flat assembler
Message board for the users of flat assembler.
Index
> Windows > Writing .EXEs Manually |
Author |
|
Xanfa 03 Aug 2006, 03:54
Quote:
Hi babyboy10777 ! Greatwork ! (Athough i haven't read your code ! ) I don't know all about PE format as you do, but about first problem, i think : SizeOfImage is the total memory that loader allocate for the PE file went load it in memory ( i'm sure you know this !). SizeOfImage=Total virtual size of all sections + size of headers As I see, size of headers is smaller than section alignment (often 1000h), so first section starts at RVA 1000h. In your case, your first and the only one section .flat is smaller than 1000h too ,so total virtual size allocate for your program is 2000h bytes I think this will more cleary to understand: ImageSize= RVA of last section + virtual size of last section(aligned to section alignment ). |
|||
03 Aug 2006, 03:54 |
|
Tomasz Grysztar 03 Aug 2006, 06:56
You forgot USE32 to make your code 32-bit. And since it is 16-bit by default, the PUSH tries to push 16-bit word, while your value doesn't fit in such range.
As for the SizeOfImage, Xanfa already explained it well. |
|||
03 Aug 2006, 06:56 |
|
babyboy10777 03 Aug 2006, 11:26
Xanfa: Thanks for your help. I appreciate it.
Tomasz: 16BITs? No wonder! I didn't disassemble it yet, but I knew those machine code bytes in the hex editor didn't look right -- call rm had a 2 byte displacement. By the way, FASM is the BEST assembler there is! I recommend it to every one. |
|||
03 Aug 2006, 11:26 |
|
babyboy10777 04 Aug 2006, 05:54
Here's the finished, working template. It runs perfect. Just replace .bin extension with .exe.
Code: ; Manual .EXE template macro align n { db ((n-1)-($+n-1) mod n) dup(0) } use32 exe: dw 'MZ' ; useless... db 3Ah dup(0) dd 40h db 'PE', 0, 0 ; signature dd 1014Ch, 0, 0, 0 ; cpu (.I386+). # sections, etc dd 10F00E0h, 10Bh ; n/a dd 0, 0, 0 ; .code/.idata/.data sizes dd 1000h, 0, 0, 400000h ; entry, .code/.data offsets, base address dd 1000h, 200h ; section alignment in memory and file: 1K/512 dd 1, 0, 4, 0 ; versions dd (((1000h +\ ; image size = (rva + section size) aligned to 1000h one_end-one) shr 12) + 1) shl 12 dd 200h, 0 ; section 1 offset dw 2, 0 ; subsystem dd 1000h, 1000h, 1000h, 0 ; stack/heap reserve/commit dd 0, 16 ; flags, # directories dq 0 ; "data directory" structures... dd it+0E00h ; import table rva, size... dd one_end-it dq 14 dup(0) dq '.one' ; section header. file offset = 138h dd one_end-one, 1000h ; size, rva dd exe_end-one ; size rounded to 200h dd 200h, 0, 0, 0 ; file offset, skip relocations, etc dd 0E0000020h ; attributes: readable, writable, executable, etc db 200h-$ dup(0) ; proceed to 200h/1000h one: ; code: push 0 @f+400E00h @f+400E00h 0 call dword [MessageBox+400E00h] push 0 call dword [ExitProcess+400E00h] @@: db 'EXAMPLE', 0 ; data: it: ; import table dd 0,0,0, kernel_name+0E00h, kernel_table+0E00h dd 0,0,0, user_name+0E00h, user_table+0E00h dd 0,0,0,0,0 kernel_name db 'KERNEL32.DLL', 0 kernel_table: ExitProcess dd _ExitProcess+0E00h dd 0 _ExitProcess db 0, 0, 'ExitProcess', 0 user_name db 'USER32.DLL', 0 user_table: MessageBox dd _MessageBox+0E00h dd 0 _MessageBox db 0, 0, 'MessageBoxA', 0 one_end: align 200h exe_end: |
|||
04 Aug 2006, 05:54 |
|
karl 07 Aug 2006, 10:03
wicked project, babyboy. i suddenly understand so much i didn't before. and for me the best thing is that you showed me how to use the win32 api without complex macros! yay!
some questions: push 0 @f+400E00h @f+400E00h 0 what is @f? and what is 400E00h? dd 0,0,0, kernel_name+0E00h, kernel_table+0E00h what is 0E00h? hmmm... i'm guesssing i could find that out by looking at .exe definition docs. if i understand. but then why call dword [MessageBox+400E00h] ?? what is the 400E00h? so cool, man, so cool... thanks for posting it for everyone. fasm truely is the best assembler! in fact, it's the best programming environment ever!! |
|||
07 Aug 2006, 10:03 |
|
okasvi 07 Aug 2006, 11:30
Quote: push 0 @f+400E00h @f+400E00h 0 read manual about anonymous labels, @f refers to @@: db 'EX... after call. and 400E00h is imagebase+????? |
|||
07 Aug 2006, 11:30 |
|
karl 07 Aug 2006, 11:51
thanks okasvi, i'll look that stuff up....
|
|||
07 Aug 2006, 11:51 |
|
karl 07 Aug 2006, 12:05
for anyone interested: http://www.x86.org/ftp/manuals/tools/pe.pdf
good info. |
|||
07 Aug 2006, 12:05 |
|
Fady 26 Dec 2006, 05:01
This is just perfect.
Thanks babyboy! |
|||
26 Dec 2006, 05:01 |
|
asmfan 26 Dec 2006, 12:54
actually alignment macro works bad, i pointed that problem to Tomasz
Code: db 0 dup (90h) wrong value - 0. But code Code:
rb 0
is good. _________________ Any offers? |
|||
26 Dec 2006, 12:54 |
|
DOS386 27 Dec 2006, 03:50
"babyboy10777" wrote:
Quote: Here's the finished, working template. It runs perfect. Just replace .bin extension with .exe. This is great. Works for me. Could not resist to run it in DOS also - works, with some limitations. One just shouldn't run it unpatched - it freezes then, unsurprisingly. Fixed freezer problem, discussion continues here: http://board.flatassembler.net/topic.php?t=6735 _________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
|||
27 Dec 2006, 03:50 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.