flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > Why Is not a valid win32 application
Author
Thread Post new topic Reply to topic
yinke



Joined: 07 Jan 2010
Posts: 7
yinke
Section has been added successfully, but why this happens
Code:
format pe gui
include 'win32ax.inc'
entry start

section '.data' data readable writeable
fileName db 'E:\test.exe',0
hFile dd ?
fileSize dd ?
hMap dd ?
ImageBase dd ?
pNt  dd ?
newSection dd ?
oldSection dd ?
section '.code' code readable executable
start:

invoke CreateFileA,fileName,GENERIC_READ or GENERIC_WRITE ,\
FILE_SHARE_READ or FILE_SHARE_WRITE,\
NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
mov [hFile],eax
invoke GetFileSize,[hFile],NULL
mov [fileSize],eax
invoke CreateFileMappingA,[hFile],NULL,PAGE_READWRITE,0,0,NULL
mov [hMap],eax
invoke MapViewOfFile,[hMap],FILE_MAP_ALL_ACCESS,0,0,0
mov [ImageBase],eax
mov esi,[eax+3ch]
add esi,[ImageBase]
mov [pNt],esi
mov cx,word [esi+6h]
movzx ecx,cx
inc word [esi+6h]
mov esi,[pNt]
add esi,0f8h
mov eax,28h
mov ebx,ecx
imul ebx
add esi,eax
mov [newSection],esi
sub esi,28h
mov [oldSection],esi
mov esi,[newSection]
push 0E00000E0h
pop dword [esi+24h]
push 65ah
pop dword [esi+8h]
mov esi,[oldSection]
    
 mov ebx,dword [esi+0ch] 
     mov ecx,dword [esi+10h] 
   add ecx,dword [esi+14h]
mov esi,[newSection]
mov dword [esi],'.xy'
push 27000h
pop dword [esi+0ch]

mov dword [esi+14h],ecx
 push 65ah
    pop dword [esi+08h]
push 1000h
    pop dword [esi+10h]

 mov eax,[newSection]
    mov esi,dword [eax+08h]    
   add esi,dword [eax+0ch]
           mov ebx,[pNt]
        mov dword [ebx+50h] ,esi
      
     
ret



section '.import' import data readable writeable
library kernel32,'kernel32.dll'
include 'api\kernel32.inc'
Post 10 Jan 2010, 04:20
View user's profile Send private message Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 764
Location: Massachusetts, USA
bitshifter
You really want to do this?
Code:
mov esi,[eax+3ch]
add esi,[ImageBase]
mov [pNt],esi

pNT = (ImageBase + 3ch) * 2

Just a guess...
Post 10 Jan 2010, 04:28
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
yinke,

You've hardcoded new section's VirtualAddress as 27000h, probably that address is already occupied.

Windows performs several sanity checks when loading image, probably new section's PointerToRawData is invalid (after EOF).


bitshifter,

That's OK: he adds e_lfanew from MZ header to image's mapped view address to get pointer to PE signature/headers (check your pseudocode Wink).
Post 12 Jan 2010, 16:38
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.