Page 1 of 2
PE loader
Posted: Mon Jul 05, 2004 1:35 pm
by guest
does anyone have a PE (portable executable) loader that works? besides grub....
Re:PE loader
Posted: Sun Jan 15, 2006 11:34 am
by Kevin McGuire
If you compile this code and use it as a PE32 stub program. It will load a PE32 non-relocatable DLL. Last I checked GRUB did not support loading PE32 directly?
[font=System]nasmw.exe -o stub -f bin stub.asm[/font]
You need to vist:
http://my.execpc.com/~geezer/johnfine/index.htm
To download the gdt.inc file.
Code: Select all
%include "gdt.inc"
[ORG 0x1388000]
[BITS 32]
[SECTION .text]
mboot:
db 'M'
db 'Z'
KERNEL_LOADADDR??? equ 0x1900000
MULTIBOOT_PAGE_ALIGN equ 1<<0
MULTIBOOT_MEMORY_INFO equ 1<<1
MULTIBOOT_AOUT_KLUDGE equ 1<<16
MULTIBOOT_HEADER_MAGIC equ 0x1BADB002
MULTIBOOT_HEADER_FLAGS equ MULTIBOOT_PAGE_ALIGN | MULTIBOOT_MEMORY_INFO | MULTIBOOT_AOUT_KLUDGE
CHECKSUM equ -(MULTIBOOT_HEADER_MAGIC + MULTIBOOT_HEADER_FLAGS)
align 4
dd MULTIBOOT_HEADER_MAGIC
dd MULTIBOOT_HEADER_FLAGS
dd CHECKSUM
; fields used if MULTIBOOT_AOUT_KLUDGE is set in MULTIBOOT_HEADER_FLAGS
dd 0x1388004
dd 0x1388000
dd 0x0
dd 0x0
dd code
dd 0x0
dd 0x50
dd 0x19
dd 0x0
mboot_end:
resb 0x3C - (mboot_end - mboot)
pe32ptr:
dd 0x0
VarImageBase dd 0x0
VarSectionCount dd 0x0
VarEntryPoint dd 0x0
VarBaseOfCode dd 0x0
VarMultiBootInfo dd 0x0
pgdt:
start_gdt
???desc 0x0, 0xFFFFF, D_CODE+D_WRITE+D_BIG+D_BIG_LIM
???desc 0x0, 0xFFFFF, D_DATA+D_WRITE+D_BIG+D_BIG_LIM
???desc 0x0, 0xFFFFF, D_DATA+D_WRITE+D_BIG+D_BIG_LIM
end_gdt
code:
mov DWORD [VarMultiBootInfo], ebx
mov edi, DWORD [pe32ptr]
add edi, 0x1388000
findpesig:
mov ebx, dword [edi]?????????; TEST
cmp dword [edi], 0x4550
???jz foundpesig
inc edi
jmp findpesig
foundpesig:
add edi, 4????????????; jump past PE signature.
and ebx, 0????????????; clear ebx
mov ebx, 0
mov bx, word [edi + 2]?????????; get count of sections
mov DWORD [VarSectionCount], ebx??????
mov bx, word [edi + 16]?????????; get optional header size
add edi, 20????????????; jump past PE header
mov eax, edi
mov edi, DWORD [edi+28]?????????; get image base (preferred load address) NT-Specific
mov DWORD [VarImageBase], edi
mov edi, eax????????????; restore edi
mov edi, DWORD [edi+16]?????????; get address of entry point
mov DWORD [VarEntryPoint], edi
mov edi, eax????????????; restore edi
mov edi, DWORD [edi+20]?????????; get BaseOfCode
mov DWORD [VarBaseOfCode], edi
mov edi, eax????????????; restore edi
add edi, ebx????????????; jump past PE optional header
; edi = offset zero of section table
mov eax, 0
mov eax, DWORD [VarSectionCount]??????
mov edx, 40
mul edx???????????????; compute total size of section table
add eax, edi????????????; compute last byte + 1 of section table
mov DWORD [VarSectionCount], eax???; store computation
mov esp, edi
sectionnext:
mov eax, esp????????????; restore eax
mov edi, eax????????????; set edi to read section
cmp eax, DWORD [VarSectionCount]
??? jz sectiondone?????????; No more sections to load.
