flat assembler
Message board for the users of flat assembler.

Index > Windows > smallest flexible PE

Goto page Previous  1, 2, 3  Next
Author
Thread Post new topic Reply to topic
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl
Smile thanks F9. but it's basically a copy of what babyboy did, so i don't deserve much credit. i'm glad you find it useful though. i certainly did
Post 06 Oct 2006, 07:58
View user's profile Send private message Reply with quote
F9



Joined: 29 Sep 2006
Posts: 17
F9
Although I just got here, babyboy template did get some of us seriously digging deeper into the PE format. Credit is definitely due him, but it's amazing how you studied it all since than and was able to come up with such a re-write so small in so little time. That takes serious knowledge of the PE format not just tinkering around. I know you worked hard and kicked out lot of help. I'm impress...
Quote:
... i'm glad you find it useful though

useful is not the word... It the birth of my future FASM project that I will have running very shortly thanks due to you and babyboy. Smile

My project is actually an encryption program. I been thinking and realize all i need is an dialog box with a edit box, list box and buttons. Shouldn't this be possible to build up from manual PE since dialog is from the subsystem just like message box?
Post 06 Oct 2006, 13:57
View user's profile Send private message Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl
thankyou for the compliment. it means a lot to me...

i'm pretty sure you can build any app from the manual PE template (also check out the PEDemo in fasm examples). all you need is documentation on the windows api. at the end of my code you'll see how the ExitProcess function was imported fom kernel32.dll. In the same way you can import any of the api. Using kernel32.dll, user32.dll and gdi32.dll you can build any app that can be build on windows. every user program that wants access to hardware has to go through those 3 files (i highly recommend Windows Internals by Mark Russinovich as the best way to get a deep understanding of how Windows works).

here is a free download of the windows platform SDK. all the info can be found on the msdn website (i just google for the api name, like QueryPerformanceCounter) but if you can download this you can work while not online.

the development process is rather simple. if you find an example of what you want to do, like in a c program or even an .exe, get the names of the api calls it makes. with the .exe you can use a debugger. then look up the api names in the sdk. then the only problem is preparing the right kind of data the api wants.

the attached file should get you going. it uses opengl to render a rotating square (taken from fasm examples) but uses something called a multimedia timer so that you can accurately control the speed of the rotation. and if you look at the bottom i use more than kernel32,user32 and gdi. the multimedia timer comes from winmm.dll. opengl from opengl32.dll. check out the data section too to see how i build up the data structures specified in the platform sdk.

also i don't use any macros or imports, so all you need is fasm.exe to assemble.

good luck!


Description:
Download
Filename: DIB.asm
Filesize: 13.62 KB
Downloaded: 269 Time(s)

Post 08 Oct 2006, 16:45
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
You ought to set up some equates instead of using magic numbers... it's not like that will change executable size Smile
Post 08 Oct 2006, 21:31
View user's profile Send private message Visit poster's website Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl
no i do see what you mean. with more equates it would be more flexible. but more equates also makes it harder to understand if you didn't write the code or hadn't seen it in a long time. more options make it less simple. that's why i only have equates for the main aspects the program. but i do think it's important to have a record of what the values you're using were for, but i just put that into comments next to the code instead of equates somewhere else.
Post 09 Oct 2006, 08:30
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Actually it would make the program simpler to read - right now you use magic values and have their symbolic values as a comment.
Post 09 Oct 2006, 10:40
View user's profile Send private message Visit poster's website Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl
hmmm... no i agree the code itself looks rather cryptic just pushing numbers.... hmmm... i find it hard to strike a balance between having the code be clear and having the code header (description, equates, macros, data structures) be clear too. the clearer you make your code the more equates and macros you define which sometimes aren't as clear. hmmm... it's still something i'm struggling with. no silver bullet that i can see. i see your point though, i think
Post 09 Oct 2006, 12:01
View user's profile Send private message Reply with quote
F9



Joined: 29 Sep 2006
Posts: 17
F9
I total agree.

