfanew
adjust = sectalign - filealign
image_base = 0x400000
dll_count = 0

macro      import dll,[func] {
      macro dll_tables \{
          if dll_count > 0
             dd 0
            end if
      dll_count = dll_count + 1
                 func = $ + image_base + adjust
                  dd _#func+adjust-2
    macro dll_imports \{
      dd  0,0,0,dll#_name+adjust, dll#_table+adjust
    macro dll_strings \{
         dll#_name   db `dll,0
                 _#func      db `func,0

macro FormatPE subsys {
format binary as 'exe'

; MZ header
; The only two fields that matter are e_magic and e_lfanew
    dw "MZ"       ; e_magic
    dw 0          ; e_cblp UNUSED

    dd "PE"       ; e_cp, e_crlc UNUSED       ; PE signature

; PE header
    dw 0x014C     ; e_cparhdr UNUSED          ; Machine (Intel 386)
    dw 1          ; e_minalloc UNUSED         ; NumberOfSections

    jmp near Start-image_base
    db 0,0,0
;   dd 0          ; e_maxalloc, e_ss UNUSED   ; TimeDateStamp UNUSED
;   dd 0          ; e_sp, e_csum UNUSED       ; PointerToSymbolTable UNUSED
    dd 0          ; e_ip, e_cs UNUSED         ; NumberOfSymbols UNUSED
    dw sections-opthdr ; e_lsarlc UNUSED      ; SizeOfOptionalHeader
    dw 0x103      ; e_ovno UNUSED             ; Characteristics

; PE optional header

    dw 0x010B     ; e_res UNUSED              ; Magic (PE32)
    db 8                                      ; MajorLinkerVersion UNUSED
    db 0                                      ; MinorLinkerVersion UNUSED

    ddround codesize, filealign               ; SizeOfCode UNUSED             ; Name UNUSED
    dd 0          ; e_oemid, e_oeminfo UNUSED ; SizeOfInitializedData UNUSED
    dd codesize          ; e_res2 UNUSED             ; SizeOfUninitializedData UNUSED  ; VirtualSize
    dd pe_entry                               ; AddressOfEntryPoint            ; VirtualAddress
    dd codesize                                   ; BaseOfCode UNUSED               ; SizeOfRawData
    dd pe_entry                                    ; BaseOfData UNUSED               ; PointerToRawData
    dd 0x400000                               ; ImageBase                 ; PointerToRelocations UNUSED
    dd sectalign  ; e_lfanew                  ; SectionAlignment               ; PointerToLinenumbers UNUSED
    dd filealign                              ; FileAlignment                  ; NumberOfRelocations UNUSED
                                                                                ; NumberOfLinenumbers UNUSED
    dw 4                                      ; MajorOSVersion UNUSED           ; Characteristics UNUSED 
    dw 0                                      ; MinorOSVersion UNUSED
    dw 0                                      ; MajorImageVersion UNUSED
    dw 0                                      ; MinorImageVersion UNUSED
    dw 4                                      ; MajorSubsystemVersion
    dw 0                                      ; MinorSubsystemVersion UNUSED
    dd 0                                      ; Win32VersionValue UNUSED
    dd ((hdrsize + sectalign-1) and -sectalign) + ((codesize + sectalign-1) and -sectalign)
                                            ; SizeOfImage

    ddround hdrsize, filealign                ; SizeOfHeaders
    dd 0                                      ; CheckSum UNUSED
    subsystem = 3
match =GUI any,subsys \{ subsystem = 2 \}
    dw subsystem                         ; Subsystem (Win32 CONSOLE)       ;GUI = 2, CONSOLE = 3
    dw 0x400                                  ; DllCharacteristics UNUSED
    dd 0x100000                               ; SizeOfStackReserve
    dd 0x1000                                 ; SizeOfStackCommit
    dd 0x100000                               ; SizeOfHeapReserve
    dd 0x1000                                 ; SizeOfHeapCommit UNUSED
    dd 0                                      ; LoaderFlags UNUSED
    dd 2                                      ; NumberOfRvaAndSizes UNUSED

; Data directories
; The debug directory size at offset 0x34 from here must be 0
    dq 0                ;export
    dd idata+adjust  ;import section rva
    dd idata.size        ;import section size

opthdrsize = $ - opthdr
hdrsize = $ - $$

  idata:      dll_imports
 .size = $-idata
 org     $ + image_base
      purge   align

macro    pushd [args] {
     match any, args \{
            local ..continue
            if args eqtype ''
             CALL ..continue
             db args,0
                    pushd args
              end if \}

macro  call proc,[args] {
          pushd args
          call dword proc }

macro EndPE {
        codesize = $ - pe_entry
     filesize = $ - $$ }    

Problems: This version doesn't allow sections. Also it doesn't add padding for the directory entries so it does not alwayswork.

I have made another version with section & resource support as well as directory padding. It's output will be bigger then this example. See minipad.asm (from FASM example) in the updated attachment for usage. Again it won't work under win95 because of alignment settings. I also can't get icons to display properly for some reason (just figured it out, for windows explorer to display the icon of the program, it must have 16 directory entries and the section header must come after the directory entries).

Description: New example with resource support.
Filename: tinype.zip
Filesize: 8.47 KB
Downloaded: 140 Time(s)

Description: Above example with included output EXE zipped.
Filename: tinype.zip
Filesize: 2.5 KB
Downloaded: 134 Time(s)

Post 07 Nov 2009, 09:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.