flat assembler
Message board for the users of flat assembler.
Index
> Windows > PE From scratch, first try. |
Author |
|
mindcooler 29 Sep 2012, 12:35
Quote: .SectionAlignment dd 4 What OS are you targeting? _________________ This is a block of text that can be added to posts you make. |
|||
29 Sep 2012, 12:35 |
|
Overflowz 29 Sep 2012, 13:18
mindcooler
Windows 7 x86. Anyways, I've read Undocumented PECOFF paper and there are written, that if SectionAlignment <= 800h then you can make PE section-less and SectionAlignment must be equal to FileAlignment. |
|||
29 Sep 2012, 13:18 |
|
mindcooler 29 Sep 2012, 13:32
Never done anything sectionless, but W7 has always barfed on any attempts on setting alignment less than the default.
|
|||
29 Sep 2012, 13:32 |
|
Overflowz 29 Sep 2012, 14:07
mindcooler
Never mind about section things, as I mentioned at first post, I'm having trouble of calculating SizeOfImage, SizeOfHeaders and import directory. Any ideas what I'm doing wrong? |
|||
29 Sep 2012, 14:07 |
|
Overflowz 30 Sep 2012, 10:28
bump...
|
|||
30 Sep 2012, 10:28 |
|
uart777 01 Oct 2012, 23:53
Overflowz: Hi. SizeOfHeaders always appears to be 200h/512, start of 1st/only section and/or size of all previous headers (MZ+"optional"+PE including data directories).
SizeOfImage has caused me so many headaches due to conflicting explanations! According to PE Explorer, true SizeOfImage=FileSize-200h: http://www.heaventools.com/PE_Explorer_file_repair.htm , "It is important that the ultimate physical size of the file should equal the sum of the SizeOfImage value and the SizeOfHeaders value". However, a greater value doesn't cause an error. To understand import table, check out Iczelion's PE tutorials and my import macro: http://sungod777.zxq.net/import.html "MessageBox 0, 0, 0, 0" - I would suggest replacing this with int3 to eliminate dependancies (win32a.inc). If Windows says invalid executable, file format is incorrect. If it runs and crashes with breakpoint exception, then you know it works. PS: I wrote the original "manual .EXE" in the forum about 6 years ago by the name babyboy777: http://board.flatassembler.net/topic.php?t=5616 |
|||
01 Oct 2012, 23:53 |
|
DOS386 02 Oct 2012, 01:32
mindcooler wrote:
For programs ("native" drivers can have less ???) use : SectionAlignment : $1000 FileAlignment : $0200 SizeofHeaders : $0200 (more if you have big stub or many sections) SizeofImage : integer multiple of $1000, at least $2000, total size of all sections, including headers section http://board.flatassembler.net/download.php?id=5538 _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
|||
02 Oct 2012, 01:32 |
|
mindcooler 02 Oct 2012, 11:03
These are the values I use in my PEs:
Code: image.size =pe.end-imgbase ;where pe.end is after everything header.size =$-imgbase ;where $ is after all headers And here is my take at the import macro: Code: macro import [dll,functions] { common idata: forward dd 0,0,0,dll#.name-imgbase,dll#.iat-imgbase common dd 5 dup 0 forward dll#.iat: irp function,functions \{ function: dd function\#.name-imgbase \} dd 0 forward dll#.name: db `dll,0 forward irp function, functions \{ align 2 function\#.name: dw 0 db \`function,0 \} common code.end: idata.size = $-idata orgup $,sectionalign bss: } _________________ This is a block of text that can be added to posts you make. |
|||
02 Oct 2012, 11:03 |
|
Overflowz 21 Oct 2012, 22:03
Thanks mindcooler. Sorry for long time reply, I was busy with job. Anyways, will try these things, thanks!
|
|||
21 Oct 2012, 22:03 |
|
mindcooler 22 Oct 2012, 01:24
NP, as the documentation is less than excellent, much is trial and error.
|
|||
22 Oct 2012, 01:24 |
|
ange4771 12 Dec 2012, 08:11
Hi,
I wrote many PEs by hand, covering different examples, and the sources are available at http://pe.corkami.com , so it might help you. Sincerely, Ange |
|||
12 Dec 2012, 08:11 |
|
Overflowz 15 Dec 2012, 09:57
Hi Ange, I'm trying that examples from your website, they are amazing! Unfortunately, I don't really understand YASM syntax and macros you provided in your samples, trying to translate into FASM syntax. Good job anyways, keep it up!
|
|||
15 Dec 2012, 09:57 |
|
KevinN 15 Dec 2012, 11:30
ange4771 wrote: Hi, Thank you for this |
|||
15 Dec 2012, 11:30 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.