The GOD Truth: That's the way my code goes, Other than that i would have never came to FASM to get the rest of the gunk out. I learned a lot with it, than I learned it make more since to live without it. After all, it for educational purposes only ... Not for the seasoned coder.

As long as a person comment the code for his own needs with ^pure facts^ but pause to try to brief others, there is no problem. Just like anybody else you got to get back to your original project. You came to be a student for your own reasons, not others. Nine out of ten we all end up as educators. But for now ...

If you were an pedagogue coding and commenting like that or changing to be like that than there would be an problem.

Evidently this is your style of coding. No need to change it to please me or anyone else unless you plan to write a tutor. Your example is well appreciated. Smile

This is no bash to you f0dder. I already know you are a great ASM coder and educator if not one of the most active ever, but in on this note, let karl do his thing his way, seem like he kind of stubborn like you as is.
Post 09 Oct 2006, 15:49
View user's profile Send private message Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
Bravo Karl, this is how I use fasm. I originally started like most, learning macros but one day run across code from an amazing programmer with the handle of Diamond who is part of the Kolibri OS team.

Russian link
http://diamondz.land.ru/

Translation to English
http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=ru_en&url=http%3A%2F%2Fdiamondz.land.ru%2F



Since that day I've gone about getting rid of all macros like you and come up with code very similar to what you have shown here. I hope more people find the light Wink if only to see fasm assemble code like DIB.asm with a "0 sec consumed" message (I use EditPlus) -

---------- Fasm ----------
flat assembler version 1.67.5
5 passes, 4096 bytes.

Output completed (0 sec consumed) - Normal Termination




I agree with fodder, magic values are a complete pain in the butt, especially when viewing code from others. However I like the way you do it but wonder whether with lines like -

Code:
push 0x16CF0000         ; dwStyle (WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU)
    


you expand out what the values of WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU are in your comments.

One other thing, using the import macro supplied with fasm you get -

Code:
_ExitProcess dw 0
db 'ExitProcess',0
rb RVA $ and 1
    


rb RVA $ and 1 ...... what do you think, worth adding.

Look forward to seeing your new assembler when it's completed Wink
Post 09 Oct 2006, 21:07
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
[quote=F9]
This is no bash to you f0dder. I already know you are a great ASM coder and educator if not one of the most active ever, but in on this note, let karl do his thing his way, seem like he kind of stubborn like you as is.
[/quote]
Great asm coder is probably an overstatement; I'm fairly decent and have always been able to get the speed/size I need, but I'm not in the same league as the real good ones, and I don't belive in full-asm programming for my own needs Smile

<PEDANTIC>
Btw, you shouldn't do "WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU" since it's really "WS_VISIBLE or WS_DLGFRAME or WS_SYSMENU". For most stuff this won't matter, but... Wink
</PEDANTIC>
Post 09 Oct 2006, 21:44
View user's profile Send private message Visit poster's website Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl
F9: it seems we agree on many things. i also came to fasm to 'get the gunk out'. also i hate not being in control, and i think assembly gives you the most.

as for coding style: i love coding. it's one of my favorite things. and yes, you have to get things done, you have to be practical if you want to be a 'good' coder, but that doesn't mean you can't be an individual, that you can't have your own style... it really moved me when i read tomasz describe himself as an 'assembly artist'. his code is, i think, quite beautiful. and i love the idea that my code could be considered art, even though it was serving a practical function.

anyway, i'm just ranting. i hope it's someway related to what you were saying. thanks for backing me up. and you're last comment is very perceptive: i can be incredibly stubborn Smile


michaelh: i'm glad you see the macro debate like i do. thanks for the heads-up on diamond; i always love to find new coding heros.

the reason i don't specify what WS_VISIBLE and WS_DLGFRAME are is that i assume you have access to the microsoft platform sdk. that's where all the symbols names in the comments come from. to me, if you're programming windows, especially low-level, you should have the official windows-programming documentation, ie. the sdk. so i leave out as much as i can without making it too cryptic. as long as you get an idea of what code is doing. so to me ' ; dwStyle WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU' gives a rough idea of what you're doing. to understand the code you don't need the actual values, and if you do need them you have the sdk.

