sectionHeaders:
db ".text", 0, 0, 0 ; Name
dd SECTION_ALIGN(RAW_CODE.SIZE) ; VirtualSize
dd code ; VirtualAddress
dd RAW_CODE.SIZE ; SizeOfRawData
dd RAW_CODE ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x60000020 ; Characteristics
db ".data", 0, 0, 0 ; Name
dd SECTION_ALIGN(RAW_DATA.SIZE) ; VirtualSize
dd data ; VirtualAddress
dd RAW_DATA.SIZE ; SizeOfRawData
dd RAW_DATA ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0xC0000040 ; Characteristics
align FILE_ALIGNMENT, db 0
RAW_HEADER.SIZE equ $ - header
; ******************************************************************************************************
RAW_CODE equ RAW_HEADER.SIZE
section .text vstart=SECTION_ALIGN($)
code:
; (code here)
entryPoint:
xor eax, eax
ret
; (code here too)
align FILE_ALIGNMENT, db 0
RAW_CODE.SIZE equ $ - code
; ******************************************************************************************************
RAW_DATA equ RAW_CODE + RAW_CODE.SIZE
section .data vstart=SECTION_ALIGN($)
data:
; (initialized data here)
align FILE_ALIGNMENT, db 0
RAW_DATA.SIZE equ $ - data
; ******************************************************************************************************
IMAGE_SIZE equ SECTION_ALIGN($)
;-----------------------------------------------------------------------------
; Address calculation macros:
; Thanks to S_Tec of Northern Dragons
;-----------------------------------------------------------------------------
; Round a physical size up to a virtual size:
%define _round(size) (( size + SECTION-1 ) & ~(SECTION-1))
; Make an RVA out of a label in the .text section:
%define __rva(label) _head_vsize + label - _text_start
; exetest.asm
SECTIONS equ 2
TIME_DATE equ 0
IMAGE_BASE equ 0x400000
SECTION_ALIGNMENT equ 0x1000
FILE_ALIGNMENT equ 0x200
BSS_SIZE equ 0
%define nagoa_round(size) ((size + SECTION_ALIGNMENT - 1) & ~(SECTION_ALIGNMENT - 1))
bits 32
org IMAGE_BASE
; ******************************************************************************************************
header:
dw "MZ" ; e_magic
dw 0 ; e_cblp
dw 0 ; e_cp
dw 0 ; e_crlc
dw 0 ; e_cparhdr
dw 0 ; e_minalloc
dw 0 ; e_maxalloc
dw 0 ; e_ss
dw 0 ; e_sp
dw 0 ; e_csum
dw 0 ; e_ip
dw 0 ; e_cs
dw 0 ; e_lsarlc
dw 0 ; e_ovno
dq 0 ; e_res
dw 0 ; e_oemid
dw 0 ; e_oeminfo
dq 0, 0 ; e_res2
dd imageHeader - IMAGE_BASE ; e_lfanew
imageHeader:
dd "PE" ; Signature
dw 0x014C ; Machine
dw SECTIONS ; NumberOfSections
dd TIME_DATE ; TimeDateStamp
dd 0 ; PointerToSymbolTable
dd 0 ; NumberOfSymbols
dw optionalHeader.SIZE ; SizeOfOptionalHeader
dw 0x0303 ; Characteristics
optionalHeader:
dw 0x10B ; Magic
db 0 ; MajorLinkerVersion
db 0 ; MinorLinkerVersion
dd nagoa_round(RAW_CODE.SIZE) ; SizeOfCode
dd nagoa_round(RAW_DATA.SIZE) ; SizeOfInitializedData
dd nagoa_round(BSS_SIZE) ; SizeOfUninitializedData
dd entryPoint - IMAGE_BASE ; AddressOfEntryPoint
dd code - IMAGE_BASE ; BaseOfCode
dd data - IMAGE_BASE ; BaseOfData
dd IMAGE_BASE ; ImageBase
dd SECTION_ALIGNMENT ; SectionAlignment
dd FILE_ALIGNMENT ; FileAlignment
dw 4 ; MajorOperatingSystemVersion
dw 0 ; MinorOperatingSystemVersion
dw 0 ; MajorImageVersion
dw 0 ; MinorImageVersion
dw 4 ; MajorSubsystemVersion
dw 0 ; MinorSubsystemVersion
dd 0 ; Win32VersionValue
dd IMAGE_END - IMAGE_BASE ; SizeOfImage
dd RAW_HEADER.SIZE ; SizeOfHeaders
dd 0 ; CheckSum
dw 2 ; Subsystem
dw 0 ; DllCharacteristics
dd 0x40000 ; SizeOfStackReserve
dd 0x6000 ; SizeOfStackCommit
dd 0x100000 ; SizeOfHeapReserve
dd 0x1000 ; SizeOfHeapCommit
dd 0 ; LoaderFlags
dd 16 ; NumberOfRvaAndSizes
