flat assembler
Message board for the users of flat assembler.

Index > Windows > PE Structures

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone, I'm having trouble with Windows structures.. I'm trying to find some useful structure that would work but I can't.. I found this one http://board.flatassembler.net/topic.php?t=1722 but when I'm using it, it says INVALID ARGUMENT.. I've also tried to modify that but another problem occured and so on.. Does anybody have working structure like this ? Thank you.
Post 07 Apr 2011, 19:05
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
What is wrong with the one in standard FASM includes?
Post 07 Apr 2011, 20:53
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
vid
I can't find none of standard include files where are that structures defined.. So I'm trying to find it on the NET.. Smile
Post 07 Apr 2011, 21:03
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
What "PE structures" exactly do you mean?
Post 07 Apr 2011, 21:39
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I've posted there link, it's IMAGE_NT_HEADER, IMAGE_OPTIONAL_HEADER and so on.. I don't know what exactly it's called Sad I need to work with binary files.. :p
Post 07 Apr 2011, 21:43
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Wow, really, seems you're right... Are you really sure those structures linked are wrong (and not your code using them)? Other people seem to have used them successfully.
Post 07 Apr 2011, 22:00
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
vid
Yes I am. It gives me error on "struct IMAGE_NT_HEADERS" and so on.. I've tried to remove that things but after that it gave me error on IMAGE_NT_HEADERS.OptionalHeader.Directories rb IMAGE_DATA_DIRECTORY*15 I don't know how to fix that..
Post 07 Apr 2011, 22:42
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Any time you are reporting compile time error, paste error message and actual line (preferably with surrounding lines) here. Otherwise, we have to guessing.

In this case, you most likely don't have old-style "struct" macro defined. I don't have time to explain it now, try digging forum a bit more about how "struc {...}" and "struct" were used in old times.
Post 07 Apr 2011, 23:36
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
dancho



Joined: 06 Mar 2011
Posts: 74
dancho
I have these :
Code:
IMAGE_DOS_SIGNATURE = 05A4Dh      
IMAGE_OS2_SIGNATURE = 0454Eh      
IMAGE_OS2_SIGNATURE_LE = 0454Ch      
IMAGE_VXD_SIGNATURE = 0454Ch   
IMAGE_LX_SIGNATURE = 0584Ch   
IMAGE_NT_SIGNATURE = 04550h  

IMAGE_FILE_MACHINE_UNKNOWN  =       0
IMAGE_FILE_MACHINE_I386    =       014ch
IMAGE_FILE_MACHINE_R3000       =       0162h
IMAGE_FILE_MACHINE_R4000       =       0166h
IMAGE_FILE_MACHINE_R10000      =       0168h
IMAGE_FILE_MACHINE_WCEMIPSV2   =       0169h
IMAGE_FILE_MACHINE_ALPHA       =       0184h
IMAGE_FILE_MACHINE_SH3 =       01a2h
IMAGE_FILE_MACHINE_SH3DSP      =       01a3h
IMAGE_FILE_MACHINE_SH3E        =       01a4h
IMAGE_FILE_MACHINE_SH4 =       01a6h
IMAGE_FILE_MACHINE_SH5 =       01a8h
IMAGE_FILE_MACHINE_ARM =       01c0h
IMAGE_FILE_MACHINE_THUMB       =       01c2h
IMAGE_FILE_MACHINE_AM33        =       01d3h
IMAGE_FILE_MACHINE_POWERPC     =       01F0h
IMAGE_FILE_MACHINE_POWERPCFP   =       01f1h
IMAGE_FILE_MACHINE_IA64        =       0200h
IMAGE_FILE_MACHINE_MIPS16      =       0266h
IMAGE_FILE_MACHINE_ALPHA64     =       0284h
IMAGE_FILE_MACHINE_MIPSFPU     =       0366h
IMAGE_FILE_MACHINE_MIPSFPU16   =       0466h
IMAGE_FILE_MACHINE_AXP64       =       IMAGE_FILE_MACHINE_ALPHA64
IMAGE_FILE_MACHINE_TRICORE        =       0520h
IMAGE_FILE_MACHINE_CEF =       0CEFh
IMAGE_FILE_MACHINE_EBC =       0EBCh
IMAGE_FILE_MACHINE_AMD64       =       8664h
IMAGE_FILE_MACHINE_M32R        =       9041h
IMAGE_FILE_MACHINE_CEE =       0C0EEh