as for the import macro code:
_ExitProcess dw 0
db 'ExitProcess',0
rb RVA $ and 1

hmmm... i'm not sure what that last line is suppose to be doing. i think rb doesn't necessarily get included. to get a better idea you can look at the pe1.zip file (link last page) that describes how the import table is suppose to look in your .exe. just had a glance and it looks like it will take some work to decipher. look at the pedemo in fasm/examples. it does the same. it's how tomasz does it in the fasm.asm source. and hey , it works, so... Smile

thanks for the encouragement about the assembler. i'll let you know if it happens!


fodder: i get you. WS_VISIBLE or, not +. i think it reads easier with a + though.
Post 10 Oct 2006, 10:55
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Quote:

to understand the code you don't need the actual values, and if you do need them you have the sdk.

Then you have to break up the "magic value" into individual power-of-two numbers, grep the sdk includes for those, find multiple matches, and have to decide which one is the most likely... which is why sane people use symbolic constants Wink

Quote:

fodder: i get you. WS_VISIBLE or, not +. i think it reads easier with a + though.

It's only a problem if you find a rare case with two equates with the same value... I can't think of any off top of my head, but I seem to recall running into them.
Post 10 Oct 2006, 10:59
View user's profile Send private message Visit poster's website Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl
are you suggesting i'm not sane? Smile
like F9 said, i'm stubborn as hell. i want the entire program to be in one source file. i want it to be beautiful. i want to easily understand what the code is doing 5 years from now. my style is, i think, a result of trying to balance these insane Wink desires. again i see your point, though
Post 10 Oct 2006, 11:39
View user's profile Send private message Reply with quote
F9



Joined: 29 Sep 2006
Posts: 17
F9
Nice to know i have not offended anyone with my 2 bits. f0dder's problem with your code brought about MichaelH's suggestion which obviously is perfect for you. It hurts nothing.
Quote:
i read tomasz describe himself as an 'assembly artist'. his code is, i think, quite beautiful.

I downloaded tomasz video and will be viewing and listening to it for the next few weeks, everyday, all day, while i re-code my entire project from his PE EXAMPLE based in your DIB code style. (That will be my start with PE)

I will be out for a while. When i get back i hope to talk with tomasz for a minute or two. I'm not giving up on manual PE but i best step aside so you can deal with your new and more experienced friends. I'll be hitting the books as well to try to catch up.
Quote:
i hope it's someway related to what you were saying.

karl, PM me with a ^spare^ e-mail address and i will sent you a special part from my personal masm32 project. To see it will answer that question and may prove to be helpful for your dissembler.
Quote:
anyway, i'm just ranting.

You should be proud.
Post 10 Oct 2006, 17:19
View user's profile Send private message Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
rb RVA $ and 1 ..... byte alignment. If the procedure name is an odd number of characters, this line will mean the next import is byte aligned. Not sure whether it helps performance but alignment is good Smile

Yes I have the SDK's etc and have Editplus set up so I put the cursor on the word, click a user tool button and the values information is displayed. It's just Tom Tobias keeps reminding us about readability. The fact he tells us we will be educators of others really scares me Sad .... I can't imagine a world of people taught by me as I've been certified brain dead about as long as Tom has Smile

Anyway I don't think it's important how code is made readable, what's important is that it is readable....., thanks for your examples. This forum is full of people endlessly giving and asking nothing in return ..... it's fantastic!

Regards Michael
Post 10 Oct 2006, 22:30
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
[quote=F9]
Nice to know i have not offended anyone with my 2 bits. f0dder's problem with your code brought about MichaelH's suggestion which obviously is perfect for you. It hurts nothing.
[/quote]
It hurts nothing, but it's redundant - if you used EQUs, the magic number would be replace with the comment, and there would then be no need for a comment... and you also don't risk that magic value and describing comment are out of sync.

