flat assembler
Message board for the users of flat assembler.
Index
> Windows > Is it possible to rewrite parts of PE with recalculate reloc |
Author |
|
Tomasz Grysztar 26 Nov 2019, 15:40
You would have to parse the PE headers (I once did something like that for fasm 1, but for a very different purpose), find the fixups, parse them and replace the ones that you need to change.
|
|||
26 Nov 2019, 15:40 |
|
ProMiNick 26 Nov 2019, 16:45
Code: macro extract_relocs pe_file { ; get PE header offset virtual at 0 file pe_file:32,4 load __header_offset dword from 0 end virtual ; load PE header virtual at 0 file pe_file:__header_offset+4,20 load __number_of_sections word from 2 load __size_of_optional_header word from 16 load __characteristics word from 18 end virtual ; load optional header virtual at 0 file pe_file:__header_offset+24,__size_of_optional_header load __magic word from 0 if __magic = 0x10B load __reloc_base dword from 136 load __reloc_size dword from 136+4 else load __reloc_base qword from 158 load __reloc_size qword from 158+8 end if end virtual ; load sections and scan for the one containing the relocs virtual at 0 file pe_file:__header_offset+24+__size_of_optional_header,__number_of_sections*40 repeat __number_of_sections load __section_size dword from (%-1)*40+8 load __section_base dword from (%-1)*40+12 load __section_offset dword from (%-1)*40+20 if __reloc_base>=__section_base & __reloc_base+__reloc_size<=__section_base+__section_size __reloc_offset = __section_offset+(__reloc_base-__section_base) break end if end repeat end virtual ; load all the resource and scan the tree for required entry virtual at 0 file pe_file:__reloc_offset,__reloc_size until that place all is clear but I dont completely understand relocs internal structure |
|||
26 Nov 2019, 16:45 |
|
Tomasz Grysztar 26 Nov 2019, 16:56
ProMiNick wrote: until that place all is clear but I dont completely understand relocs internal structure |
|||
26 Nov 2019, 16:56 |
|
ProMiNick 27 Nov 2019, 08:24
Code: macro extract_relocs pe_file { ; get PE header offset virtual at 0 file pe_file:$3C,4 load __header_offset dword from 0 end virtual ; load PE header virtual at 0 file pe_file:__header_offset+4,20 load __number_of_sections word from 2 load __size_of_optional_header word from 16 load __characteristics word from 18 end virtual ; load optional header virtual at 0 file pe_file:__header_offset+24,__size_of_optional_header load __magic word from 0 if __magic = 0x10B PEsizeof.PTR = 4 load __image_base dword from 28 load __reloc_base dword from __size_of_optional_header-PEsizeof.PTR*2*(16-5);136 load __reloc_size dword from __size_of_optional_header-PEsizeof.PTR*2*(16-5)+PEsizeof.PTR;136+4 else PEsizeof.PTR = 8 load __image_base qword from 28 load __reloc_base qword from __size_of_optional_header-PEsizeof.PTR*2*(16-5);158 load __reloc_size qword from __size_of_optional_header-PEsizeof.PTR*2*(16-5)+PEsizeof.PTR;158+8 end if end virtual ; load sections and scan for the one containing the relocs virtual at 0 file pe_file:__header_offset+24+__size_of_optional_header,__number_of_sections*40 repeat __number_of_sections load __section_size dword from (%-1)*40+8 load __section_base dword from (%-1)*40+12 load __section_offset dword from (%-1)*40+20 if __reloc_base>=__section_base & __reloc_base+__reloc_size<=__section_base+__section_size __reloc_offset = __section_offset+(__reloc_base-__section_base) break end if end repeat end virtual ; load all the relocs and scan the tree for required entry virtual at 0 __relocs:: ; I found how to workaround throw relocs __reloc_block_offset = 0 file pe_file:__reloc_offset,__reloc_size while __reloc_block_offset < __reloc_size load __reloc_block_base dword from __reloc_block_offset load __reloc_block_size dword from __reloc_block_offset+4 __reloc_index = 0 while 8+__reloc_index*2<__reloc_block_size load __reloc word from __reloc_block_offset+8+__reloc_index*2 if __reloc __reloc = __reloc_block_base + (__reloc and $FFF) ;relocarray equ relocarray,__reloc end if __reloc_index = __reloc_index + 1 end while __reloc_block_offset = __reloc_block_offset + __reloc_block_size end while end virtual } macro patchrelocs start,end,[relocs] { ; It is not clear how to patch relocs ; And how to make cumulative patch } extract_relocs 'ANY.DLL' ; any valid dll no matter patchrelocs __image_base+$1000,__image_base+$1070,\ ; if I work with "__relocs::" I will lose patches of previos patchrelocs __image_base+$1013,\ __image_base+$1020,\ __image_base+$1027,\ __image_base+$1040 patchrelocs __image_base+$1210,__image_base+$1240,\ __image_base+$1217,\ __image_base+$1230 [edited] In my case there is no needance in virtual - I making patch - so everithing is always accessible and all changes are cumulative. |
|||
27 Nov 2019, 08:24 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.