flat assembler
Message board for the users of flat assembler.

Index > Windows > PE HEADER differences fasmg vs fasm

Author
Thread Post new topic Reply to topic
ProMiNick



Joined: 24 Mar 2012
Posts: 803
Location: Russian Federation, Sochi
ProMiNick 18 Oct 2016, 01:34
Code:
field           |       fasm    |       fasmg   |       difference
==================================================================
characteristics |       10Fh    |       103h    |       Gone LineNumbers(04h) & LineSymbols(08h) stripped from file. Why?
LinkerVersion   |       1,71    |       2,0     |
SizeOfCode      |       valued  |       zeroed  |       dislike that
SizeOfIData     |       valued  |       zeroed  |       dislike that too
SizeOfUData     |       valued  |       zeroed  |       dislike that too
BaseOfCode      |       valued  |       zeroed  |       dislike that too
BaseOfData      |       valued  |       zeroed  |       dislike that too
Checksum        |       calc-d  |       blank   |
PaddingInRSRC   |       zero    |       nop(90h)|       that is good    


Why 2 of characteristics gone? Or why in fasm they present?
Why not calculated sizes & bases of code & data?
Why checksum does not realized?

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.
Post 18 Oct 2016, 01:34
View user's profile Send private message Send e-mail Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8357
Location: Kraków, Poland
Tomasz Grysztar 18 Oct 2016, 07:19
Note that this is not fasmg that causes the differences, only the PE.INC macros. It is very much possible to write macros that would generate everything the same as fasm, up to the last bit (in fact, the ELF macros do it).

ProMiNick wrote:
Why 2 of characteristics gone? Or why in fasm they present?
I have cleaned up the default choice of flags when writing the macros, because fasm's choices were a bit unusual. You can change these flags by altering this setting:
Code:
PE.Settings.Characteristics = IMAGE_FILE_EXECUTABLE_IMAGE or IMAGE_FILE_32BIT_MACHINE or IMAGE_FILE_LINE_NUMS_STRIPPED or IMAGE_FILE_LOCAL_SYMS_STRIPPED    
If you used PE.INC directly, you could just put this setting into your source. When you use "format" macro, it sets it up automatically - but I think I should add these two flags to the "format" macro - this way the "format" would be more compatible with fasm, while PE.INC would remain unchanged with its plain defaults.

ProMiNick wrote:
Why not calculated sizes & bases of code & data?
This is another thing that I got rid of when cleaning up. These values were always very meaningless and to my knowledge they were not used anywhere. In case of assembly program, where code and data may be intermixed or overlapped in any order, computing these values makes no sense.
If you need to set them up, you can alter the section macros (or determine the values in some other way) and write them directly to the header with instructions like:
Code:
store SIZE_OF_CODE at PE:OptionalHeader.SizeOfCode    


ProMiNick wrote:
Why checksum does not realized?
As you can see in the "format" macro, the checksum computation is enabled only for "PE native", because only there it used to be absolutely needed. It is turned off otherwise to save on the processing time, but you can enable it for any PE by adding this line to the source:
Code:
PE.Settings.ComputeCheckSum = 1    
Even when you use "format", you can still add this line to the source and it should enable checksum computation in case when "format" did not enable it. I may consider enabling it always by the "format" macro that comes with fasm compatiblity headers.
Post 18 Oct 2016, 07:19
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8357
Location: Kraków, Poland
Tomasz Grysztar 19 Apr 2017, 10:14
With the latest fasm-compatible Windows headers for fasmg the unwanted differences are gone.
Post 19 Apr 2017, 10:14
View user's profile Send private message Visit poster's website Reply with quote
VEG



Joined: 06 Feb 2013
Posts: 80
VEG 23 Apr 2017, 12:06
Tomasz Grysztar, I've seen some situations when antivirus software complain about a program when checksum is not right. So, maybe it is better to turn on calculation of the checksum by default.
Post 23 Apr 2017, 12:06
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 23 Apr 2017, 12:13
Nah, just turn off your AV. They don't help you anyway. Razz
Post 23 Apr 2017, 12:13
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8357
Location: Kraków, Poland
Tomasz Grysztar 23 Apr 2017, 12:46
VEG wrote:
Tomasz Grysztar, I've seen some situations when antivirus software complain about a program when checksum is not right. So, maybe it is better to turn on calculation of the checksum by default.
The checksum computation is already always enabled, I changed it when I added the "postpone ?" feature to fasmg.
Post 23 Apr 2017, 12:46
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.