News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

PE version patcher

Started by Ficko, July 08, 2010, 09:02:52 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

jj2007

#15
July 09, 2010, 10:05:29 AM
Quote from: Ficko on July 08, 2010, 01:07:22 PM
Holly Sh.*?! I was just kidding.  :clap:

I wonder this really works in every case ?! ::)

You can patch a file with a known offset with this four-liner. But as shown later, the offset is not fixed...

Ghandi

#16
July 09, 2010, 10:13:50 AM
Is the subsystem version of any importance with this 'problem' of running newer linked executables on Win2000?

The code isn't pretty, but it uses memory mapped files to edit the MajorOperatingSystemVersion and MinorOperatingSystemVersion members of the PE header. I haven't commented the code but it should be pretty plain what it does. Don't pay attention to my poor coding, just take the concept out of there and make what you want with it if you so desire. :D Any questions, feel free to ask, if i'll answer them the best i can.

Btw, i know there is a typo in at least one of the messagebox texts, it should read "must" not "muse", a distance of two keys. Which if you look at it from a different perspective, isn't too bad an effort, because i totally missed 'r' when doing that particular typo and i didn't even notice it until i'd uploaded the zip file to the forum, o0.

HR,
Ghandi

gwapo

#17
July 09, 2010, 10:30:58 AM
Quote from: Ficko on July 09, 2010, 07:22:58 AM
Quote from: clive on July 08, 2010, 07:25:40 PM
Perhaps you want
Code Select
/SUBSYSTEM:WINDOWS,4.00 or
Code Select
/SUBSYSTEM:CONSOLE,4.00

Quote
LINK : warning LNK4010: invalid subsystem version number 4.00; default subsystem version assumed

That what I was talking about above MS "intentionally" crippled the linker. ::)
Prehabs they want to prevent something else like not to try run .NET 3.0 on Windows 2000 or god knows.


Windows OS version 4.0 is Windows 95. If you want your program to run on Windows 2000 and above, the default version 5.0 should work. Windows 2000 = 5.0

jj2007

#18
July 09, 2010, 01:02:50 PM
For testing...

Code Select
include \masm32\MasmBasic\MasmBasic.inc
memwrd MACRO memptr
  movzx eax, word ptr memptr
  EXITM <eax>
ENDM
Init
Let esi=FileRead$(CL$())  ; utterly inefficient to read in the whole file ;-)
mov ebx, [esi+3Ch]
Print Str$("MajorOS    \t%i\n", memwrd(IMAGE_NT_HEADERS.OptionalHeader.MajorOperatingSystemVersion[esi+ebx]))
Print Str$("MinorOS    \t%i\n", memwrd(IMAGE_NT_HEADERS.OptionalHeader.MinorOperatingSystemVersion[esi+ebx]))
Print Str$("MajorImage\t%i\n", memwrd(IMAGE_NT_HEADERS.OptionalHeader.MajorImageVersion[esi+ebx]))
Print Str$("MinorImage\t%i\n", memwrd(IMAGE_NT_HEADERS.OptionalHeader.MinorImageVersion[esi+ebx]))
Print Str$("MajorSubSys\t%i\n", memwrd(IMAGE_NT_HEADERS.OptionalHeader.MajorSubsystemVersion[esi+ebx]))
Print Str$("MinorSubSys\t%i\n", memwrd(IMAGE_NT_HEADERS.OptionalHeader.MinorSubsystemVersion[esi+ebx]))
Inkey "-- info refers to ", CL$(), " --"
Exit
end start


Output:
Code Select
MajorOS         4
MinorOS         0
MajorImage      10
MinorImage      0
MajorSubSys     4
MinorSubSys     0
-- info refers to C:\Program Files\Microsoft Office\Office12\WINWORD.EXE --

The executable is attached.

Ghandi

#19
July 09, 2010, 03:15:47 PM
If you are worried about file size, you can read in 40h bytes from the file and check the DOS signature, then use the e_lfanew member to set the file pointer again so its pointing at the actual PE header signature. From there you can access any part of the PE header and this approach is used a fair bit in applications i've seen which handle larger PE file access without loading it fully to memory.