IMAGE_SIZEOF_NT_OPTIONAL32_HEADER =       224
IMAGE_NT_OPTIONAL_HDR32_MAGIC    =       10bh

IMAGE_FILE_RELOCS_STRIPPED = 0001h                  
IMAGE_FILE_EXECUTABLE_IMAGE = 0002h                 
IMAGE_FILE_LINE_NUMS_STRIPPED = 0004h               
IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0008h      
IMAGE_FILE_AGGRESIVE_WS_TRIM = 0010h                
IMAGE_FILE_LARGE_ADDRESS_AWARE = 0020h      
IMAGE_FILE_BYTES_REVERSED_LO = 0080h                
IMAGE_FILE_32BIT_MACHINE = 0100h                     
IMAGE_FILE_DEBUG_STRIPPED = 0200h                          
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0400h  
IMAGE_FILE_NET_RUN_FROM_SWAP = 0800h                
IMAGE_FILE_SYSTEM = 1000h                                   
IMAGE_FILE_DLL = 2000h                                      
IMAGE_FILE_UP_SYSTEM_ONLY = 4000h  
IMAGE_FILE_BYTES_REVERSED_HI = 8000h  

IMAGE_SUBSYSTEM_UNKNOWN  = 0
IMAGE_SUBSYSTEM_NATIVE  = 1
IMAGE_SUBSYSTEM_WINDOWS_GUI  = 2
IMAGE_SUBSYSTEM_WINDOWS_CUI  = 3
IMAGE_SUBSYSTEM_OS2_CUI  = 5
IMAGE_SUBSYSTEM_POSIX_CUI  = 7
IMAGE_SUBSYSTEM_NATIVE_WINDOWS  = 8
IMAGE_SUBSYSTEM_WINDOWS_CE_GUI  = 9
IMAGE_SUBSYSTEM_EFI_APPLICATION  = 10
IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER  = 11
IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER  = 12
IMAGE_SUBSYSTEM_EFI_ROM  = 13
IMAGE_SUBSYSTEM_XBOX  = 14
IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION  = 16

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE  = 0040h
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY  = 0080h
IMAGE_DLLCHARACTERISTICS_NX_COMPAT  = 0100h
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION  = 0200h
IMAGE_DLLCHARACTERISTICS_NO_SEH  = 0400h
IMAGE_DLLCHARACTERISTICS_NO_BIND  = 0800h
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER  = 2000h
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE  = 8000h

IMAGE_DIRECTORY_ENTRY_EXPORT  = 0
IMAGE_DIRECTORY_ENTRY_IMPORT  = 1
IMAGE_DIRECTORY_ENTRY_RESOURCE  = 2
IMAGE_DIRECTORY_ENTRY_EXCEPTION  = 3
IMAGE_DIRECTORY_ENTRY_SECURITY  = 4
IMAGE_DIRECTORY_ENTRY_BASERELOC  = 5
IMAGE_DIRECTORY_ENTRY_DEBUG  = 6
IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7
IMAGE_DIRECTORY_ENTRY_ARCHITECTURE  = 7
IMAGE_DIRECTORY_ENTRY_GLOBALPTR  = 8
IMAGE_DIRECTORY_ENTRY_TLS  = 9
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG  = 10
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT  = 11
IMAGE_DIRECTORY_ENTRY_IAT  = 12
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT  = 13
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14

