flat assembler
Message board for the users of flat assembler.

Index > Windows > Windows file headers

Author
Thread Post new topic Reply to topic
neounk



Joined: 24 Sep 2006
Posts: 9
neounk
Ok, I need a little help. You can find the headers if you search around the forum but i decided to make my own inc with the DOS/PE headers from WinNt.h. The only program is 1 line that won't compile, if I comment it out it works fine:

I have IMAGE_DATA_DIRECTORY made already:

Code:
struct IMAGE_DATA_DIRECTORY

   VirtualAddress  dd      ?
   Size            dd      ?

ends
    


but in IMAGE_OPTIONAL_HEADER32

Code:
struct IMAGE_OPTIONAL_HEADER32

        Magic                           dw      ?
   MajorLinkerVersion              db      ?
   MinorLinkerVersion              db      ?
   SizeOfCode                      dd      ?
   SizeOfInitializedData           dd      ?
   SizeOfUninitializedData         dd      ?
   AddressOfEntryPoint             dd      ?
   BaseOfCode                      dd      ?

       ImageBase                       dd      ?
   SectionAlignment                dd      ?
   FileAlignment                   dd      ?
   MajorOperatingSystemVersion     dw      ?
   MinorOperatingSystemVersion     dw      ?
   MajorImageVersion               dw      ?
   MinorImageVersion               dw      ?
   MajorSubsystemVersion           dw      ?
   MinorSubSystemVersion           dw      ?
   Win32VersionValue               dd      ?
   SizeOfImage                     dd      ?
   SizeOfHeaders                   dd      ?
   CheckSum                        dd      ?
   Subsystem                       dw      ?
   DllCharacteristics              dw      ?
   SizeOfStackReserve              dd      ?
   SizeOfStackCommit               dd      ?
   SizeOfHeapReserve               dd      ?
   SizeOfHeapCommit                dd      ?
   LoaderFlags                     dd      ?
   NumberOfRvaAndSizes             dd      ?
   DataDirectory                   IMAGE_DATA_DIRECTORY    ?

ends
    


IMAGE_DATA_DIRECTORY should be:

Code:
IMAGE_DATA_DIRECTORY 16 dup(?)
    


but if I use that I get an error: "invalid value << rb sizeof.IMAGE_DATA_DIRECTORY.VirtualAddress-($-IMAGE_OPTIONAL_HEADER32.DataDirectory.VirtualAddress) >> PE.inc (66)"

Is there any way I can get it to work like that?
Post 12 Aug 2007, 13:03
View user's profile Send private message Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
DataDirectory rq 16
Post 13 Aug 2007, 00:16
View user's profile Send private message Reply with quote
neounk



Joined: 24 Sep 2006
Posts: 9
neounk
But then you can't access VirtualAddress/Size directly. =/
I'm not sure if that would work. DataDirectory is an array of 16 IMAGE_DATA_DIRECTORYs I thought rq would make a quad and set it to 16?
Post 13 Aug 2007, 10:12
View user's profile Send private message Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
Quote:

I thought rq would make a quad and set it to 16?


No that's dq 16. rq 16 reserves 16 qwords i.e 128 bytes.


You don't need to use the struct macro (in fact you don't have to use macros at all), just use a virtual block -


Code:


      dataDirectory rq 16

     virtual at dataDirectory

                export.VirtualAddress  dd      ? 
           export.Size            dd      ? 
           

                import.VirtualAddress  dd      ? 
           import.Size            dd      ? 

               ......
              ...... etc


          ; Note A virtual block start addressing at 0
                ; so $ is it's size
                sizeof.dataDirectory = $        

        end virtual 

    





You can place the virtual block anywhere in your code, for example with all constants

Hope this helped.
Post 13 Aug 2007, 11:39
View user's profile Send private message Reply with quote
neounk



Joined: 24 Sep 2006
Posts: 9
neounk
That helps but I'm not all that good with FASM, and a struct would be much easier for me. I would like to be able to do something like:

mov eax,[eax+IMAGE_OPTIONAL_HEADER32.DataDirectory.Size]

Not sure how I would access an array in fasm. But is there a reason why you can't actually compile something like that in a struct?
Post 14 Aug 2007, 20:54
View user's profile Send private message Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
Quote:

That helps but I'm not all that good with FASM, and a struct would be much easier for me.


