flat assembler
Message board for the users of flat assembler.
Index
> Windows > About Microsoft lib file structure. |
Author |
|
Roman 11 Dec 2024, 10:05
This is main asm code from hex editor.
Code: format MS COFF section '.code' code readable executable public _demo _demo: push 0 push _caption ;i marked this red color in hex editor. 68h opcode push push _message ;i marked this yellow color in hex editor. push 0 mov eax,[MessageBox] call eax ret section '.data' data readable writeable _caption db 'Win32 assembly',0 _message db 'Coffee time!',0 extrn '__imp__MessageBoxA@16' as MessageBox:dword Last edited by Roman on 11 Dec 2024, 10:26; edited 1 time in total |
|||
11 Dec 2024, 10:05 |
|
Roman 11 Dec 2024, 10:20
Common Object File Format (COFF)
Weird why in file header not using first 4 bytes COFF. https://stackoverflow.com/questions/3811437/whats-the-format-of-lib-in-windows
Last edited by Roman on 14 Dec 2024, 12:34; edited 2 times in total |
||||||||||
11 Dec 2024, 10:20 |
|
Roman 11 Dec 2024, 10:30
From the offset 20 begin first section. Name 8 bytes and data(4 bytes size bytes, 4 bytes start offset).
Last edited by Roman on 14 Dec 2024, 08:22; edited 1 time in total |
|||
11 Dec 2024, 10:30 |
|
Roman 11 Dec 2024, 10:49
|
|||
11 Dec 2024, 10:49 |
|
Roman 11 Dec 2024, 12:05
good explanation coff
https://otterhacker.github.io/Malware/CoffLoader.html |
|||
11 Dec 2024, 12:05 |
|
Roman 12 Dec 2024, 14:02
Microsoft file lib consist !<arch> and several COFFs.
Read symbols table where is many sections(.text,.data,.rdata) Get functions names for dll and code from Strings Table. In Strings Table stored long names big than 8 bytes. Because in symbols table section name only 8 bytes.
|
|||||||||||
12 Dec 2024, 14:02 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.