IMAGE_SIZEOF_SECTION_HEADER   =       40

IMAGE_SCN_TYPE_NO_PAD = 00000008h  
IMAGE_SCN_CNT_CODE = 00000020h  
IMAGE_SCN_CNT_INITIALIZED_DATA = 00000040h  
IMAGE_SCN_CNT_UNINITIALIZED_DATA = 00000080h  
IMAGE_SCN_LNK_OTHER = 00000100h  
IMAGE_SCN_LNK_INFO = 00000200h  
IMAGE_SCN_LNK_REMOVE = 00000800h  
IMAGE_SCN_LNK_COMDAT = 00001000h  
IMAGE_SCN_NO_DEFER_SPEC_EXC = 00004000h  
IMAGE_SCN_GPREL = 00008000h  
IMAGE_SCN_MEM_FARDATA = 00008000h
IMAGE_SCN_MEM_PURGEABLE = 00020000h
IMAGE_SCN_MEM_16BIT = 00020000h
IMAGE_SCN_MEM_LOCKED = 00040000h
IMAGE_SCN_MEM_PRELOAD = 00080000h
IMAGE_SCN_ALIGN_1BYTES = 00100000h  
IMAGE_SCN_ALIGN_2BYTES = 00200000h  
IMAGE_SCN_ALIGN_4BYTES = 00300000h  
IMAGE_SCN_ALIGN_8BYTES = 00400000h  
IMAGE_SCN_ALIGN_16BYTES = 00500000h  
IMAGE_SCN_ALIGN_32BYTES = 00600000h  
IMAGE_SCN_ALIGN_64BYTES = 00700000h  
IMAGE_SCN_ALIGN_128BYTES = 00800000h  
IMAGE_SCN_ALIGN_256BYTES = 00900000h  
IMAGE_SCN_ALIGN_512BYTES = 00A00000h  
IMAGE_SCN_ALIGN_1024BYTES = 00B00000h  
IMAGE_SCN_ALIGN_2048BYTES = 00C00000h  
IMAGE_SCN_ALIGN_4096BYTES = 00D00000h  
IMAGE_SCN_ALIGN_8192BYTES = 00E00000h  
IMAGE_SCN_LNK_NRELOC_OVFL = 01000000h  
IMAGE_SCN_MEM_DISCARDABLE = 02000000h  
IMAGE_SCN_MEM_NOT_CACHED = 04000000h  
IMAGE_SCN_MEM_NOT_PAGED = 08000000h  
IMAGE_SCN_MEM_SHARED = 10000000h  
IMAGE_SCN_MEM_EXECUTE = 20000000h  
IMAGE_SCN_MEM_READ = 40000000h  
IMAGE_SCN_MEM_WRITE = 80000000h  
IMAGE_SCN_SCALE_INDEX = 00000001h    

struct IMAGE_DOS_HEADER
  e_magic           dw      ?
         e_cblp            dw      ?
         e_cp              dw      ?
         e_crlc            dw      ?
         e_cparhdr         dw      ?
         e_minalloc        dw      ?
         e_maxalloc        dw      ?
         e_ss              dw      ?
         e_sp              dw      ?
         e_csum            dw      ?
         e_ip              dw      ?
         e_cs              dw      ?
         e_lfarlc          dw      ?
         e_ovno            dw      ?
         e_res             rw      4
         e_oemid           dw      ?
         e_oeminfo         dw      ?
         e_res2            rw      10
        e_lfanew          dd      ?
ends

struct IMAGE_FILE_HEADER 
        Machine               dw    ?
       NumberOfSections      dw    ?
       TimeDateStamp         dd    ?
       PointerToSymbolTable  dd    ?
       NumberOfSymbols       dd    ?
       SizeOfOptionalHeader  dw    ?
       Characteristics       dw    ?
ends

struct IMAGE_DATA_DIRECTORY 
   VirtualAddress    dd      ?
         isize             dd      ?
ends

IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16

struct IMAGE_OPTIONAL_HEADER32
      Magic                         dw       ?
    MajorLinkerVersion            db       ?
    MinorLinkerVersion            db       ?
    SizeOfCode                    dd       ?
    SizeOfInitializedData         dd       ?
    SizeOfUninitializedData       dd       ?
    AddressOfEntryPoint           dd       ?
    BaseOfCode                    dd       ?
    BaseOfData                    dd       ?
    ImageBase                     dd       ?
    SectionAlignment              dd       ?
    FileAlignment                 dd       ?
    MajorOperatingSystemVersion   dw       ?
    MinorOperatingSystemVersion   dw       ?
    MajorImageVersion             dw       ?
    MinorImageVersion             dw       ?
    MajorSubsystemVersion         dw       ?
    MinorSubsystemVersion         dw       ?
    Win32VersionValue             dd       ?
    SizeOfImage                   dd       ?
    SizeOfHeaders                 dd       ?
    CheckSum                      dd       ?
    Subsystem                     dw       ?
    DllCharacteristics            dw       ?
    SizeOfStackReserve            dd       ?
    SizeOfStackCommit             dd       ?
    SizeOfHeapReserve             dd       ?
    SizeOfHeapCommit              dd       ?
    LoaderFlags                   dd       ?
    NumberOfRvaAndSizes           dd       ?
    DataDirectory                             rb (sizeof.IMAGE_DATA_DIRECTORY*IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
ends

struct IMAGE_NT_HEADERS32
        Signature         dd                       ?
        FileHeader        IMAGE_FILE_HEADER        ?    
    OptionalHeader    IMAGE_OPTIONAL_HEADER32  ?
ends

IMAGE_SIZEOF_SHORT_NAME = 8

struct IMAGE_SECTION_HEADER 
  _Name db IMAGE_SIZEOF_SHORT_NAME dup (?) 
  union 
    PhysicalAddress     dd ? 
    VirtualSize         dd ? 
  ends 
  VirtualAddress        dd ? 
  SizeOfRawData         dd ? 
  PointerToRawData      dd ? 
  PointerToRelocations  dd ? 
  PointerToLinenumbers  dd ? 
  NumberOfRelocations   dw ? 
  NumberOfLinenumbers   dw ? 
  Characteristics       dd ? 
ends

struct IMAGE_EXPORT_DIRECTORY
    Characteristics dd      ?
   TimeDateStamp   dd      ?
   MajorVersion    dw      ?
   MinorVersion    dw      ?
   Name_   dd      ?
   Base    dd      ?
   NumberOfFunctions       dd      ?
   NumberOfNames   dd      ?
   AddressOfFunctions      dd      ?
   AddressOfNames  dd      ?
   AddressOfNameOrdinals   dd      ?
ends

struct IMAGE_IMPORT_DESCRIPTOR
     union
       Characteristics dd      ?
   OriginalFirstThunk      dd      ?
   ends
        TimeDateStamp   dd      ?
   ForwarderChain  dd      ?
   Name_   dd      ?
   FirstThunk      dd      ?
ends

struct IMAGE_THUNK_DATA32
  union
       ForwarderString dd      ?
   Function        dd      ?
   Ordinal dd      ?
   AddressOfData   dd      ?
   ends
ends

struct IMAGE_IMPORT_BY_NAME
     Hint    dw      ?
   Name_   rb  1
ends

IMAGE_ORDINAL_FLAG32 = 80000000h

struct IMAGE_BOUND_IMPORT_DESCRIPTOR
   TimeDateStamp   dd      ?
   OffsetModuleName        dw      ?
   NumberOfModuleForwarderRefs     dw      ?
ends

struct IMAGE_BOUND_FORWARDER_REF
   TimeDateStamp   dd      ?
   OffsetModuleName        dw      ?
   Reserved        dw      ?
ends

struct IMAGE_RESOURCE_DIRECTORY
    Characteristics dd      ?
   TimeDateStamp   dd      ?
   MajorVersion    dw      ?
   MinorVersion    dw      ?
   NumberOfNamedEntries    dw      ?
   NumberOfIdEntries       dw      ?
ends

struct IMAGE_RESOURCE_DIRECTORY_ENTRY
      _id     dd ?    
    _offset dd ?
ends

struct IMAGE_RESOURCE_DIRECTORY_STRING
  Length_     dw  ?
   NameString      rb  1
ends

struct IMAGE_RESOURCE_DATA_ENTRY
       OffsetToData    dd      ?
   Size_   dd      ?
   CodePage        dd      ?
   Reserved        dd      ?
ends

