happy to be a new member... many thanks to the people who make this forum possible...
i have programmed in a variety of languages over the years...
i am fascinated with assembler due to it's direct connections between the mnemonics...
the opcodes... and the executable file format...
i spent the last few months studying the pe file format and the opcodes via the microsoft
and intel documentation and now i am interested in learning assembler itself...
so... i wish the best to all the members of this forum!!!
thanks again... brianO
Hi Brian,
Welcome to the forum.
Don't forget to check Iczelion's Portable Executable Tutorial Set :
http://win32assembly.online.fr/tutorials.html
QuoteOverview of PE File Format
Detecting a Valid PE File
File Header
Optional Header
Section Table
Import Table
Export Table
Vortex
Thanks for the link!
there is plenty to learn there...
i wrote a little program that loads a pe file
and creates a large datasection with it...
in effect it turns the pe file into source code...
this allows me to begin to understand those structures...
i wrote a toy compiler a while back...
so now i would like to learn to write a toy assembler...
so i figured it might be a good idea to learn some assembler!!!
here's a few lines of output...
i am happy to share any of the tools i have written
anytime with anyone... i've got hundreds of em...
take care... brianO
>cmd /c "C:\_sys\temp\pe_coff_dump_ALL.exe"
; | FileIn =masm32.exe 16384 [bytes]
; | ________________________________________|
; | Variable Name.Type Offset[bytes] | Value
; | ________________________________________|
; | DOS_HEADER |
; | ________________________________________|
*dos.DOS_HEADER=allocatememory(sizeof(DOS_HEADER))
*dos\e_magic.s{2} = "MZ" ;Magic (MZ)
*dos\e_cblp.u = 144 ;Bytes on last page of file
*dos\e_cp.u = 3 ;Pages in file
*dos\e_crlc.u = 0 ;Relocations
*dos\e_cparhdr.u = 4 ;sizeO hdr in paras
*dos\e_minalloc.u = 0 ;Min extra paras needed
*dos\e_maxalloc.u = 65535 ;Max extra paras needed
*dos\e_ss.u = 0 ;init relative SS value
*dos\e_sp.u = 184 ;init SP value
*dos\e_csum.u = 0 ;Checksum
*dos\e_ip.u = 0 ;init IP value
*dos\e_cs.u = 0 ;init relative CS value
*dos\e_lfarlc.u = 64 ;File addr of reloc tbl
*dos\e_ovno.u = 0 ;Overlay number
*dos\e_res.u[4] = 0 ;Reserved words
*dos\e_oemid.u = 0 ;OEM ident for e_oeminfo
*dos\e_oeminfo.u = 0 ;OEM info e_oemid specific
*dos\e_res2.u[10] = 0 ;Reserved words
*dos\e_lfanew.l = 192 ;File addr of new exe hdr
; | ________________________________________|
; | FILE_HEADER |
; | ________________________________________|
*fil.FILE_HEADER=allocatememory(sizeof(FILE_HEADER))
*fil\Signature.s{4} = "PE" ;PE signature: PE\0\0
*fil\Machine.u = 332 ;I386
*fil\NumberOfSections.u = 3 ;number of sections