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_RESOURCE
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXCEPTION
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_SECURITY
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BASERELOC
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DEBUG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COPYRIGHT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_GLOBALPTR
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_TLS
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IAT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
dd 0, 0 ; reserved
optionalHeader.SIZE equ $ - optionalHeader
sectionHeaders:
db ".text", 0, 0, 0 ; Name
dd nagoa_round(RAW_CODE.SIZE) ; VirtualSize
dd code ; VirtualAddress
dd RAW_CODE.SIZE ; SizeOfRawData
dd RAW_CODE.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x60000020 ; Characteristics
db ".data", 0, 0, 0 ; Name
dd nagoa_round(RAW_DATA.SIZE) ; VirtualSize
dd data ; VirtualAddress
dd RAW_DATA.SIZE ; SizeOfRawData
dd RAW_DATA.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0xC0000040 ; Characteristics
align FILE_ALIGNMENT, db 0
RAW_HEADER.SIZE equ $ - header
; ******************************************************************************************************
section .text vstart=nagoa_round($)
code:
entryPoint:
xor eax, eax
ret
align FILE_ALIGNMENT, db 0
RAW_CODE.OFFSET equ RAW_HEADER.SIZE
RAW_CODE.SIZE equ $ - code
; ******************************************************************************************************
section .data vstart=nagoa_round($)
data:
db "An unused string"
align FILE_ALIGNMENT, db 0
RAW_DATA.OFFSET equ RAW_CODE.OFFSET + RAW_CODE.SIZE
RAW_DATA.SIZE equ $ - data
; ******************************************************************************************************
IMAGE_END equ nagoa_round($)
exetest.asm:193: error: `&' operator may only be applied to scalar values
exetest.asm:153: error: `&' operator may only be applied to scalar values
exetest.asm:176: error: `&' operator may only be applied to scalar values
; exetest3.nsm
[MAP ALL exetest3.map] ;; use this to generate a MAP file of useful information.
SECTIONS equ 2
TIME_DATE equ 0
IMAGE_BASE equ 0x400000
SECTION_ALIGNMENT equ 0x1000
FILE_ALIGNMENT equ 0x200
BSS_SIZE equ 0
%define nagoa_round(size) ((size + SECTION_ALIGNMENT - 1) & ~(SECTION_ALIGNMENT - 1))
bits 32
org IMAGE_BASE
; ******************************************************************************************************
SECTION .text ;; if the header is part of the image, define it as section .text because .text is put
;; first in the image, and rename the code section as section .code
header:
dw "MZ" ; e_magic
dw 0 ; e_cblp
dw 0 ; e_cp
dw 0 ; e_crlc
dw 0 ; e_cparhdr
dw 0 ; e_minalloc
dw 0 ; e_maxalloc
dw 0 ; e_ss
dw 0 ; e_sp
dw 0 ; e_csum
dw 0 ; e_ip
dw 0 ; e_cs
dw 0 ; e_lsarlc
dw 0 ; e_ovno
dq 0 ; e_res
dw 0 ; e_oemid
dw 0 ; e_oeminfo
dq 0, 0 ; e_res2
dd imageHeader - IMAGE_BASE ; e_lfanew
imageHeader:
dd "PE" ; Signature
dw 0x014C ; Machine
dw SECTIONS ; NumberOfSections
dd TIME_DATE ; TimeDateStamp
dd 0 ; PointerToSymbolTable
dd 0 ; NumberOfSymbols
dw optionalHeader.SIZE ; SizeOfOptionalHeader
dw 0x0303 ; Characteristics
optionalHeader:
dw 0x10B ; Magic
db 0 ; MajorLinkerVersion
db 0 ; MinorLinkerVersion
dd nagoa_round(RAW_CODE.SIZE) ; SizeOfCode
dd nagoa_round(RAW_DATA.SIZE) ; SizeOfInitializedData
dd nagoa_round(BSS_SIZE) ; SizeOfUninitializedData
dd entryPoint - IMAGE_BASE ; AddressOfEntryPoint
dd code - IMAGE_BASE ; BaseOfCode