add eax, 40????????????; jump to next section in table
mov esp, eax????????????; save eax our count
loadsection:????????????; relocations not implemented
add edi, 12
mov ecx, DWORD [edi]?????????; get section.virtualAddress
add ecx, [VarImageBase]?????????; compute physical address
add edi, 4????????????; jump to size of raw data
mov ebx, DWORD [edi]?????????; get size of raw data
cmp ebx, 0
???jz copydone?????????; section contains no data
add edi, 4????????????; jump to ptr to raw data
mov edx, DWORD [edi]?????????; get ptr to raw data
mov edi, 0x1388000?????????; grub --> image (load address)
add edi, edx????????????; jump to first byte of section .text
copyimage:
mov al, BYTE [edi]
inc edi
xchg edi, ecx
mov BYTE [edi], al
inc edi
xchg ecx, edi
mov eax, edi
sub eax, edx
sub eax, 0x1388000
cmp eax, ebx
???jz copydone
jmp copyimage
copydone:????????????; image copy is complete
jmp sectionnext
sectiondone:
lgdt [pgdt]
mov eax, DWORD [VarEntryPoint]
mov ebx, DWORD [VarImageBase]
add eax, ebx
mov ebx, DWORD [VarMultiBootInfo]???; Multiboot Compliance
jmp eax
pe32:
Re:PE loader
Posted: Sun Jan 15, 2006 11:43 am
by Candy
Do you have some copyright information on that code?
Re:PE loader
Posted: Sun Jan 15, 2006 11:48 am
by Kevin McGuire
Microsoft has a copyright on the PE32 format I would imagine. I do not have a copyright on the stub code to load a PE32 format.
Re:PE loader
Posted: Sun Jan 15, 2006 12:04 pm
by Candy
kmcguire wrote:
Microsoft has a copyright on the PE32 format I would imagine. I do not have a copyright on the stub code to load a PE32 format.
More as in, did you write that and hereby release it into public domain / GPL, did somebody else write that and give you permission to pass it on?
Re:PE loader
Posted: Sun Jan 15, 2006 12:48 pm
by Candy
It's either public domain or gpl.
Did you write that code yourself?
Re:PE loader
Posted: Sun Jan 15, 2006 12:50 pm
by Kevin McGuire
For gods sake, I wrote the code myself...
Re:PE loader
Posted: Sun Jan 15, 2006 12:54 pm
by Kevin McGuire
Do I need to put it under a GPL or public domain? You are worring me to death?
Re:PE loader
Posted: Sun Jan 15, 2006 2:57 pm
by Pype.Clicker
kmcguire wrote:
Do I need to put it under a GPL or public domain? You are worring me to death?
I guess what candy means is more "wow, thanks dude. pretty nice piece of code. However, by posting it here in the forum, other people might want to include it in their own work ... In that case, they may want to know if there's any restriction to what they can do with your code -- things a license usually covers."
Re:PE loader
Posted: Sun Jan 15, 2006 3:05 pm
by Kevin McGuire
Oh. Im sorry, Candy. I just moved my computer into another room, and the screen was in my face and I could not think clearly. I assumed you were saying I copied it or something, and I got mad.
It is free for anyone to use, and they do not have to include my name or any details about where it come from.
I did not think it was that good of code, myself, honestly. Thats also why I was wondering why I needed a license for it, ROFL.
Just bear with me. I get flusterated, I am working on it!
Re:PE loader
Posted: Tue Jan 17, 2006 9:46 am
by JAAman
all code is copyrighted -- you cannot avoid that, what you are saying is basically PD, but unless you specifically say that (or give some other license), it cannot be used (at least not legally)
your last post does quallify as written permission
Re:PE loader
Posted: Tue Jan 17, 2006 9:50 am
by JAAman
least i feel the wrath of the license gods (solar ;D):
PD (public Domain) is you revoking all rights to the code (as if it never was copywritten) -- this is the state most things enter 50 years after the authors death (for privately copywritten works)
Re:PE loader
Posted: Tue Jan 17, 2006 10:01 am
by Candy
JAAman wrote:
least i feel the wrath of the license gods (solar):
PD (public Domain) is you revoking all rights to the code (as if it never was copywritten) -- this is the state most things enter 50 years after the authors death (for privately copywritten works)
Since we're talking legal stuff, I can be pedantic. The limit is 70 years after death. This means that stuff from Elvis is currently entering public domain and that the '40s and '50s music is next.
Note that the musical composition is entering public domain. The written musical notes aren't since they were written after that moment (70 years after their authors death), dito for the musical performance (they too have an author). CD etc compositions are then again covered by the year of their appearance.
I'm not entirely sure whether the 70 years are from the authors death or from the moment of appearing of the copyrightable work. Patents for example expire 20 years from issuing.
Re:PE loader
Posted: Tue Jan 17, 2006 10:18 am
by JAAman
oh yah -- they just extended it (it was 50 years from 1978 until recently)
but remember that only applies to private copyrights -- not corporate copyrights:
if it was copyrighted by a company, then the authors death is irrelevant -- the end of copyright is messured from time of original copyright (iirc it used to be 110 years, but they extended it recently, so it should be longer than that now)
ps. (was elvis work copyrighted privatly? or under a corporation?)
Re:PE loader
Posted: Tue Jan 17, 2006 12:20 pm
by Candy
I think that it was the author's copyright itself, which he licensed to the companies. He didn't sell the copyright (afaik).
I've heard the copyright is being extended mainly because of Walt Disney. They appear to want the copyright to be infinite, so you can keep selling it (since little children should keep paying for the same stuff you saw as a kid).