*fil\TimeDateStamp.l = 1320830278 ;_11_09_2011_04_17_58_am
*fil\PointerToSymbolTable.l = 0 ;file offset of COFF tbl
*fil\NumberOfSymbols.l = 0 ;#entries in symbol tbl
*fil\SizeOfOptionalHeader.u = 224 ;sizeO the opt hdr
*fil\Characteristics.u = 271
; | RELOCS_GONE|EXECUTABLE|LINE_NUMS_GONE|LOCAL_SYMS_GONE|32BIT_MACHINE
; | ________________________________________|
; | OPTIONAL_HEADER |
; | ________________________________________|
*opt.OPTIONAL_HEADER=allocatememory(sizeof(OPTIONAL_HEADER))
*opt\Magic.u = 267 ;NT_OPTIONAL_HDR32_MAGIC
*opt\UMajorLinkerVersion.a = 6 ;linker maj ver
*opt\UMinorLinkerVersion.a = 0 ;linker min ver
*opt\SizeOfCode.l = 4096 ;SumO code sections
*opt\SizeOfInitializedData.l = 8192 ;SumO init data sects
*opt\SizeOfUninitializedData.l = 0 ;SumO data sect (BSS)
*opt\AddressOfEntryPoint.l = 4096 ;Rel addr entry pnt img base
*opt\BaseOfCode.l = 4096 ;Rel addr beginOcode sect
*opt\BaseOfData.l = 8192 ;Rel addr beginOdata sect
*opt\ImageBase.l = 4194304 ;Prefd addr first byteO img
*opt\SectionAlignment.l = 4096 ;alignment bytes of sects
*opt\FileAlignment.l = 4096 ;alignment factor bytes
*opt\MajorOperatingSystemVersion.u = 4 ;maj ver # of op system
*opt\MinorOperatingSystemVersion.u = 0 ;min ver # of op system
*opt\MajorImageVersion.u = 0 ;maj ver # of img
*opt\MinorImageVersion.u = 0 ;min ver # of the img
*opt\MajorSubsystemVersion.u = 4 ;maj ver # of subsys
*opt\MinorSubsystemVersion.u = 0 ;min ver # of subsys
*opt\Reserved1.l = 0 ;Reserved, must be 0
*opt\SizeOfImage.l = 16384 ;size bytes of img
*opt\SizeOfHeaders.l = 4096 ;DOSstubPE&SectHdrsRel2FAlign
*opt\CheckSum.l = 0 ;ignored except trusted servs
*opt\Subsystem.u = 3 ;WINDOWS_CUI
*opt\DllCharacteristics.u = 0 ;
*opt\SizeOfStackReserve.l = 1048576 ;sizeO Stack2reserve
*opt\SizeOfStackCommit.l = 4096 ;sizeO Stack2commit
*opt\SizeOfHeapReserve.l = 1048576 ;sizeO loc heap spc2reserve
*opt\SizeOfHeapCommit.l = 4096 ;sizeO loc heap spc2commit
*opt\LoaderFlags.l = 0 ;Reserved, must be 0
*opt\NumberOfRvaAndSizes.l = 16 ;#dataDirs entrs leftn optHdr
*opt\ExportTable\VirtualAddress.l = 0 ;exp tbl addr&size
*opt\ExportTable\Size.l = 0
*opt\ImportTable\VirtualAddress.l = 8208 ;imp tbl addr&size
*opt\ImportTable\Size.l = 40
*opt\ResourceTable\VirtualAddress.l = 0 ;resource tbl addr&size
*opt\ResourceTable\Size.l = 0
*opt\ExceptionTable\VirtualAddress.l = 0 ;exception tbl addr&size
*opt\ExceptionTable\Size.l = 0
*opt\CertificateTable\VirtualAddress.l = 0 ;attribute cert tbl addr&size
*opt\CertificateTable\Size.l = 0
*opt\BaseRelocationTable\VirtualAddress.l = 0 ;base relocation tbl addr&size
*opt\BaseRelocationTable\Size.l = 0
*opt\DebugQ\VirtualAddress.l = 0 ;debug data starting addr&size
*opt\DebugQ\Size.l = 0
*opt\Architecture\VirtualAddress.l = 0 ;Reserved, must be 0