RT_NEWRESOURCE                       = 00002000h
RT_ERROR                             = 00007fffh
RT_CURSOR                            = 000000001
RT_BITMAP                            = 000000002
RT_ICON                              = 000000003
RT_MENU                              = 000000004
RT_DIALOG                            = 000000005
RT_STRING                            = 000000006
RT_FONTDIR                           = 000000007
RT_FONT                              = 000000008
RT_ACCELERATORS                      = 000000009
RT_RCDATA                            = 0000000010
RT_MESSAGETABLE                      = 0000000011
RT_GROUP_CURSOR                      = 0000000012
RT_GROUP_ICON                        = 0000000014
RT_VERSION                           = 0000000016
RT_NEWBITMAP                         = (RT_BITMAP or RT_NEWRESOURCE)
RT_NEWMENU                           = (RT_MENU   or RT_NEWRESOURCE)
RT_NEWDIALOG                         = (RT_DIALOG or RT_NEWRESOURCE)

struct IMAGE_BASE_RELOCATION
      VirtualAddress  dd      ?
   SizeOfBlock         dd  ?
ends

IMAGE_REL_BASED_ABSOLUTE  = 0
IMAGE_REL_BASED_HIGH  = 1
IMAGE_REL_BASED_LOW  = 2
IMAGE_REL_BASED_HIGHLOW  = 3
IMAGE_REL_BASED_HIGHADJ  = 4
IMAGE_REL_BASED_MIPS_JMPADDR  = 5
IMAGE_REL_BASED_SECTION  = 6
IMAGE_REL_BASED_REL32  = 7

struct IMAGE_TLS_DIRECTORY32
      StartAddressOfRawData   dd      ?
   EndAddressOfRawData     dd      ?
   AddressOfIndex  dd      ?
   AddressOfCallBacks      dd      ?
   SizeOfZeroFill  dd      ?
   Characteristics dd      ?
ends

struct IMAGE_LOAD_CONFIG_DIRECTORY32
       Characteristics dd      ?
   TimeDateStamp   dd      ?
   MajorVersion    dw      ?
   MinorVersion    dw      ?
   GlobalFlagsClear        dd      ?
   GlobalFlagsSet  dd      ?
   CriticalSectionDefaultTimeout   dd      ?
   DeCommitFreeBlockThreshold      dd      ?
   DeCommitTotalFreeThreshold      dd      ?
   LockPrefixTable dd      ?
   MaximumAllocationSize   dd      ?
   VirtualMemoryThreshold  dd      ?
   ProcessHeapFlags        dd      ?
   ProcessAffinityMask     dd      ?
   CSDVersion      dw      ?
   Reserved1       dw      ?
   EditList        dd      ?
   Reserved        rd  1
ends
    


Last edited by dancho on 08 Apr 2011, 11:09; edited 1 time in total
Post 08 Apr 2011, 09:22
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
it says invalid value on:
Code:
RT_NEWBITMAP                         = (RT_BITMAP | RT_NEWRESOURCE)
RT_NEWMENU                           = (RT_MENU   | RT_NEWRESOURCE)
RT_NEWDIALOG                         = (RT_DIALOG | RT_NEWRESOURCE)     

Without this, it worked fine. Thank you. Smile
vid
Never mind, that post was 6 years old and I think fasm has much updates for now.. Smile
Post 08 Apr 2011, 09:59
View user's profile Send private message Reply with quote
dancho



Joined: 06 Mar 2011
Posts: 74
dancho
yup,this is corrected version:
Code:
RT_NEWBITMAP                         = (RT_BITMAP or RT_NEWRESOURCE) 
RT_NEWMENU                           = (RT_MENU   or RT_NEWRESOURCE) 
RT_NEWDIALOG                         = (RT_DIALOG or RT_NEWRESOURCE)
    
Post 08 Apr 2011, 11:05
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
dancho
Works perfect now! Thanks!
Post 08 Apr 2011, 12:12
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.