flat assembler
Message board for the users of flat assembler.

Index > Windows > EOFEXTRACT - Function for extract the EOF of a file .exe

Author
Thread Post new topic Reply to topic
krackwar



Joined: 24 May 2008
Posts: 13
Location: Chile
krackwar
EOF = END OF FILE
Code:
;@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
;@                                     @
;@   EOFEXTRACT by krackwar            @
;@   krackwar@hotmail.com              @
;@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
include 'win32ax.inc'
.code
start:
stdcall EOFEXTRACT,"C:\archivo.exe"
xor ebx,ebx
mov ebx,eax
 invoke GlobalAlloc,GPTR,4
push eax
invoke wsprintf,eax,"0x%x",ebx
pop eax
push eax
invoke MessageBox,0,eax,"EOF data",0
pop eax
 
invoke GlobalFree,eax
invoke ExitProcess,0
proc EOFEXTRACT,ruta
 locals
    DireccionPE dd ?
    bUsados dd ?
    PE dd ?
    NumeroSecciones dd ?
    BeginLastSection   dd ?
    hFile   dd ?
    EOF dd ?
    tamAr   dd ?
    PointerToRawData dd ?
    IB      dd ?
    SizeOfRawData dd ?
 endl
invoke  CreateFile, [ruta], GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0
mov [hFile], eax
invoke  GetFileSize, [hFile], 0
mov [tamAr], eax
invoke  GlobalAlloc, GPTR, eax
mov [IB], eax
invoke  ReadFile, [hFile], [IB], [tamAr], addr bUsados, 0
mov ebx ,[IB]
add ebx, 0x3c
mov eax,dword[ebx]
mov [DireccionPE] ,eax
xor ebx,ebx
mov ebx,[IB]
add ebx,eax
mov [PE],ebx
add ebx,0x6
xor edx,edx
mov dx,word[ebx]
mov [NumeroSecciones],edx
mov eax,$28
mov ebx,[NumeroSecciones]
dec ebx
mul ebx
xor edx,edx
mov edx,[DireccionPE]
add edx,$F8
add edx,eax
mov [BeginLastSection],edx
xor eax,eax
xor ebx,ebx
xor edx,edx
mov eax,[IB]
mov edx,[BeginLastSection]
add eax,edx
add eax,16
mov ebx,DWORD[eax]
mov [SizeOfRawData],ebx
add eax,4
xor ebx,ebx
mov ebx,DWORD[eax]
mov [PointerToRawData],ebx
xor ebx,ebx
xor eax,eax
mov  edx, [PointerToRawData]
mov ebx,[SizeOfRawData]
add ebx,edx
mov [EOF],ebx
mov eax,[EOF]
ret
endp
 
.end start
    
Post 15 Mar 2009, 22:08
View user's profile Send private message Reply with quote
Grom PE



Joined: 13 Mar 2008
Posts: 114
Location: i@grompe.org.ru
Grom PE
I think you mean overlay offset of PE file.
Post 16 Mar 2009, 00:22
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
And there's a big difference.

Personally, for storing legitimate data at the end of an exe, I use an 8-byte (magic,offset) header at the end of the exe
Post 16 Mar 2009, 02:12
View user's profile Send private message Visit poster's website Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
How do digital signatures work?
Post 16 Mar 2009, 03:03
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
comrade wrote:
How do digital signatures work?
Good question.

I think the PE-exe variant is to include it as a special PE resource, and exclude the section-with-digital-signature-in from hash/verification?

_________________
Image - carpe noctem
Post 16 Mar 2009, 03:24
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.