*opt\Architecture\Size.l = 0
*opt\GlobalPtr\VirtualAddress.l = 0 ;RVA val storD in glo ptr reg
*opt\GlobalPtr\Size.l = 0
*opt\TLSTable\VirtualAddress.l = 0 ;thread loc storG tbl addr&size
*opt\TLSTable\Size.l = 0
*opt\LoadConfigTable\VirtualAddress.l = 0 ;load config tbl addr&size
*opt\LoadConfigTable\Size.l = 0
*opt\BoundImport\VirtualAddress.l = 0 ;bound imp tbl addr&size
*opt\BoundImport\Size.l = 0
*opt\IAT\VirtualAddress.l = 8192 ;imp addr tbl addr&size
*opt\IAT\Size.l = 16
*opt\DelayImportDescriptor\VirtualAddress.l = 0 ;delay imp descr addr&size
*opt\DelayImportDescriptor\Size.l = 0
*opt\CLRRuntimeHeader\VirtualAddress.l = 0 ;CLR runtime hdr addr&size
*opt\CLRRuntimeHeader\Size.l = 0
*opt\ReservedMustBeZero\VirtualAddress.l = 0 ;Reserved must be 0
*opt\ReservedMustBeZero\Size.l = 0
; | ________________________________________|
; | SECTION_HEADER .text |
; | ________________________________________|
dim *sec.SECTION_HEADER(16)
*sec(1)=allocatememory(sizeof(SECTION_HEADER))
*sec(1)\Name.s = ".text"
*sec(1)\VirtualSize.l = 212
*sec(1)\VirtualAddress.l = 4096
*sec(1)\SizeOfRawData.l = 4096
*sec(1)\PointerToRawData.l = 4096
*sec(1)\PointerToRelocations.l = 0
*sec(1)\PointerToLinenumbers.l = 0
*sec(1)\NumberOfRelocations.u = 0
*sec(1)\NumberOfLinenumbers.u = 0
*sec(1)\CharacteristicsL.l = 1610612768
; | CODE|EXECUTE|READ
; | ________________________________________|
; | SECTION_HEADER .rdata |
; | ________________________________________|
*sec(2)=allocatememory(sizeof(SECTION_HEADER))
*sec(2)\Name.s = ".rdata"
*sec(2)\VirtualSize.l = 128
*sec(2)\VirtualAddress.l = 8192
*sec(2)\SizeOfRawData.l = 4096
*sec(2)\PointerToRawData.l = 8192
*sec(2)\PointerToRelocations.l = 0
*sec(2)\PointerToLinenumbers.l = 0
*sec(2)\NumberOfRelocations.u = 0
*sec(2)\NumberOfLinenumbers.u = 0
*sec(2)\CharacteristicsL.l = 1073741888
; | INITIALIZED_DATA|READ
; | ________________________________________|
; | SECTION_HEADER .data |
; | ________________________________________|
*sec(3)=allocatememory(sizeof(SECTION_HEADER))
*sec(3)\Name.s = ".data"
*sec(3)\VirtualSize.l = 32
*sec(3)\VirtualAddress.l = 12288
*sec(3)\SizeOfRawData.l = 4096
*sec(3)\PointerToRawData.l = 12288
*sec(3)\PointerToRelocations.l = 0
*sec(3)\PointerToLinenumbers.l = 0
*sec(3)\NumberOfRelocations.u = 0
*sec(3)\NumberOfLinenumbers.u = 0
*sec(3)\CharacteristicsL.l = -1073741760
; | WRITE|INITIALIZED_DATA|READ
; | ________________________________________|
DataSection
s:
data.b $4D,$5A,$90,$00,$03,$00,$00,$00 ; [ 0,8 ] | [003FFFFF,00400007] |MZ......
data.b $04,$00,$00,$00,$FF,$FF,$00,$00 ; [ 8,16 ] | [00400007,0040000F] |........
data.b $B8,$00,$00,$00,$00,$00,$00,$00 ; [ 16,24 ] | [0040000F,00400017] |........
data.b $40,$00,$00,$00,$00,$00,$00,$00 ; [ 24,32 ] | [00400017,0040001F] |@.......
