flat assembler
Message board for the users of flat assembler.

Index > Windows > What's wrong with this PE-File

Author
Thread Post new topic Reply to topic
Kinex



Joined: 16 Jul 2004
Posts: 32
Kinex
Hey, Can someone help me and figure out why this PE-File doesn't execute? It should execute properly but it just won't work.

If you look at it please don't be scared because the sections are not optimized they have all the same size.

Can someone figure this out? I don't get it.

Thanks.


Description:
Download
Filename: pqp2.zip
Filesize: 4.38 KB
Downloaded: 64 Time(s)



Last edited by Kinex on 11 Oct 2005, 23:50; edited 1 time in total
Post 11 Oct 2005, 21:07
View user's profile Send private message Reply with quote
decard



Joined: 11 Sep 2003
Posts: 1092
Location: Poland
decard
seems that it has its import section broken:


Description:
Filesize: 47.71 KB
Viewed: 1394 Time(s)

111.PNG


Post 11 Oct 2005, 21:25
View user's profile Send private message Visit poster's website Reply with quote
Kinex



Joined: 16 Jul 2004
Posts: 32
Kinex
Hmm is it really broken? the whole functions of user32.dll are imported and Stud-PE doesn't give an error to me it displays all imports correctly. I think there must be another reason why this doesn't work.
Post 11 Oct 2005, 22:25
View user's profile Send private message Reply with quote
decard



Joined: 11 Sep 2003
Posts: 1092
Location: Poland
decard
Well, I'm not familiar with internal PE structure, but I thought that one dll name can't figure so many times in import section Wink Anyway fileinfo (Total Commander plugin) says that something is wrong with it: "Missing Functions in implict load DLL" (whatever it means).
Post 11 Oct 2005, 22:40
View user's profile Send private message Visit poster's website Reply with quote
Kinex



Joined: 16 Jul 2004
Posts: 32
Kinex
Yes. That's true. In a normal import section this shouldn't happen that the DLL name appear more than 1 time but.. This should also work.. at least it does with 20+ imports ... Hmm I'll check it.
Post 11 Oct 2005, 22:51
View user's profile Send private message Reply with quote
Kinex



Joined: 16 Jul 2004
Posts: 32
Kinex
Ok .. I fixed the imports and now it is correct.. but same problem doesn't execute.. .. I updated the file above to pqp2.zip.. now with gdi32 imports.. It has nothing todo with the imports.. it is another reason because if there are no imports but code section is same size then it also doesn't work..
Post 11 Oct 2005, 23:52
View user's profile Send private message Reply with quote
Ancient One



Joined: 28 Feb 2005
Posts: 55
Ancient One
the size of image field (offset 0xD0 in ur file) is not correct. u must set it to last section alignment+size of that last section (aligned to section alignment).
Post 12 Oct 2005, 03:01
View user's profile Send private message MSN Messenger Reply with quote
Kinex



Joined: 16 Jul 2004
Posts: 32
Kinex
Yes you are totally correct! Got it now thanks Ancient One!
Post 12 Oct 2005, 08:21
View user's profile Send private message Reply with quote
Ancient One



Joined: 28 Feb 2005
Posts: 55
Ancient One
when u run it u will get exception coz ur code write to code section which don't have the write attribute.
Post 12 Oct 2005, 12:30
View user's profile Send private message MSN Messenger Reply with quote
Kinex



Joined: 16 Jul 2004
Posts: 32
Kinex
Yes I know I made this exception to see if the PE File is executed.. but it was always a "not valid win32 executable" .. and didn't raise this exception! anyway it works nice now Wink Thank you again!
Post 12 Oct 2005, 15:09
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.