dd data - IMAGE_BASE ; BaseOfData
dd IMAGE_BASE ; ImageBase
dd SECTION_ALIGNMENT ; SectionAlignment
dd FILE_ALIGNMENT ; FileAlignment
dw 4 ; MajorOperatingSystemVersion
dw 0 ; MinorOperatingSystemVersion
dw 0 ; MajorImageVersion
dw 0 ; MinorImageVersion
dw 4 ; MajorSubsystemVersion
dw 0 ; MinorSubsystemVersion
dd 0 ; Win32VersionValue
;; dd IMAGE_END - IMAGE_BASE ; SizeOfImage
dd (RAW_HEADER.SIZE + RAW_CODE.SIZE + RAW_DATA.SIZE)
dd RAW_HEADER.SIZE ; SizeOfHeaders
dd 0 ; CheckSum
dw 2 ; Subsystem
dw 0 ; DllCharacteristics
dd 0x40000 ; SizeOfStackReserve
dd 0x6000 ; SizeOfStackCommit
dd 0x100000 ; SizeOfHeapReserve
dd 0x1000 ; SizeOfHeapCommit
dd 0 ; LoaderFlags
dd 16 ; NumberOfRvaAndSizes
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_RESOURCE
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXCEPTION
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_SECURITY
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BASERELOC
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DEBUG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COPYRIGHT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_GLOBALPTR
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_TLS
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IAT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
dd 0, 0 ; reserved
optionalHeader.SIZE equ $ - optionalHeader
sectionHeaders:
db ".text", 0, 0, 0 ; Name
dd nagoa_round(RAW_CODE.SIZE) ; VirtualSize
dd code ; VirtualAddress
dd RAW_CODE.SIZE ; SizeOfRawData
dd RAW_CODE.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x60000020 ; Characteristics
db ".data", 0, 0, 0 ; Name
dd nagoa_round(RAW_DATA.SIZE) ; VirtualSize
dd data ; VirtualAddress
dd RAW_DATA.SIZE ; SizeOfRawData
dd RAW_DATA.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0xC0000040 ; Characteristics
align FILE_ALIGNMENT, db 0
RAW_HEADER.SIZE equ $ - header
; ******************************************************************************************************
;;section .text vstart=nagoa_round($)
section .code
code:
entryPoint:
xor eax, eax
ret
align FILE_ALIGNMENT, db 0
RAW_CODE.OFFSET equ RAW_HEADER.SIZE
RAW_CODE.SIZE equ $ - code ;; $-$$ also gives the size of section .code
; ******************************************************************************************************
;;section .data vstart=nagoa_round($)
section .data
data:
db "An unused string"
align FILE_ALIGNMENT, db 0
RAW_DATA.OFFSET equ RAW_CODE.OFFSET + RAW_CODE.SIZE
RAW_DATA.SIZE equ $ - data ;; $-$$ also gives the size of section .data
; ******************************************************************************************************
;;IMAGE_END equ nagoa_round($)
IMAGE_END equ $
;; -- eof --
Segment - | Raw offset - | Virtual address |
header | 0 | 0x400000 |
.code | 0x200 | 0x401000 |
.data | 0x400 | 0x402000 |
Each OS has its own way of mandating where stuff gets loaded.This is not the case, at least for windows : each executable file must specify every location of its segments.
Section - | Raw file offset - | Virtual address - | Size |
header | 0 | 0x400000 | 0x188 |
.code | 0x200 | 0x401000 | 3 |
.data | 0x400 | 0x402000 | 16 |
Section - | Raw file offset - | Virtual address - | Size |
header | 0 | 0x400000 | 0x188 |
.code | 0x200 | 0x401000 | 0x203 |
.data | 0x600 | 0x402000 | 16 |
Section - | Raw file offset - | Virtual address - | Size |
header | 0 | 0x400000 | 0x188 |
.code | 0x200 | 0x401000 | 0x1003 |
.data | 0x1300 | 0x403000 | 16 |
[MAP ALL exetest5.map] ;; use this to generate a MAP file of useful information.