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 32,40 ] | [0040001F,00400027] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 40,48 ] | [00400027,0040002F] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 48,56 ] | [0040002F,00400037] |........
data.b $00,$00,$00,$00,$C0,$00,$00,$00 ; [ 56,64 ] | [00400037,0040003F] |........
data.b $0E,$1F,$BA,$0E,$00,$B4,$09,$CD ; [ 64,72 ] | [0040003F,00400047] |........
data.b $21,$B8,$01,$4C,$CD,$21,$54,$68 ; [ 72,80 ] | [00400047,0040004F] |!..L.!Th
data.b $69,$73,$20,$70,$72,$6F,$67,$72 ; [ 80,88 ] | [0040004F,00400057] |is.progr
data.b $61,$6D,$20,$63,$61,$6E,$6E,$6F ; [ 88,96 ] | [00400057,0040005F] |am.canno
data.b $74,$20,$62,$65,$20,$72,$75,$6E ; [ 96,104 ] | [0040005F,00400067] |t.be.run
data.b $20,$69,$6E,$20,$44,$4F,$53,$20 ; [ 104,112 ] | [00400067,0040006F] |.in.DOS.
data.b $6D,$6F,$64,$65,$2E,$0D,$0D,$0A ; [ 112,120 ] | [0040006F,00400077] |mode....
data.b $24,$00,$00,$00,$00,$00,$00,$00 ; [ 120,128 ] | [00400077,0040007F] |$.......
data.b $13,$81,$DD,$DE,$57,$E0,$B3,$8D ; [ 128,136 ] | [0040007F,00400087] |....W...
data.b $57,$E0,$B3,$8D,$57,$E0,$B3,$8D ; [ 136,144 ] | [00400087,0040008F] |W...W...
data.b $D9,$FF,$A0,$8D,$51,$E0,$B3,$8D ; [ 144,152 ] | [0040008F,00400097] |....Q...
data.b $AB,$C0,$A1,$8D,$55,$E0,$B3,$8D ; [ 152,160 ] | [00400097,0040009F] |....U...
data.b $34,$C2,$99,$8D,$56,$E0,$B3,$8D ; [ 160,168 ] | [0040009F,004000A7] |4...V...
data.b $52,$69,$63,$68,$57,$E0,$B3,$8D ; [ 168,176 ] | [004000A7,004000AF] |RichW...
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 176,184 ] | [004000AF,004000B7] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 184,192 ] | [004000B7,004000BF] |........
data.b $50,$45,$00,$00,$4C,$01,$03,$00 ; [ 192,200 ] | [004000BF,004000C7] |PE..L...
.blah
.blah
.blah
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16360,16368 ] | [00403FE8,00403FF0] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16368,16376 ] | [00403FF0,00403FF8] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16376,16384 ] | [00403FF8,00404000] |........
e:
EndDataSection
DataSection
sDISASM:
data.b $68,$00,$30,$40,$00 ; push 00403000h
data.b $E8,$0A,$00,$00,$00 ; call 00000014h
data.b $6A,$00 ; push 00000000h
data.b $E8,$B1,$00,$00,$00 ; call 000000C2h
data.b $CC ; int3
data.b $CC ; int3
data.b $CC ; int3
data.b $55 ; push ebp
data.b $8B,$EC ; mov ebp, esp
data.b $83,$C4,$F4 ; add esp, FFFFFFF4h
data.b $6A,$F5 ; push FFFFFFF5h
data.b $E8,$A7,$00,$00,$00 ; call 000000C8h
data.b $89,$45,$FC ; mov dword ptr [ebp-04h], eax
data.b $FF,$75,$08 ; push dword ptr [ebp+08h]
data.b $E8,$24,$00,$00,$00 ; call 00000050h
data.b $89,$45,$F4 ; mov dword ptr [ebp-0Ch], eax
data.b $6A,$00 ; push 00000000h
.blah
.blah
.blah
data.b $C2,$04,$00 ; retn 0004h
data.b $CC ; int3
data.b $FF,$25,$08,$20,$40,$00 ; jmp dword ptr [00402008h]
data.b $FF,$25,$00,$20,$40,$00 ; jmp dword ptr [00402000h]
data.b $FF,$25,$04,$20,$40,$00 ; jmp dword ptr [00402004h]
eDISASM:
eDISASM:
EndDataSection
f.s="_masm32.exe"
If CreateFile(2115,f.s)
WriteData(2115,?s,?e-?s)
CloseFile(2115)
Else
cw("not writedata :"+f.s)
EndIf
; RunProgram(f.s)
Quote from: brianO on November 09, 2011, 09:48:29 AM
Vortex
Thanks for the link!
