flat assembler
Message board for the users of flat assembler.
Index
> Windows > Iczelion's PE Tutorial 2 |
Author |
|
GuyonAsm 05 Nov 2003, 15:10
Beowulf,
I like how you setup your import section, so that you dont have to define each and every function like i used to do, for now on im gonna use your method there at the bottom. I have a question. When your reading the IMAGE_DOS_HEADER, and you get to e_lfanew, is that offset, from the beginning of the file, or from that position in the file to the IMAGE_NT_HEADER ? _________________ I shall not evade what is predestined because every battle, is another lesson - GuyonAsm. A Believer of The System. |
|||
05 Nov 2003, 15:10 |
|
roticv 05 Nov 2003, 16:15
Beginning of the file. Therefore usually it is "reg+3ch".
Anyway no need to add "64h" instead use something like mov [fs:0], esp |
|||
05 Nov 2003, 16:15 |
|
GuyonAsm 05 Nov 2003, 17:42
roticv,
Thanks for the reply, I was just wondering ,because I use a different method for walking through the file instead of mapping(CreateFile then using the ReadFile function). Okay last question pertaining to this. You say its the offset from the beginning of the file, So for all other offsets in the other structures(IMAGE_OPTIONAL_HEADER32 for example), their based at the beginning of the file, or do different fields in the structure expect you to add from the structure base and on up? _________________ I shall not evade what is predestined because every battle, is another lesson - GuyonAsm. A Believer of The System. |
|||
05 Nov 2003, 17:42 |
|
roticv 06 Nov 2003, 04:37
GuyonAsm wrote: roticv, Yes, I have done that before. Making use of memory allocation and ReadFile. Quote: You say its the offset from the beginning of the file, So for all other offsets in the other structures(IMAGE_OPTIONAL_HEADER32 for example), their based at the beginning of the file, or do different fields in the structure expect you to add from the structure base and on up? If I remmeber correctly, most are relative to the file offset. For example the address (If I did get the name correctly) of the section is relative to file offset. Seems so long since I last fooled with the PE format *grins* |
|||
06 Nov 2003, 04:37 |
|
eet_1024 06 Nov 2003, 07:12
GuyonAsm:
If you use the latest includes in the Win32GUI distro of fasm, you can: Code: include '%include%/win32ax.inc' format PE GUI 4.0 .data MyVar dd 0 .code proc Main enter mov eax, 0 return .end Main |
|||
06 Nov 2003, 07:12 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.