; exetest.asm
SECTIONS equ 2
TIME_DATE equ 0
IMAGE_BASE equ 0x400000
SECTION_ALIGNMENT equ 0x1000
FILE_ALIGNMENT equ 0x200
BSS_SIZE equ 0
%define nagoa_round(size) ((size + SECTION_ALIGNMENT - 1) & ~(SECTION_ALIGNMENT - 1))
bits 32
org IMAGE_BASE
section .text
; ******************************************************************************************************
;;SECTION .text vstart=400000h
;; if the header is part of the image, define it as section .text because .text is put
;; first in the image, and rename the code section as section .code
header:
dw "MZ" ; e_magic
dw 0 ; e_cblp
dw 0 ; e_cp
dw 0 ; e_crlc
dw 0 ; e_cparhdr
dw 0 ; e_minalloc
dw 0 ; e_maxalloc
dw 0 ; e_ss
dw 0 ; e_sp
dw 0 ; e_csum
dw 0 ; e_ip
dw 0 ; e_cs
dw 0 ; e_lsarlc
dw 0 ; e_ovno
dq 0 ; e_res
dw 0 ; e_oemid
dw 0 ; e_oeminfo
dd 0,0,0,0,0 ; e_res2
dd imageHeader - IMAGE_BASE ; e_lfanew
imageHeader:
dd "PE" ; Signature
dw 0x014C ; Machine
dw SECTIONS ; NumberOfSections
dd TIME_DATE ; TimeDateStamp
dd 0 ; PointerToSymbolTable
dd 0 ; NumberOfSymbols
dw optionalHeader.SIZE ; SizeOfOptionalHeader
dw 0x0303 ; Characteristics
optionalHeader:
dw 0x10B ; Magic
db 0 ; MajorLinkerVersion
db 0 ; MinorLinkerVersion
dd nagoa_round(RAW_CODE.SIZE) ; SizeOfCode
dd nagoa_round(RAW_DATA.SIZE) ; SizeOfInitializedData
dd nagoa_round(BSS_SIZE) ; SizeOfUninitializedData
dd entryPoint - IMAGE_BASE ; AddressOfEntryPoint
dd code - IMAGE_BASE ; BaseOfCode
dd data - IMAGE_BASE ; BaseOfData
dd IMAGE_BASE ; ImageBase
dd SECTION_ALIGNMENT ; SectionAlignment
dd FILE_ALIGNMENT ; FileAlignment
dw 4 ; MajorOperatingSystemVersion
dw 0 ; MinorOperatingSystemVersion
dw 0 ; MajorImageVersion
dw 0 ; MinorImageVersion
dw 4 ; MajorSubsystemVersion
dw 0 ; MinorSubsystemVersion
dd 0 ; Win32VersionValue
;; dd IMAGE_END - IMAGE_BASE ; SizeOfImage
dd (RAW_HEADER.SIZE + RAW_CODE.SIZE + RAW_DATA.SIZE)
dd RAW_HEADER.SIZE ; SizeOfHeaders
dd 0 ; CheckSum
dw 2 ; Subsystem
dw 0 ; DllCharacteristics
dd 0x40000 ; SizeOfStackReserve
dd 0x6000 ; SizeOfStackCommit
dd 0x100000 ; SizeOfHeapReserve
dd 0x1000 ; SizeOfHeapCommit
dd 0 ; LoaderFlags
dd 16 ; NumberOfRvaAndSizes
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_RESOURCE
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXCEPTION
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_SECURITY
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BASERELOC
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DEBUG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COPYRIGHT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_GLOBALPTR
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_TLS
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IAT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
dd 0, 0 ; reserved
optionalHeader.SIZE equ $ - optionalHeader
sectionHeaders:
db ".text", 0, 0, 0 ; Name
dd nagoa_round(RAW_CODE.SIZE) ; VirtualSize
dd code ; VirtualAddress
dd RAW_CODE.SIZE ; SizeOfRawData
dd RAW_CODE.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x60000020 ; Characteristics
db ".data", 0, 0, 0 ; Name
dd nagoa_round(RAW_DATA.SIZE) ; VirtualSize
dd data ; VirtualAddress
dd RAW_DATA.SIZE ; SizeOfRawData
dd RAW_DATA.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0xC0000040 ; Characteristics
align FILE_ALIGNMENT, db 0
;;align SECTION_ALIGNMENT, db 0
RAW_HEADER.SIZE equ $ - header