A question regarding memory mapped files, if you have mapped a large file but not accessed the memory, is it paged in from the word go or does that happen automagically? I was under the impression that it would be paged in as the access demanded it, otherwise it would suck all of the memory from the OS.

HR,
Ghandi

jj2007

#20
July 09, 2010, 03:53:32 PM
Quote from: Ghandi on July 09, 2010, 03:15:47 PM
If you are worried about file size,

No, I am not worried. Just lazy.
Code Select
; Let esi=FileRead$(CL$())  ; utterly inefficient to read in the whole file ;-)
Let esi=New$(4096)
Open "I", #1, CL$()
Input #1, esi, Lof(#1)
Close

Ficko

#21
July 09, 2010, 03:53:58 PM
I made some tests with the CFF Explorer and just wanna make some clarification.

Looks like the "MinorSubsystemVersion" + has to be (0) to run under W2.
So 5.0 is ok.

The problem is SOLVED. :toothy

Since
Quote/SUBSYSTEM:CONSOLE,5.00
is OK.

No more patching. :U

Ghandi

#22
July 09, 2010, 04:40:04 PM
I wasn't referring to your code jj, i meant my code, i mapped the whole file with MapViewOfFile.

HR,
Ghandi

Queue

#23
July 09, 2010, 04:48:59 PM
Quote from: Ficko on July 09, 2010, 03:53:58 PM
I made some tests with the CFF Explorer and just wanna make some clarification.

Looks like the "MinorSubsystemVersion" + has to be (0) to run under W2.
So 5.0 is ok.

The problem is SOLVED. :toothy

Since
Quote/SUBSYSTEM:CONSOLE,5.00
is OK.

No more patching. :U
Unless you want it to run on all 32-bit versions of Windows, in which case 5.0 is inadequate.

http://www.steelbytes.com/?mid=47

That's the best utility I've seen for achieving this, and does more than simply changing the subsystem version.

Queue

jj2007

#24
July 09, 2010, 05:10:17 PM
Quote from: Ghandi on July 09, 2010, 04:40:04 PM
I wasn't referring to your code jj, i meant my code, i mapped the whole file with MapViewOfFile.

So we have the same bad habits :wink

Ficko

#25
July 09, 2010, 06:23:11 PM
Code Select

Unless you want it to run on all 32-bit versions of Windows, in which case 5.0 is inadequate.


You right and still need a patcher for prgs you don't have the source. :wink

GregL

#26
July 09, 2010, 09:05:39 PM
I did a little research of what the default version is when the version is not specified in /SUBSYSTEM.

VS 6.0               4.00
VS 2003 (7.0)        4.00
VS 2005 (8.0)        4.00
VS 2008 (9.0)        5.00
VS 2010 (10.0)       5.00

See /SUBSYSTEM


clive

#27
July 09, 2010, 09:33:54 PM
Quote from: Ficko
You right and still need a patcher for prgs you don't have the source. :wink

Code Select
Microsoft (R) COFF Binary File Editor Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

usage: EDITBIN [options] [files]

   options:

      /BIND[:PATH=path]
      /HEAP:reserve[,commit]
      /LARGEADDRESSAWARE[:NO]
      /NOLOGO
      /REBASE[:[BASE=address][,BASEFILE][,DOWN]]
      /RELEASE
      /SECTION:name[=newname][,[[!]{cdeikomprsuw}][a{1248ptsx}]]
      /STACK:reserve[,commit]
      /SUBSYSTEM:{NATIVE|WINDOWS|CONSOLE|WINDOWSCE|POSIX}[,#[.##]]
      /SWAPRUN:{[!]CD|[!]NET}
      /VERSION:#[.#]
      /WS:[!]AGGRESSIVE

The other Microsoft tool that comes to mind is REBASE.EXE, but it doesn't have options to change the SUBSYSTEM stuff.
It could be a random act of randomness. Those happen a lot as well.

Queue

#28
July 09, 2010, 09:43:01 PM
Like DUMPBIN and LIB, EDITBIN is simply a forwarder to LINK.EXE.

DUMPBIN = LINK.EXE -dump
EDITBIN = LINK.EXE -edit
LIB = LINK.EXE -lib

Queue
Print
Go Up Pages 1 2
User actions