there is plenty to learn there...
i wrote a little program that loads a pe file
and creates a large datasection with it...
in effect it turns the pe file into source code...
this allows me to begin to understand those structures...
i wrote a toy compiler a while back...
so now i would like to learn to write a toy assembler...
so i figured it might be a good idea to learn some assembler!!!
here's a few lines of output...
i am happy to share any of the tools i have written
anytime with anyone... i've got hundreds of em...
take care... brianO
>cmd /c "C:\_sys\temp\pe_coff_dump_ALL.exe"
; | FileIn =masm32.exe 16384 [bytes]
; | ________________________________________|
; | Variable Name.Type Offset[bytes] | Value
; | ________________________________________|
; | DOS_HEADER |
; | ________________________________________|
*dos.DOS_HEADER=allocatememory(sizeof(DOS_HEADER))
*dos\e_magic.s{2} = "MZ" ;Magic (MZ)
*dos\e_cblp.u = 144 ;Bytes on last page of file
*dos\e_cp.u = 3 ;Pages in file
*dos\e_crlc.u = 0 ;Relocations
*dos\e_cparhdr.u = 4 ;sizeO hdr in paras
*dos\e_minalloc.u = 0 ;Min extra paras needed
*dos\e_maxalloc.u = 65535 ;Max extra paras needed
*dos\e_ss.u = 0 ;init relative SS value
*dos\e_sp.u = 184 ;init SP value
*dos\e_csum.u = 0 ;Checksum
*dos\e_ip.u = 0 ;init IP value
*dos\e_cs.u = 0 ;init relative CS value
*dos\e_lfarlc.u = 64 ;File addr of reloc tbl
*dos\e_ovno.u = 0 ;Overlay number
*dos\e_res.u[4] = 0 ;Reserved words
*dos\e_oemid.u = 0 ;OEM ident for e_oeminfo
*dos\e_oeminfo.u = 0 ;OEM info e_oemid specific
*dos\e_res2.u[10] = 0 ;Reserved words
*dos\e_lfanew.l = 192 ;File addr of new exe hdr
; | ________________________________________|
; | FILE_HEADER |
; | ________________________________________|
*fil.FILE_HEADER=allocatememory(sizeof(FILE_HEADER))
*fil\Signature.s{4} = "PE" ;PE signature: PE\0\0
*fil\Machine.u = 332 ;I386
*fil\NumberOfSections.u = 3 ;number of sections
*fil\TimeDateStamp.l = 1320830278 ;_11_09_2011_04_17_58_am
*fil\PointerToSymbolTable.l = 0 ;file offset of COFF tbl
*fil\NumberOfSymbols.l = 0 ;#entries in symbol tbl
*fil\SizeOfOptionalHeader.u = 224 ;sizeO the opt hdr
*fil\Characteristics.u = 271
; | RELOCS_GONE|EXECUTABLE|LINE_NUMS_GONE|LOCAL_SYMS_GONE|32BIT_MACHINE
; | ________________________________________|
; | OPTIONAL_HEADER |
; | ________________________________________|
*opt.OPTIONAL_HEADER=allocatememory(sizeof(OPTIONAL_HEADER))
*opt\Magic.u = 267 ;NT_OPTIONAL_HDR32_MAGIC
*opt\UMajorLinkerVersion.a = 6 ;linker maj ver
*opt\UMinorLinkerVersion.a = 0 ;linker min ver
*opt\SizeOfCode.l = 4096 ;SumO code sections
*opt\SizeOfInitializedData.l = 8192 ;SumO init data sects
*opt\SizeOfUninitializedData.l = 0 ;SumO data sect (BSS)
*opt\AddressOfEntryPoint.l = 4096 ;Rel addr entry pnt img base