; ******************************************************************************************************
;;section .text vstart=nagoa_round($)
;;section .code vstart=401000h
VS_CODE EQU (IMAGE_BASE + ((1+(RAW_HEADER.SIZE >> 12)) * SECTION_ALIGNMENT))
section .code vstart=VS_CODE
code:
entryPoint:
xor eax, eax
ret
TIMES 1000h db 90h ;; nop
align FILE_ALIGNMENT, db 0
;;align SECTION_ALIGNMENT, db 0
RAW_CODE.OFFSET equ RAW_HEADER.SIZE
RAW_CODE.SIZE equ $ - code ;; $-$$ also gives the size of section .code
; ******************************************************************************************************
;;section .data vstart=nagoa_round($)
;;section .data vstart=402000h
VS_DATA EQU (VS_CODE + ((1+(RAW_CODE.SIZE >> 12)) * SECTION_ALIGNMENT))
section .data vstart=VS_DATA
data:
db "An unused string"
align FILE_ALIGNMENT, db 0
;;align SECTION_ALIGNMENT, db 0
RAW_DATA.OFFSET equ RAW_CODE.OFFSET + RAW_CODE.SIZE
RAW_DATA.SIZE equ $ - data ;; $-$$ also gives the size of section .data
; ******************************************************************************************************
;;IMAGE_END equ nagoa_round($)
IMAGE_END equ $
;; -- eof --
[MAP ALL exetest6.map] ;; use this to generate a MAP file of useful information.
; exetest.asm
SECTIONS equ 2
TIME_DATE equ 0
IMAGE_BASE equ 0x400000
SECTION_ALIGNMENT equ 0x1000
FILE_ALIGNMENT equ 0x200
BSS_SIZE equ 0
%define nagoa_round(size) ((size + SECTION_ALIGNMENT - 1) & ~(SECTION_ALIGNMENT - 1))
bits 32
org IMAGE_BASE
section .text
;;******************************************************************************************************
;; if the header is part of the image, define it as section .text because .text is put
;; first in the image, and rename the code section as section .code
header:
dw "MZ" ; e_magic
dw 0 ; e_cblp
dw 0 ; e_cp
dw 0 ; e_crlc
dw 0 ; e_cparhdr
dw 0 ; e_minalloc
dw 0 ; e_maxalloc
dw 0 ; e_ss
dw 0 ; e_sp
dw 0 ; e_csum
dw 0 ; e_ip
dw 0 ; e_cs
dw 0 ; e_lsarlc
dw 0 ; e_ovno
dq 0 ; e_res
dw 0 ; e_oemid
dw 0 ; e_oeminfo
dd 0,0,0,0,0 ; e_res2
dd imageHeader - IMAGE_BASE ; e_lfanew
imageHeader:
dd "PE" ; Signature
dw 0x014C ; Machine
dw SECTIONS ; NumberOfSections
dd TIME_DATE ; TimeDateStamp
dd 0 ; PointerToSymbolTable
dd 0 ; NumberOfSymbols
dw optionalHeader.SIZE ; SizeOfOptionalHeader
dw 0x0303 ; Characteristics
optionalHeader:
dw 0x10B ; Magic
db 0 ; MajorLinkerVersion
db 0 ; MinorLinkerVersion
dd nagoa_round(RAW_CODE.SIZE) ; SizeOfCode
dd nagoa_round(RAW_DATA.SIZE) ; SizeOfInitializedData
dd nagoa_round(BSS_SIZE) ; SizeOfUninitializedData
dd entryPoint - IMAGE_BASE ; AddressOfEntryPoint
dd code - IMAGE_BASE ; BaseOfCode
dd data - IMAGE_BASE ; BaseOfData
dd IMAGE_BASE ; ImageBase
dd SECTION_ALIGNMENT ; SectionAlignment
dd FILE_ALIGNMENT ; FileAlignment
dw 4 ; MajorOperatingSystemVersion
dw 0 ; MinorOperatingSystemVersion
dw 0 ; MajorImageVersion
dw 0 ; MinorImageVersion
dw 4 ; MajorSubsystemVersion
dw 0 ; MinorSubsystemVersion
dd 0 ; Win32VersionValue
;; dd IMAGE_END - IMAGE_BASE ; SizeOfImage
dd (RAW_HEADER.SIZE + RAW_CODE.SIZE + RAW_DATA.SIZE)
dd RAW_HEADER.SIZE ; SizeOfHeaders
dd 0 ; CheckSum
dw 2 ; Subsystem
dw 0 ; DllCharacteristics
dd 0x40000 ; SizeOfStackReserve
dd 0x6000 ; SizeOfStackCommit
dd 0x100000 ; SizeOfHeapReserve
dd 0x1000 ; SizeOfHeapCommit
dd 0 ; LoaderFlags
dd 16 ; NumberOfRvaAndSizes