I find it a bit humorous, by the way, that Tom Tobias talks about readability, considering his post structure Wink
Post 10 Oct 2006, 23:35
View user's profile Send private message Visit poster's website Reply with quote
F9



Joined: 29 Sep 2006
Posts: 17
F9
Quote:
It hurts nothing, but it's redundant - if you used EQUs, the magic number would be replace with the comment, and there would then be no need for a comment...


This is getting crazy

If someone want to code a certain way, that's that. If he choose to place a comment ; (notes) next to a line of code it probably only to help other understand it or to serve as an reminder if he forget some details down the line ... Come on guy. It's totally of topic and it beginning to seems like nitpicking. This thread has came to a life of it own. People are not coming here to read two pages about readability of karl's code. Point was made already. Anything else is a distraction.

Here are two links that ^may^ favor both of options. Read between the lines than make your choices. For me, i got my reasons to do it the hard way and will not try to convince anyone to accept that.
http://www.programmingresearch.com/solutions/QAJDOCS/Patterns/no-magic-numbers.html


and
http://en.wikipedia.org/wiki/Magic_number_(programming)


Regards
Post 11 Oct 2006, 04:53
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan
some fixes to karl's posted code. Corrected section size (not only import is taken into consideration), sone needed(?) align added.

EDITED: corrected my_align macro.


Description:
Download
Filename: Small PE.asm
Filesize: 3.51 KB
Downloaded: 205 Time(s)


_________________
Any offers?
Post 12 Oct 2006, 19:26
View user's profile Send private message Reply with quote
Croustiman



Joined: 16 Apr 2007
Posts: 1
Croustiman
Hello!
I have a question. Why the code size in "code_section" is limited ?
It's possible to fix that ? yea, how ?
Thx ! Very Happy
Post 16 Apr 2007, 14:06
View user's profile Send private message Reply with quote
hidden



Joined: 14 Feb 2007
Posts: 49
hidden
And this absolutely incorrect construction perfectly works on WinXP SP2 and has size 208 bytes. Can any body make smaller and not to louse functional? Smile
Code:
        image_base      equ 0x400000
        alignment       equ 0x4
        stack_reserve   equ 0x1000
        stack_commit    equ 0x1000
        heap_reserve    equ 0x1000
        heap_commit     equ 0x1000
                use32
        dos_header:
                db 'MZ'
                jmp lable1
        pe_header:
                db 'PE',0,0
                dw 0x014C
                dw 1
    _MessageBox db 'MessageBoxA', 0
                dw sizeof.header
                dw 0x010F
        optional_header:
                dw 0x010B
        user_table:
     MessageBox dd _MessageBox+0000h-2
                dd 0
        message db 'Hello',0
                dd 0
                user_name db 'USER32',0,0
                dd image_base
                dd alignment
                dd alignment
        lable1:
                push eax
                push title+image_base
                jmp directory_entries
                dq 4
                dd sizeof.image
                dd import_directory
                dd 0
                dd 2
                dd stack_reserve
                dd stack_commit
                dd heap_reserve
                dd heap_commit
                dd 0
                dd 2
        directory_entries:
                push message+image_base
                push eax
                jmp label2
                dd import_directory
                dd sizeof.import
        label2:
                mov esi, edx
                call[MessageBox+image_base]
                push esi
                db 0xEB
        import_header:
                db 0
                ret
        title:  db 'Title',0
                dd sizeof.import
                dd import_directory
                dd sizeof.import
                dd import_directory
                rd 3
                dd 0x0E0000020
        import_directory:
                dd 0,0,0,user_name
                db user_table
        file_end:
                sizeof.import = file_end-import_directory
                sizeof.header = import_header-optional_header
                sizeof.image = file_end     
I think second step is only to take out import section and to use syscall, but I'm not sure that it would be smaller.

_________________
Image Lang: (eng|рус)


Last edited by hidden on 18 Apr 2007, 22:10; edited 1 time in total
Post 16 Apr 2007, 22:16
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.