*opt\BaseOfCode.l = 4096 ;Rel addr beginOcode sect
*opt\BaseOfData.l = 8192 ;Rel addr beginOdata sect
*opt\ImageBase.l = 4194304 ;Prefd addr first byteO img
*opt\SectionAlignment.l = 4096 ;alignment bytes of sects
*opt\FileAlignment.l = 4096 ;alignment factor bytes
*opt\MajorOperatingSystemVersion.u = 4 ;maj ver # of op system
*opt\MinorOperatingSystemVersion.u = 0 ;min ver # of op system
*opt\MajorImageVersion.u = 0 ;maj ver # of img
*opt\MinorImageVersion.u = 0 ;min ver # of the img
*opt\MajorSubsystemVersion.u = 4 ;maj ver # of subsys
*opt\MinorSubsystemVersion.u = 0 ;min ver # of subsys
*opt\Reserved1.l = 0 ;Reserved, must be 0
*opt\SizeOfImage.l = 16384 ;size bytes of img
*opt\SizeOfHeaders.l = 4096 ;DOSstubPE&SectHdrsRel2FAlign
*opt\CheckSum.l = 0 ;ignored except trusted servs
*opt\Subsystem.u = 3 ;WINDOWS_CUI
*opt\DllCharacteristics.u = 0 ;
*opt\SizeOfStackReserve.l = 1048576 ;sizeO Stack2reserve
*opt\SizeOfStackCommit.l = 4096 ;sizeO Stack2commit
*opt\SizeOfHeapReserve.l = 1048576 ;sizeO loc heap spc2reserve
*opt\SizeOfHeapCommit.l = 4096 ;sizeO loc heap spc2commit
*opt\LoaderFlags.l = 0 ;Reserved, must be 0
*opt\NumberOfRvaAndSizes.l = 16 ;#dataDirs entrs leftn optHdr
*opt\ExportTable\VirtualAddress.l = 0 ;exp tbl addr&size
*opt\ExportTable\Size.l = 0
*opt\ImportTable\VirtualAddress.l = 8208 ;imp tbl addr&size
*opt\ImportTable\Size.l = 40
*opt\ResourceTable\VirtualAddress.l = 0 ;resource tbl addr&size
*opt\ResourceTable\Size.l = 0
*opt\ExceptionTable\VirtualAddress.l = 0 ;exception tbl addr&size
*opt\ExceptionTable\Size.l = 0
*opt\CertificateTable\VirtualAddress.l = 0 ;attribute cert tbl addr&size
*opt\CertificateTable\Size.l = 0
*opt\BaseRelocationTable\VirtualAddress.l = 0 ;base relocation tbl addr&size
*opt\BaseRelocationTable\Size.l = 0
*opt\DebugQ\VirtualAddress.l = 0 ;debug data starting addr&size
*opt\DebugQ\Size.l = 0
*opt\Architecture\VirtualAddress.l = 0 ;Reserved, must be 0
*opt\Architecture\Size.l = 0
*opt\GlobalPtr\VirtualAddress.l = 0 ;RVA val storD in glo ptr reg
*opt\GlobalPtr\Size.l = 0
*opt\TLSTable\VirtualAddress.l = 0 ;thread loc storG tbl addr&size
*opt\TLSTable\Size.l = 0
*opt\LoadConfigTable\VirtualAddress.l = 0 ;load config tbl addr&size
*opt\LoadConfigTable\Size.l = 0
*opt\BoundImport\VirtualAddress.l = 0 ;bound imp tbl addr&size
*opt\BoundImport\Size.l = 0
*opt\IAT\VirtualAddress.l = 8192 ;imp addr tbl addr&size
*opt\IAT\Size.l = 16
*opt\DelayImportDescriptor\VirtualAddress.l = 0 ;delay imp descr addr&size
*opt\DelayImportDescriptor\Size.l = 0
*opt\CLRRuntimeHeader\VirtualAddress.l = 0 ;CLR runtime hdr addr&size
*opt\CLRRuntimeHeader\Size.l = 0
*opt\ReservedMustBeZero\VirtualAddress.l = 0 ;Reserved must be 0
*opt\ReservedMustBeZero\Size.l = 0
; | ________________________________________|