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_RESOURCE
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXCEPTION
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_SECURITY
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BASERELOC
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DEBUG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COPYRIGHT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_GLOBALPTR
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_TLS
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_IAT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
dd 0, 0 ; reserved
optionalHeader.SIZE equ $ - optionalHeader
sectionHeaders:
db ".text", 0, 0, 0 ; Name
dd nagoa_round(RAW_CODE.SIZE) ; VirtualSize
dd code ; VirtualAddress
dd RAW_CODE.SIZE ; SizeOfRawData
dd RAW_CODE.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x60000020 ; Characteristics
db ".data", 0, 0, 0 ; Name
dd nagoa_round(RAW_DATA.SIZE) ; VirtualSize
dd data ; VirtualAddress
dd RAW_DATA.SIZE ; SizeOfRawData
dd RAW_DATA.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0xC0000040 ; Characteristics
align FILE_ALIGNMENT, db 0
RAW_HEADER.SIZE equ $ - header
;;******************************************************************************************************
;; F I R S T . c o d e S E C T I O N
;;******************************************************************************************************
VS_CODE EQU ( IMAGE_BASE + ( ( 1 + ( (RAW_HEADER.SIZE-1) >> 12 ) ) * SECTION_ALIGNMENT ) )
section .code vstart=VS_CODE
code:
entryPoint:
xor eax, eax
ret
TIMES 1000h db 90h ;; nop
;;******************************************************************************************************
;; F I R S T . d a t a S E C T I O N
;;******************************************************************************************************
VS_DATA EQU ( VS_CODE + ( ( 1 + ( (RAW_CODE.SIZE-1) >> 12 ) ) * SECTION_ALIGNMENT ) )
section .data vstart=VS_DATA
data:
db "An unused string"
;;******************************************************************************************************
;; I N C L U D E S U B R O U T I N E F I L E S
;;******************************************************************************************************
%INCLUDE "sbr0.sbr"
%INCLUDE "sbr1.sbr"
;;******************************************************************************************************
;; L A S T . c o d e S E C T I O N
;;******************************************************************************************************
section .code
align FILE_ALIGNMENT, db 0
RAW_CODE.OFFSET equ RAW_HEADER.SIZE
RAW_CODE.SIZE equ $ - $$
;;******************************************************************************************************
;; L A S T . d a t a S E C T I O N
;;******************************************************************************************************
section .data
align FILE_ALIGNMENT, db 0
RAW_DATA.OFFSET equ RAW_CODE.OFFSET + RAW_CODE.SIZE
RAW_DATA.SIZE equ $ - $$
;;******************************************************************************************************
IMAGE_END equ $
;; -- eof --
;; file sbr0.sbr
SECTION .code
TIMES 220h db 0CCh
SECTION .data
TIMES 210h db 'put some strings'
;; eo sbr0.sbr
;; file sbr1.sbr
SECTION .code
TIMES 230h db 090h
SECTION .data
TIMES 240h db 'put more strings'
