flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > Invalid PE Produced, Relocation, Base Zero

Author
Thread Post new topic Reply to topic
bitRAKE



Joined: 21 Jul 2003
Posts: 3045
Location: vpcmipstrm
bitRAKE
I've been using a base address of zero with fixup data to force ASLR. Sometimes FASM would produce a EXE that would not run, "The parameter is incorrect." - which I didn't see because FDBG was just pretending the file didn't exist. So, then I reverted to a previous version of my code and the error went away.

It came back again and I caught it this time.
Code:
FORMAT PE64 GUI 6.0 AT 0 ; force ASLR
SECTION '' CODE EXECUTABLE READABLE

entry $
retn

Examples dq \
  .A,.A..,\
  .B,.B..,\
  .C,.C..

.A db 1
.A.. = $ - .A
.B db 2
.B.. = $ - .B
.C db 3
.C.. = $ - .C

; Address Space Layout Randomization
SECTION '' DATA READABLE DISCARDABLE FIXUPS    
It's frustrating how a very small change makes the problem disappear:
Code:
Examples dq \
  .A,.A..,\
  .B,.B..;,\ ; just remove the last table entry and it works
;  .C,.C..    
...odd, but hopefully that helps narrow it down. The larger project had many more relocations - it was just this table - which puzzled me further. I'll look for it when I have more time - just happy to know what it is at this point. Easy work around is just to use a different base address.

_________________
¯\(°_o)/¯ unlicense.org
Post 28 May 2013, 11:05
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
bitRAKE wrote:
Easy work around is just to use a different base address.
Are you sure it is a fasm problem? If I only change the base address and do a binary compare I see that only those fields that are expected to change are altered. So nothing wrong there. Perhaps it is the OS rejecting the file for some unknown reason.
Post 28 May 2013, 11:47
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3045
Location: vpcmipstrm
bitRAKE
I'd need to dig deeper to be certain of that. At this point it's an unusual corner case that produces a PE that windows not only doesn't like, but displays an error message for. It's not because of the base address - I have several programs here that use a base address of zero. Maybe it has something to do with the encoding of the relocation data.

Edit: Nah, that doesn't make sense because it works fine with another base. "Unknown reason" is as far as I can get right now on it, too. Smile
Post 28 May 2013, 12:20
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.