; | SECTION_HEADER .text |
; | ________________________________________|
dim *sec.SECTION_HEADER(16)
*sec(1)=allocatememory(sizeof(SECTION_HEADER))
*sec(1)\Name.s = ".text"
*sec(1)\VirtualSize.l = 212
*sec(1)\VirtualAddress.l = 4096
*sec(1)\SizeOfRawData.l = 4096
*sec(1)\PointerToRawData.l = 4096
*sec(1)\PointerToRelocations.l = 0
*sec(1)\PointerToLinenumbers.l = 0
*sec(1)\NumberOfRelocations.u = 0
*sec(1)\NumberOfLinenumbers.u = 0
*sec(1)\CharacteristicsL.l = 1610612768
; | CODE|EXECUTE|READ
; | ________________________________________|
; | SECTION_HEADER .rdata |
; | ________________________________________|
*sec(2)=allocatememory(sizeof(SECTION_HEADER))
*sec(2)\Name.s = ".rdata"
*sec(2)\VirtualSize.l = 128
*sec(2)\VirtualAddress.l = 8192
*sec(2)\SizeOfRawData.l = 4096
*sec(2)\PointerToRawData.l = 8192
*sec(2)\PointerToRelocations.l = 0
*sec(2)\PointerToLinenumbers.l = 0
*sec(2)\NumberOfRelocations.u = 0
*sec(2)\NumberOfLinenumbers.u = 0
*sec(2)\CharacteristicsL.l = 1073741888
; | INITIALIZED_DATA|READ
; | ________________________________________|
; | SECTION_HEADER .data |
; | ________________________________________|
*sec(3)=allocatememory(sizeof(SECTION_HEADER))
*sec(3)\Name.s = ".data"
*sec(3)\VirtualSize.l = 32
*sec(3)\VirtualAddress.l = 12288
*sec(3)\SizeOfRawData.l = 4096
*sec(3)\PointerToRawData.l = 12288
*sec(3)\PointerToRelocations.l = 0
*sec(3)\PointerToLinenumbers.l = 0
*sec(3)\NumberOfRelocations.u = 0
*sec(3)\NumberOfLinenumbers.u = 0
*sec(3)\CharacteristicsL.l = -1073741760
; | WRITE|INITIALIZED_DATA|READ
; | ________________________________________|
DataSection
s:
data.b $4D,$5A,$90,$00,$03,$00,$00,$00 ; [ 0,8 ] | [003FFFFF,00400007] |MZ......
data.b $04,$00,$00,$00,$FF,$FF,$00,$00 ; [ 8,16 ] | [00400007,0040000F] |........
data.b $B8,$00,$00,$00,$00,$00,$00,$00 ; [ 16,24 ] | [0040000F,00400017] |........
data.b $40,$00,$00,$00,$00,$00,$00,$00 ; [ 24,32 ] | [00400017,0040001F] |@.......
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 32,40 ] | [0040001F,00400027] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 40,48 ] | [00400027,0040002F] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 48,56 ] | [0040002F,00400037] |........
data.b $00,$00,$00,$00,$C0,$00,$00,$00 ; [ 56,64 ] | [00400037,0040003F] |........
data.b $0E,$1F,$BA,$0E,$00,$B4,$09,$CD ; [ 64,72 ] | [0040003F,00400047] |........
data.b $21,$B8,$01,$4C,$CD,$21,$54,$68 ; [ 72,80 ] | [00400047,0040004F] |!..L.!Th
data.b $69,$73,$20,$70,$72,$6F,$67,$72 ; [ 80,88 ] | [0040004F,00400057] |is.progr
data.b $61,$6D,$20,$63,$61,$6E,$6E,$6F ; [ 88,96 ] | [00400057,0040005F] |am.canno
data.b $74,$20,$62,$65,$20,$72,$75,$6E ; [ 96,104 ] | [0040005F,00400067] |t.be.run
data.b $20,$69,$6E,$20,$44,$4F,$53,$20 ; [ 104,112 ] | [00400067,0040006F] |.in.DOS.
