flat assembler
Message board for the users of flat assembler.

Index > Windows > Working execuable with no imports

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20446
Location: In your JS exploiting you and your system
revolution 01 Aug 2005, 02:06
Quote:
And why you need this fixup section ?
Is it not always good practice to include a fixup section?
Quote:
I can't download the attachment!
Copy and paste the source code from the message above.
Quote:
Now need to add other libraries loading
Just add LoadLibrary to the Kernel32 imports and go from there.
Post 01 Aug 2005, 02:06
View user's profile Send private message Visit poster's website Reply with quote
wisepenguin



Joined: 30 Mar 2005
Posts: 129
wisepenguin 03 Aug 2005, 21:43
f0dder wrote:
Quote:

My Win2K system rejects all executables with a blank import table because of a bug in NTDLL.DLL. It tries to call a Kernel32.DLL function when Kernel32.DLL is not even loaded!

Dunno if you can classify it as a bug, it's simply the way the loader works. I'd say it's more buggy that no-imports actually work on other versions, by having kernel32.dll forced into your address space even if you don't use it Smile

Quote:

Spidark: Interesting that the virus scanner detects some non-existant virus. What scanner program do you use?

Either it does heuristic scanning, or a simple wildcard pattern match. These no-import executables tend to look alike. I'd say it's a good call for the virus scanner to be suspicious, since you rarely ever see valid executable that are built this way.

Anyway, forget about McAfee. BitDefender is okayish (even if unstable on win9x), the real deal is kaspersky and f-prot. And of course a trusty hex editor and disassembler.


im no windows expert but isnt it wrong for this to work on xp as kernel32.dll isnt in the import section.
why should it be loaded if its not in the import section which is there to show which functions you need ?

"I'd say it's more buggy that no-imports actually work on other versions, by having kernel32.dll forced into your address space even if you don't use it Smile"
i would agree with that, but i dont really know that much about PE files, windows internals etc.

i tested the attachment, and it works on my xp sp2 system, but not on my win2k sp4 system. same as revolution.
Post 03 Aug 2005, 21:43
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20446
Location: In your JS exploiting you and your system
revolution 03 Aug 2005, 23:02
Quote:
isnt it wrong for this to work on xp as kernel32.dll isnt in the import section
But NTDLL.DLL needs Kernel32.dll so it should import it regardless of whether it is in the EXE import section or not. Would you agree that Win2K jumping to an un-mapped area of memory is a bug?
Post 03 Aug 2005, 23:02
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 04 Aug 2005, 01:00
In this case, crashing is better than working... but windows ought to throw an "invalid executable" error under all circumstances.
Post 04 Aug 2005, 01:00
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.