;; eo sbr1.sbr
SECTIONS equ 3
TIME_DATE equ 0
IMAGE_BASE equ 0x400000
SECTION_ALIGNMENT equ 0x1000
FILE_ALIGNMENT equ 0x200
BSS_SIZE equ 0
%define nagoa_round(size) ((size + SECTION_ALIGNMENT - 1) & ~(SECTION_ALIGNMENT - 1))
; ******************************************************************************************************
bits 32
section header vstart=IMAGE_BASE
dw "MZ" ; e_magic
dw 0 ; e_cblp
dw 0 ; e_cp
dw 0 ; e_crlc
dw 0 ; e_cparhdr
dw 0 ; e_minalloc
dw 0 ; e_maxalloc
dw 0 ; e_ss
dw 0 ; e_sp
dw 0 ; e_csum
dw 0 ; e_ip
dw 0 ; e_cs
dw 0 ; e_lsarlc
dw 0 ; e_ovno
dq 0 ; e_res
dw 0 ; e_oemid
dw 0 ; e_oeminfo
dd 0,0,0,0,0 ; e_res2
dd imageHeader - IMAGE_BASE ; e_lfanew
imageHeader:
dd "PE" ; Signature
dw 0x014C ; Machine
dw SECTIONS ; NumberOfSections
dd TIME_DATE ; TimeDateStamp
dd 0 ; PointerToSymbolTable
dd 0 ; NumberOfSymbols
dw optionalHeader.SIZE ; SizeOfOptionalHeader
dw 0x0303 ; Characteristics
optionalHeader:
dw 0x10B ; Magic
db 0 ; MajorLinkerVersion
db 0 ; MinorLinkerVersion
dd nagoa_round(RAW_CODE.SIZE) ; SizeOfCode
dd nagoa_round(RAW_RDATA.SIZE) ; SizeOfInitializedData
dd nagoa_round(BSS_SIZE) ; SizeOfUninitializedData
dd entryPoint - IMAGE_BASE ; AddressOfEntryPoint
dd code - IMAGE_BASE ; BaseOfCode
dd rdata - IMAGE_BASE ; BaseOfData
dd IMAGE_BASE ; ImageBase
dd SECTION_ALIGNMENT ; SectionAlignment
dd FILE_ALIGNMENT ; FileAlignment
dw 4 ; MajorOperatingSystemVersion
dw 0 ; MinorOperatingSystemVersion
dw 0 ; MajorImageVersion
dw 0 ; MinorImageVersion
dw 4 ; MajorSubsystemVersion
dw 0 ; MinorSubsystemVersion
dd 0 ; Win32VersionValue
dd IMAGE_END - IMAGE_BASE ; SizeOfImage
dd RAW_HEADER.SIZE ; SizeOfHeaders
dd 0 ; CheckSum
dw 2 ; Subsystem
dw 0 ; DllCharacteristics
dd 0x40000 ; SizeOfStackReserve
dd 0x6000 ; SizeOfStackCommit
dd 0x100000 ; SizeOfHeapReserve
dd 0x1000 ; SizeOfHeapCommit
dd 0 ; LoaderFlags
dd 16 ; NumberOfRvaAndSizes
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXPORT
dd ImportDirectoryTable - IMAGE_BASE ; IMAGE_DIRECTORY_ENTRY_IMPORT.addresss
dd import.SIZE ; IMAGE_DIRECTORY_ENTRY_IMPORT.size
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_RESOURCE
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_EXCEPTION
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_SECURITY
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BASERELOC
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DEBUG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COPYRIGHT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_GLOBALPTR
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_TLS
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
dd ImportAddressTable - IMAGE_BASE ; IMAGE_DIRECTORY_ENTRY_IAT.address
dd iat.SIZE ; IMAGE_DIRECTORY_ENTRY_IAT.size
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
dd 0, 0 ; IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
dd 0, 0 ; reserved
optionalHeader.SIZE equ $ - optionalHeader
sectionHeaders:
dq ".text" ; Name
dd VIRTUAL_CODE.SIZE ; VirtualSize
dd code - IMAGE_BASE ; VirtualAddress
dd RAW_CODE.SIZE ; SizeOfRawData
dd RAW_CODE.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x60000020 ; Characteristics
dq ".rdata" ; Name
dd VIRTUAL_RDATA.SIZE ; VirtualSize
dd rdata - IMAGE_BASE ; VirtualAddress
dd RAW_RDATA.SIZE ; SizeOfRawData
dd RAW_RDATA.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0x40000040 ; Characteristics