data.b $6D,$6F,$64,$65,$2E,$0D,$0D,$0A ; [ 112,120 ] | [0040006F,00400077] |mode....
data.b $24,$00,$00,$00,$00,$00,$00,$00 ; [ 120,128 ] | [00400077,0040007F] |$.......
data.b $13,$81,$DD,$DE,$57,$E0,$B3,$8D ; [ 128,136 ] | [0040007F,00400087] |....W...
data.b $57,$E0,$B3,$8D,$57,$E0,$B3,$8D ; [ 136,144 ] | [00400087,0040008F] |W...W...
data.b $D9,$FF,$A0,$8D,$51,$E0,$B3,$8D ; [ 144,152 ] | [0040008F,00400097] |....Q...
data.b $AB,$C0,$A1,$8D,$55,$E0,$B3,$8D ; [ 152,160 ] | [00400097,0040009F] |....U...
data.b $34,$C2,$99,$8D,$56,$E0,$B3,$8D ; [ 160,168 ] | [0040009F,004000A7] |4...V...
data.b $52,$69,$63,$68,$57,$E0,$B3,$8D ; [ 168,176 ] | [004000A7,004000AF] |RichW...
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 176,184 ] | [004000AF,004000B7] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 184,192 ] | [004000B7,004000BF] |........
data.b $50,$45,$00,$00,$4C,$01,$03,$00 ; [ 192,200 ] | [004000BF,004000C7] |PE..L...
.blah
.blah
.blah
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16360,16368 ] | [00403FE8,00403FF0] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16368,16376 ] | [00403FF0,00403FF8] |........
data.b $00,$00,$00,$00,$00,$00,$00,$00 ; [ 16376,16384 ] | [00403FF8,00404000] |........
e:
EndDataSection
DataSection
sDISASM:
data.b $68,$00,$30,$40,$00 ; push 00403000h
data.b $E8,$0A,$00,$00,$00 ; call 00000014h
data.b $6A,$00 ; push 00000000h
data.b $E8,$B1,$00,$00,$00 ; call 000000C2h
data.b $CC ; int3
data.b $CC ; int3
data.b $CC ; int3
data.b $55 ; push ebp
data.b $8B,$EC ; mov ebp, esp
data.b $83,$C4,$F4 ; add esp, FFFFFFF4h
data.b $6A,$F5 ; push FFFFFFF5h
data.b $E8,$A7,$00,$00,$00 ; call 000000C8h
data.b $89,$45,$FC ; mov dword ptr [ebp-04h], eax
data.b $FF,$75,$08 ; push dword ptr [ebp+08h]
data.b $E8,$24,$00,$00,$00 ; call 00000050h
data.b $89,$45,$F4 ; mov dword ptr [ebp-0Ch], eax
data.b $6A,$00 ; push 00000000h
.blah
.blah
.blah
data.b $C2,$04,$00 ; retn 0004h
data.b $CC ; int3
data.b $FF,$25,$08,$20,$40,$00 ; jmp dword ptr [00402008h]
data.b $FF,$25,$00,$20,$40,$00 ; jmp dword ptr [00402000h]
data.b $FF,$25,$04,$20,$40,$00 ; jmp dword ptr [00402004h]
eDISASM:
eDISASM:
EndDataSection
f.s="_masm32.exe"
If CreateFile(2115,f.s)
WriteData(2115,?s,?e-?s)
CloseFile(2115)
Else
cw("not writedata :"+f.s)
EndIf
; RunProgram(f.s)
If you already created an assembler/compiler youre already become part of us. The rest would be easy, for example you can see "OEX" a.k.a peter, since he wrote dissassembler him self he suddenly jumped become a 3D graphics optimizer, not just that, he even able to recognize human voice, but he hid it all along from you guys. Well, welcome on board, and nice to know you.