flat assembler
Message board for the users of flat assembler.
Index
> Windows > question for advanced windows programmers |
Author |
|
pelaillo 11 Mar 2005, 15:56
Actually, on your disk, the size of your section is 200h but windows will load your PE starting from virtual address 400000h and the size of your section becomes 1000h and needed relocations are calculated.
The 600h offset makes me guess that your import section is the third section on your PE file. |
|||
11 Mar 2005, 15:56 |
|
at0mic 11 Mar 2005, 16:39
You are right but how do you know ?
can't the sections be in 300h alignment instead of 200h ? where can I get it , and why in some of porgramm virtual addres is equal fille offset ? thanks a lot ! I found file alignment but still have no ide how to figure out the import data _________________ at0mic! |
|||
11 Mar 2005, 16:39 |
|
Vasilev Vjacheslav 11 Mar 2005, 19:06
i think my code helps you
Code: format pe gui 4.0 entry start include '%fasminc%\win32a.inc' include 'imagehdr.inc' MAX_PATH = 260 macro m2m dest,src { push src pop dest } section '.data' data readable writable szFilter db "All Files",0,"*.*",0,0 szTitle db "Select file to delete",0 section '.udata' readable writeable hInstance dd ? hFileHandle dd ? hFileSize dd ? hFileMap dd ? hFileView dd ? szFilePath rb MAX_PATH section '.code' code readable executable start: invoke GetModuleHandle,NULL or eax,eax jz .exit_prog mov [hInstance],eax stdcall _openfile,szFilePath or eax,eax jz .exit_prog invoke CreateFile,szFilePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL or eax,eax jle .exit_prog mov [hFileHandle],eax invoke GetFileSize,eax,NULL or eax,eax jle .close_exit invoke CreateFileMapping,[hFileHandle],NULL,PAGE_READONLY,NULL,NULL,NULL or eax,eax jz .close_exit mov [hFileMap],eax invoke MapViewOfFile,eax,FILE_MAP_READ,NULL,NULL,NULL or eax,eax jz .unmap_exit mov [hFileView],eax mov edi,eax cmp word [edi+IMAGE_DOS_HEADER.e_magic],"MZ" jnz .unmap_exit mov esi,[edi+IMAGE_DOS_HEADER.e_lfanew] add esi,edi cmp word [esi+IMAGE_NT_HEADERS.Signature],"PE" jnz .unmap_exit mov eax,dword [esi+IMAGE_NT_HEADERS.OptionalHeader.DataDirectory+8] stdcall _rvatova,[hFileView],eax add eax,edi ; now eax contain import table descriptor invoke UnmapViewOfFile,[hFileView] .unmap_exit: invoke CloseHandle,[hFileMap] .close_exit: invoke CloseHandle,[hFileHandle] .exit_prog: invoke ExitProcess,NULL proc _rvatova, lpFileView,lpRVA pushad mov esi,[lpFileView] add esi,[esi+IMAGE_DOS_HEADER.e_lfanew] mov edi,[lpRVA] mov edx,esi add edx,sizeof.IMAGE_NT_HEADERS mov cx,[esi+IMAGE_NT_HEADERS.FileHeader.NumberOfSections] movzx ecx,cx .while_start: or ecx,ecx jle .endw cmp [edx+IMAGE_SECTION_HEADER.VirtualAddress],edi ja @F mov eax,[edx+IMAGE_SECTION_HEADER.VirtualAddress] add eax,[edx+IMAGE_SECTION_HEADER.SizeOfRawData] cmp edi,eax jae @F mov eax,[edx+IMAGE_SECTION_HEADER.VirtualAddress] sub edi,eax mov eax,[edx++IMAGE_SECTION_HEADER.PointerToRawData] add eax,edi jmp .out @@: add edx,sizeof.IMAGE_SECTION_HEADER dec ecx jmp .while_start .endw: xor eax,eax .out: mov [esp+28],eax popad return endp proc _openfile, lpFileBuffer .ofn OPENFILENAME enter lea edi,[.ofn] stdcall _zeromem,edi,sizeof.OPENFILENAME mov [edi+OPENFILENAME.lStructSize],sizeof.OPENFILENAME mov [edi+OPENFILENAME.hwndOwner],HWND_DESKTOP m2m [edi+OPENFILENAME.lpstrFile],[lpFileBuffer] mov [edi+OPENFILENAME.nMaxFile],MAX_PATH mov [edi+OPENFILENAME.lpstrFilter],szFilter mov [edi+OPENFILENAME.nFilterIndex],1 mov [edi+OPENFILENAME.lpstrFileTitle],NULL mov [edi+OPENFILENAME.nMaxFileTitle],NULL mov [edi+OPENFILENAME.lpstrInitialDir],NULL mov [edi+OPENFILENAME.Flags],OFN_EXPLORER+OFN_FILEMUSTEXIST+OFN_HIDEREADONLY mov [edi+OPENFILENAME.lpstrTitle],szTitle invoke GetOpenFileName,edi return endp proc _zeromem, var,size invoke RtlZeroMemory,[var],[size] return endp section '.idata' import data readable writeable library kernel32,'kernel32.dll',\ user32,'user32.dll',\ comdlg32,'comdlg32.dll' include '%fasminc%\apia\kernel32.inc' include '%fasminc%\apia\user32.inc' include '%fasminc%\apia\comdlg32.inc' ; eof _________________ [not enough memory] |
|||
11 Mar 2005, 19:06 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.