flat assembler
Message board for the users of flat assembler.

Index > Windows > PE operators questions

Author
Thread Post new topic Reply to topic
Ali.Z



Joined: 08 Jan 2018
Posts: 754
Ali.Z 22 Mar 2019, 06:47
what is on?
i read the example and description, but did not understand it well.
on wrote:
optionally on operator followed by the quoted string containing file name selects custom MZ stub for PE program (when specified file is not a MZ executable, it is treated as a flat binary executable file and converted into MZ format). The default code setting for this format is 32-bit. The example of fully featured PE format declaration:

Code:
format PE GUI 4.0 DLL at 7000000h on 'stub.exe'    


notpageable only available for device drivers right?

heap what can happen if i set it to 0? or i must leave it to default 10000h?

are public - static - extrn available to PE or they are special to MS COFF?

_________________
Asm For Wise Humans
Post 22 Mar 2019, 06:47
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20481
Location: In your JS exploiting you and your system
revolution 22 Mar 2019, 06:54
You can set any flags you want into the file. You can make the heap any size you want. You can set any flag you want. But be aware that the OS might decide to override your setting, or simply ignore it if it makes no sense. Alternatively the OS might refuse to load it.

But you can test for yourself what happens in your OS, of course. For the most part the OS will try to make it work without too much bother to the user.. Sometimes when it is hopeless the OS just tells you it can't be loaded.

Public and extrn only apply to linkable formats. Try it, fasm will tell you if it isn't permitted.

What is "static" in this context?
Post 22 Mar 2019, 06:54
View user's profile Send private message Visit poster's website Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 763
guignol 22 Mar 2019, 08:55
Why the OS?!
Why can't I just press the button, and everything under my ecstatic control?
Post 22 Mar 2019, 08:55
View user's profile Send private message Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 754
Ali.Z 24 Mar 2019, 07:29
ok ran some tests, and figured out some useful stuff.

every process have 1 default heap, even if heap-reserve and heap-commit are 0 in PE-optional header.

in case program assembled with heap 0,0 the os (in my case) assigned default heap size to 4000h. (so it make no sense if heap is 0, and must have at least 1 heap)

heap 1,1
rounded up to 1-page boundary (in my system 1 page = 4-KB which is 1000h heap)

heap 10000h,2000h
commits 4000h only, more later when heapAlloc is called.

if both reserve and commit are equal, then the system allocates the exact
amount you specified.

so it better to use heap 1000h,1000h to force the loader to allocate 1000h only.



yet i did not understand the on operator, so maybe someone can tell me how it works or used for what ... etc.

_________________
Asm For Wise Humans
Post 24 Mar 2019, 07:29
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8361
Location: Kraków, Poland
Tomasz Grysztar 24 Mar 2019, 11:28
Ali.Z wrote:
yet i did not understand the on operator, so maybe someone can tell me how it works or used for what ... etc.
The ON setting allows to choose a stub program for your PE file. Unless you specify this setting, fasm uses a default stub similar to one used by most of the compilers, which displays a "This program cannot be run in DOS mode." message when executed as DOS program. You can, however, use any DOS program as your custom stub, and this is what ON operator is for.

The DOS program that you specify for stub does not need to be in MZ format. If it is a classic .COM program, fasm converts it into MZ and uses as stub.

A commonly used setting is:
Code:
format PE on "nul"    
which uses an empty program for a stub and therefore minimizes the size of headers. This is similar to minimal stub that I used in my PE tutorial. Note that for a PE to be valid from the point of view of modern Windows loader, the stub does not need to be valid at all.
Post 24 Mar 2019, 11:28
View user's profile Send private message Visit poster's website Reply with quote
Ali.Z



Joined: 08 Jan 2018
Posts: 754
Ali.Z 24 Mar 2019, 12:24
ah that make sense, now i understand what it does.

i have tested all what you said and compared results, that very cool thank you tomasz.

i used fasttracker2 as a custom stub LOL.

btw why fasm1 dont have any operators or such for PE header and optional header?

_________________
Asm For Wise Humans
Post 24 Mar 2019, 12:24
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.