flat assembler
Message board for the users of flat assembler.
Index
> Windows > Section writable at runtime? Goto page 1, 2 Next |
Author |
|
revolution 17 Feb 2009, 09:02
Look at VirtualProtectEx in the Win32 help. You can change access permissions of the process.
|
|||
17 Feb 2009, 09:02 |
|
Azu 17 Feb 2009, 09:12
Thanks.. I meant BEFORE my code that imports Win32 functions, though. Basically before anything else is ran. Is there no way to do it in asm?
|
|||
17 Feb 2009, 09:12 |
|
revolution 17 Feb 2009, 09:18
You can make your own import table and give the OS a minimal import table to use. Clearly you need at least one imported function else the OS loader cannot load your exe, but the remaining functions can be located at runtime. Requires a bit of coding though and I don't think it would be worth the effort.
Of course you do know about the section directive right? |
|||
17 Feb 2009, 09:18 |
|
Azu 17 Feb 2009, 09:24
revolution wrote: You can make your own import table and give the OS a minimal import table to use. Clearly you need at least one imported function else the OS loader cannot load your exe, but the remaining functions can be located at runtime. Requires a bit of coding though and I don't think it would be worth the effort. |
|||
17 Feb 2009, 09:24 |
|
revolution 17 Feb 2009, 09:27
At runtime is the VirtualProtectEx I wrote above. You can allocate memory with VirtualAlloc also and set the permissions at that time.
|
|||
17 Feb 2009, 09:27 |
|
revolution 17 Feb 2009, 09:33
I'm not 100% sure about what you mean. But here goes ...
IIRC the 512 byte thing is an OS fixed parameter. You must have your sections aligned in the file at 512 bytes. The only way to get a smaller section is with a native exe (format PE native) which has an alignment of 0x20 for both the file and the memory (1:1 mapping) generally used for drivers though so maybe not useful for a normal app. |
|||
17 Feb 2009, 09:33 |
|
revolution 17 Feb 2009, 09:36
Azu wrote: Is there a way to do it before importing win32 apis though?
|
|||
17 Feb 2009, 09:36 |
|
Azu 17 Feb 2009, 09:41
revolution wrote: At runtime is the VirtualProtectEx I wrote above. You can allocate memory with VirtualAlloc also and set the permissions at that time. Okay basically here is how I have it now ~~~ executable writable section: get the win32 functions I need store them here code which uses win32 functions ~~~ It won't work without the section being writable, but if it's set in the header as writable it triggers heuristics. So I thought maybe something like this ~~~ executable section: change section to be writable get the win32 functions I need store them here code which uses win32 functions ~~~ But I don't know how to do that before I get the win32 functions revolution wrote: I'm not 100% sure about what you mean. But here goes ... I tried using "format PE native" instead of "format PE" but it still adds 512 bytes for each section, and the align command doesn't work either. |
|||
17 Feb 2009, 09:41 |
|
revolution 17 Feb 2009, 09:44
You can always change the executable section permissions (after step 4) with VitualProtectEx, no problem. Then you can write whatever you want to that section. It just becomes another data section (and an executable section).
But like I mentioned, you will need at least one import for the loader to recognise your exe. That part you cannot avoid if you want reliable operation. Actually I have a thread here somewhere about a program with no imports. Although it only works on some versions of Windows. Search for it if you are interested. Last edited by revolution on 17 Feb 2009, 09:46; edited 1 time in total |
|||
17 Feb 2009, 09:44 |
|
Azu 17 Feb 2009, 09:46
So it's impossible to do it before I have got the win32 function table set up?
|
|||
17 Feb 2009, 09:46 |
|
revolution 17 Feb 2009, 09:50
Azu wrote: So it's impossible to do it before I have got the win32 function table set up? |
|||
17 Feb 2009, 09:50 |
|
Azu 17 Feb 2009, 09:53
revolution wrote:
Is it then impossible to make a 1KB program for windows without setting off heuristics? |
|||
17 Feb 2009, 09:53 |
|
revolution 17 Feb 2009, 09:56
Azu wrote: Is it then impossible to make a 1KB program for windows without setting off heuristics? |
|||
17 Feb 2009, 09:56 |
|
Azu 17 Feb 2009, 09:58
So no ways to set it writable without win32, and no ways to make section below 512byte?