dq ".idata" ; Name
dd VIRTUAL_IDATA.SIZE ; VirtualSize
dd idata - IMAGE_BASE ; VirtualAddress
dd RAW_IDATA.SIZE ; SizeOfRawData
dd RAW_IDATA.OFFSET ; PointerToRawData
dd 0 ; PointerToRelocations
dd 0 ; PointerToLinenumbers
dw 0 ; NumberOfRelocations
dw 0 ; NumberOfLinenumbers
dd 0xC0000040 ; Characteristics
align FILE_ALIGNMENT, db 0
RAW_HEADER.SIZE equ $ - $$
; ******************************************************************************************************
RAW_CODE.OFFSET equ RAW_HEADER.SIZE
VIRTUAL_CODE.OFFSET equ IMAGE_BASE + nagoa_round(RAW_HEADER.SIZE)
section .text follows=header vstart=VIRTUAL_CODE.OFFSET
code:
entryPoint:
xor eax, eax
push eax
push dword stringBoxCaption
push dword stringBoxMessage
push eax
call [MessageBox]
xor eax, eax
ret
align FILE_ALIGNMENT, db 0
RAW_CODE.SIZE equ $ - $$
VIRTUAL_CODE.SIZE equ nagoa_round(RAW_CODE.SIZE)
; ******************************************************************************************************
RAW_RDATA.OFFSET equ RAW_CODE.OFFSET + RAW_CODE.SIZE
VIRTUAL_RDATA.OFFSET equ VIRTUAL_CODE.OFFSET + VIRTUAL_CODE.SIZE
section .rdata vstart=VIRTUAL_RDATA.OFFSET
rdata:
stringBoxCaption:
db "exetest", 0
stringBoxMessage:
db "Hi, I'm exetest, a tiny valid win32 program.", 0
align FILE_ALIGNMENT, db 0
RAW_RDATA.SIZE equ $ - $$
VIRTUAL_RDATA.SIZE equ nagoa_round(RAW_RDATA.SIZE)
; ******************************************************************************************************
RAW_IDATA.OFFSET equ RAW_RDATA.OFFSET + RAW_RDATA.SIZE
VIRTUAL_IDATA.OFFSET equ VIRTUAL_RDATA.OFFSET + VIRTUAL_RDATA.SIZE
section .idata vstart=VIRTUAL_IDATA.OFFSET
idata:
ImportDirectoryTable:
dd lookup_User32 - IMAGE_BASE ; OriginalFirstThunk
dd 0 ; TimeDateStamp
dd 0xFFFFFFFF ; ForwarderChain
dd string_User32 - IMAGE_BASE ; Name
dd iat_User32 - IMAGE_BASE ; FirstThunk
dd 0, 0, 0, 0, 0
lookup_User32:
dd hintName_MessageBox - IMAGE_BASE
dd 0
hintName_MessageBox:
dw 0 ; Hint
db "MessageBoxA", 0 ; Name
align 2, db 0 ; Pad
import.SIZE equ $ - ImportDirectoryTable
ImportAddressTable:
iat_User32:
MessageBox:
dd hintName_MessageBox - IMAGE_BASE
dd 0
iat.SIZE equ $ - ImportAddressTable
string_User32:
db "User32.dll", 0
align FILE_ALIGNMENT, db 0
RAW_IDATA.SIZE equ $ - $$
VIRTUAL_IDATA.SIZE equ nagoa_round(RAW_IDATA.SIZE)
; ******************************************************************************************************
IMAGE_END equ VIRTUAL_IDATA.OFFSET + VIRTUAL_IDATA.SIZE
nasm -f bin exetest.asm -o exetest.exe 2> error.log
(Though we may continue to discuss about binary compilation tricks, especially if somebody find a magical function that returns the raw file offset from where it is called, somehow like "$" does for virtual address)
proc GetRawFileOffset, dword pFile, dword pAddress
if pFile == 0
invoke GetModuleHandle,NULL
else
mov eax, pFile
endif
add eax, dword [eax + IMAGE_DOS_HEADER.e_lfanew]
mov eax, dword [eax +IMAGE_NT_HEADERS.OptionalHeader.BaseOfCode]
;EDITED - Use BaseOfData for address' in .data sections. You can go through and do
;$-StartOfSectionLabel+ dword [IMAGE_SECTION_HEADER.PointerToRawData]
push ebx
mov ebx, .SomeLabel
sub ebx, eax
xchg eax, ebx
pop ebx
endproc
push .SomeLabel
push strict dword 0
call GetRawFileOffset
.SomeLabel
;We have the raw file offset to this address in eax
;So eax = eip - BaseOfCode