I've expanded the DataDirectory out using your IMAGE_DATA_DIRECTORY struct. This time it's not using virtual. There are several ways of doing things with fasm (using define or equ are two more methods) but which ever way you choose, make sure you understand what the resulting output is. The most asked questions on the fasm forum are questions about using macros.

Code:
struct IMAGE_DATA_DIRECTORY 

        VirtualAddress  dd      ? 
        Size            dd      ? 

ends 


DataDirectory:

  ExportDirectory         IMAGE_DATA_DIRECTORY
        ImportDirectory         IMAGE_DATA_DIRECTORY
        ResourceDirectory       IMAGE_DATA_DIRECTORY
        ExceptionDirectory      IMAGE_DATA_DIRECTORY
        SecurityDirectory       IMAGE_DATA_DIRECTORY
        BaseRelocationTable     IMAGE_DATA_DIRECTORY
        DebugDirectory          IMAGE_DATA_DIRECTORY
        ArchitectureSpecific    IMAGE_DATA_DIRECTORY
        GlobalPointer           IMAGE_DATA_DIRECTORY
        TLSDirectory            IMAGE_DATA_DIRECTORY
        LoadConfigDirectory     IMAGE_DATA_DIRECTORY
        BoundImportDirectory    IMAGE_DATA_DIRECTORY
        ImportAddressTable      IMAGE_DATA_DIRECTORY
        DelayLoadIAT            IMAGE_DATA_DIRECTORY
        CLRHeader               IMAGE_DATA_DIRECTORY  
      
    DataDirectory.Size = $ - DataDirectory
    


Manually edit output and strip all the "sizeof"s for clarity we get -



Code:
DataDirectory:
      
    ExportDirectory:
                ExportDirectory.VirtualAddress dd ?
         ExportDirectory.Size dd ?

       label ImportDirectory
               ImportDirectory.VirtualAddress dd ?
         ImportDirectory.Size dd ?

       ResourceDirectory:
              ResourceDirectory.VirtualAddress dd ?
               ResourceDirectory.Size dd ?

     ExceptionDirectory:
             ExceptionDirectory.VirtualAddress dd ?
              ExceptionDirectory.Size dd ?

    SecurityDirectory:
              SecurityDirectory.VirtualAddress dd ?
               SecurityDirectory.Size dd ?

     BaseRelocationTable:
            BaseRelocationTable.VirtualAddress dd ?
             BaseRelocationTable.Size dd ?

   DebugDirectory:
         DebugDirectory.VirtualAddress dd ?
          DebugDirectory.Size dd ?

        ArchitectureSpecific:
           ArchitectureSpecific.VirtualAddress dd ?
            ArchitectureSpecific.Size dd ?

  GlobalPointer:
          GlobalPointer.VirtualAddress dd ?
           GlobalPointer.Size dd ?

 TLSDirectory:
           TLSDirectory.VirtualAddress dd ?
            TLSDirectory.Size dd ?

  LoadConfigDirectory:
            LoadConfigDirectory.VirtualAddress dd ?
             LoadConfigDirectory.Size dd ?

   BoundImportDirectory:
           BoundImportDirectory.VirtualAddress dd ?
            BoundImportDirectory.Size dd ?

  ImportAddressTable:
             ImportAddressTable.VirtualAddress dd ?
              ImportAddressTable.Size dd ?

    DelayLoadIAT:
           DelayLoadIAT.VirtualAddress dd ?
            DelayLoadIAT.Size dd ?

  CLRHeader:
              CLRHeader.VirtualAddress dd ?
               CLRHeader.Size dd ?


 DataDirectory.Size = $ - DataDirectory

    
Post 14 Aug 2007, 22:10
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.