Okay.. well thanks for your time. You saved me a lot of headache trying to find a way. Edit: wait the format PE native does work, my mistake. I didn't know it would make the file as .sys instead of .exe so I was looking at the old .exe and seeing it not get smaller. I can't figure out how to run the .sys though. I tried renaming it to .exe and .com but it won't run.. can't run it in dosbox either.. hmm.. I'll post back here if I find a way to run it. |
|||
17 Feb 2009, 09:58 |
|
Grom PE 17 Feb 2009, 11:02
Azu, keep in mind that by reducing your file by 511 bytes (at best) won't reduce disk space usage, since the smallest cluster size is 512 bytes. It won't save much when archived, either, because it's only zero block.
But if you really want, nothing stops you from writing PE in binary mode like this: http://board.flatassembler.net/topic.php?t=8632 Or maybe modifying fasm so it won't align the last section physical size. |
|||
17 Feb 2009, 11:02 |
|
Azu 17 Feb 2009, 11:10
Grom PE wrote: Azu, keep in mind that by reducing your file by 511 bytes (at best) won't reduce disk space usage, since the smallest cluster size is 512 bytes. It won't save much when archived, either, because it's only zero block. Guess I will keep looking ^^ thanks anyways. |
|||
17 Feb 2009, 11:10 |
|
revolution 17 Feb 2009, 11:47
I posted this somewhere previously, but here it is again:
Code: format binary BaseAddress=0x400000 SectionAlignment=0x1000 FileAlignment=0x200 org BaseAddress RVA equ -BaseAddress+ curr_file_offset=0 curr_section_num equ 0 Section0_start=$ curr_checksum=0 section@virtualLength=0 macro file_align v* { local a virtual align v a=$-$$ end virtual times a db 0 } DOS_Header: .e_magic dw 'MZ' .e_cblp dw 0x0080 .e_cp dw 0x0001 .e_crlc dw 0x0000 .e_cparhdr dw 0x0004 .e_minalloc dw 0x0008 .e_maxalloc dw 0x0008 .e_ss dw 0x0004 .e_sp dw 0x0080 .e_csum dw 0x0000 .e_ip dw 0x0000 .e_cs dw 0x0000 .e_lfarlc dw 0x0040 .e_ovno dw 0x0000 .e_res rw 4 .e_oemid dw 0x0000 .e_oeminfo dw 0x0000 .e_res2 rw 10 .e_lfanew dd RVA PE_header DOS_stub: use16 push cs pop ds mov ah,9 mov dx,.message-DOS_stub int 21h mov ax,4cffh int 21h .message: db 'Minimum - Win95',0dh,0ah,'$' use32 file_align 4 PE_header: .Signature dd 'PE' FileHeader: .Machine dw 0x014c .NumberOfSections dw NumberOfSections .TimeDateStamp dd %t .PointerToSymbolTable dd 0 .NumberOfSymbols dd 0 .SizeOfOptionalHeader dw SectionTable-OptionalHeader .Characteristics dw 0x010f OptionalHeader: .Magic dw 0x010b .MajorLinkerVersion db 0 .MinerLinkerVersion db 0 .SizeOfCode dd 0 .SizeOfInitializedData dd 0 .SizeOfUnInitializedData dd 0 .AddressOfEntryPoint dd RVA Entry@Start .BaseOfCode dd 0 .BaseOfData dd 0 .ImageBase dd BaseAddress .SectionAlignment dd SectionAlignment .FileAlignment dd FileAlignment .MajorOSVersion dw 1 .MinorOSVersion dw 0 .MajorImageVersion dw 0 .MinorImageVersion dw 0 .MajorSubSystemVersion dw 4 .MinorSubSystemVersion dw 0 .Win32VersionValue dd 0 .SizeOfImage dd SizeOfImage .SizeOfHeaders dd Section0_length .CheckSum dd 0 .SubSystem dw 2 ;GUI .DLLCharacteristics dw 0 .SizeOfStackReserve dd 0x1000 .SizeOfStackCommit dd 0x1000 .SizeOfHeapReserve dd 0x10000 .SizeOfHeapCommit dd 0 .LoaderFlags dd 0 .NumberOfDataDirectories dd (SectionTable-Data_Directories)shr 3 Data_Directories: .Export_Table dd 0,0 .Import_Table dd RVA ImportSection,ImportSection.length if 1 .Resource_Table dd 0,0 .Exception_Table dd 0,0 .Certificate_Table dd 0,0 .Relocation_Table dd 0,0 .Debug_Data dd 0,0 .Architecture dd 0,0 .Global_PTR dd 0,0 .TLS_Table dd 0,0 .Load_Config_Table dd 0,0 .BoundImportTable dd 0,0 .ImportAddressTable dd 0,0 .DelayImportDescriptor dd 0,0 .COMplusRuntimeHeader dd 0,0 .Reserved dd 0,0 end if SectionTable: rept 32 num { if num<=NumberOfSections Section#num: .Name dq Section#num#_name .VirtualSize dd Section#num#_length .VirtualAddress dd RVA Section#num#_start .SizeOfRawData dd Section#num#_file_length .PointerToRawData dd Section#num#_file_start .PointerToRelocations dd 0 .PointerToLinenumbers dd 0 .NumberOfRelocations dw 0 .NumberOfLinenumbers dw 0 .Characteristics dd Section#num#_characteristics end if } file_align FileAlignment macro update_checksum { local j repeat ($-$$)/2 load j word from (%-1)*2+$$ curr_checksum=curr_checksum+j curr_checksum=(curr_checksum and 0xffff)+(curr_checksum shr 16) end repeat if curr_section_num=0 store dword final_checksum at OptionalHeader.CheckSum end if } macro .section_finish { match num,curr_section_num\{ Section\#num\#_length=($+section@virtualLength)-Section\#num\#_start file_align FileAlignment update_checksum Section\#num\#_file_length=$-Section\#num\#_start curr_file_offset=curr_file_offset+$-Section\#num\#_start if Section\#num\#_length=0 org (($+section@virtualLength)+SectionAlignment)and(not(SectionAlignment-1)) else org (($+section@virtualLength)+SectionAlignment-1)and(not(SectionAlignment-1)) end if section@virtualLength=0 \} } macro .section name*,characteristics* { .section_finish match s,curr_section_num\{rept 2 n:s\\{curr_section_num equ n\\}\} match num,curr_section_num\{ Section\#num\#_start=$ Section\#num\#_file_start=curr_file_offset Section\#num\#_characteristics=characteristics Section\#num\#_name=name \} } macro .end start* { .section_finish SizeOfImage=RVA $ NumberOfSections=curr_section_num Entry@Start=start final_checksum=curr_checksum+curr_file_offset } .section '.text',0xe0000020 ;read write execute Start: pushd 0 pushd Caption pushd Text pushd 0 call [MessageBox] pushd 0 call [ExitProcess] .section '.data',0xc0000040 ;read write Caption db 'Caption',0 Text db 'Text',0 .section '.udata',0xc0000040 ;read write virtual rd 1280 section@virtualLength=$-$$ end virtual .section '.idata',0xc0000040 ;read write ImportSection: dd 0,0,0,RVA kernel_name,RVA kernel_table dd 0,0,0,RVA user_name,RVA user_table dd 0,0,0,0,0 _ExitProcess db 0,0,'ExitProcess',0 _MessageBox db 0,0,'MessageBoxA',0 kernel_name db 'KERNEL32.DLL',0 user_name db 'USER32.DLL',0 file_align 4 kernel_table: ExitProcess dd RVA _ExitProcess dd 0 user_table: MessageBox dd RVA _MessageBox dd 0 ImportSection.length=$-ImportSection .end Start |
|||
17 Feb 2009, 11:47 |
|
Azu 17 Feb 2009, 11:53
Thanks.. I guess it is impossible. If I change the FileAlignment (the SectionAlignment doesn't do anything) to anything besides 0x200 I get the "is not a valid Win32 application" error. I think that means it is a 16bit program whenever the sections aren't 512 byte aligned. Oh well..
|
|||
17 Feb 2009, 11:53 |
|
Grom PE 17 Feb 2009, 11:55
Azu wrote: None of the raw PE examples I could find on this forum are 32bit though :( the one you linked to is also 16bit. There's no PE format with 16-bit code, you're confusing it with DOS stub. |
|||
17 Feb 2009, 11:55 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.