As comp_id.txt (https://github.com/dishather/richprint/blob/master/comp_id.txt) provide info about M$ tools used to create program,
hopefully we can collect comp_id's from a new versions of those tools.
PETestRichHdr is for that purpose.
example output:hello64m.exe
00000000 id:0 version:0 times:3
00010000 id:1 version:0 times:2
01036990 id:259 version:27024 times:1
01026990 id:258 version:27024 times:1
01036990 [ASM] VS2017 build 27024 14.16.27024.1
01026990 [LNK] VS2017 build 27024 14.16.27024.1
TestMessageBox1.exe
00937809 id:147 version:30729 times:5
00010000 id:1 version:0 times:2
01046990 id:260 version:27024 times:1
01026990 id:258 version:27024 times:1
01046990 [ C ] VS2017 build 27024 19.16.27024.1 for x86
01026990 [LNK] VS2017 build 27024 14.16.27024.1
18 8444 001220fc [ASM] VS98 (6.0) build ????, ml.exe 6.14.8444
42 8803 002a2263 [ASM] VS98 (6.0) SP5 PP build 9044, ml.exe 6.15.8803
M:\radasm\Masm\projects\WinBif>PETestRichHdr64.exe winbif.exe
winbif.exe
00e0797d id:224 version:31101 times:9
00df797d id:223 version:31101 times:2
00131f8e id:19 version:8078 times:46
00937809 id:147 version:30729 times:2
00cbffdd id:203 version:65501 times:3
00010000 id:1 version:0 times:125
001220fc id:18 version:8444 times:65
00db520d id:219 version:21005 times:1
00de797d id:222 version:31101 times:1
Linker: Microsoft linker(12.00.31101)
Compiler: MASM(6.14.8444)
I used Nauz File Detector v0.01 for the linker/compiler info: https://github.com/horsicq/Nauz-File-Detector
(https://i.postimg.cc/XvW5S1cS/nauz.png)
From comp_id:
winbif.exe
00e0797d id:224 version:31101 times:9 [ C ] VS2013 UPD4 build 31101
00df797d id:223 version:31101 times:2 [ASM] VS2013 UPD4 build 31101
00131f8e id:19 version:8078 times:46
00937809 id:147 version:30729 times:2 [IMP] VS2008 SP1 build 30729
00cbffdd id:203 version:65501 times:3
00010000 id:1 version:0 times:125
001220fc id:18 version:8444 times:65 [ASM] ????, ml.exe 6.14.8444
00db520d id:219 version:21005 times:1 [RES] VS2013 build 21005
00de797d id:222 version:31101 times:1 [LNK] VS2013 UPD4 build 31101
Counter measure Post-Build Event to turn Rich into Poor PE:
"pathTopeupdate\peupdate" -r "$(TargetPath)"
It is also possible to 'fix' link.exe to avoid that header feature.
With a dummy stub it also saves 512 bytes.
linkx.exe 5.12 0004511B 03 C8 -> 90 90
EDIT: fixed
For the link that is distributed with the masm32 sdk (5.12.8078) nop here:
0004511B: 03 c8
Custom MS-DOS stub built with UASM which can be used by link.exe or polink.exe with the option /STUB:mystub.bin
; to build: uasm64 -bin -Fo mystub.bin mystub.asm
.386
option casemap:none
IMAGE_DOS_HEADER struct
e_magic WORD ?
e_cblp WORD ?
e_cp WORD ?
e_crlc WORD ?
e_cparhdr WORD ?
e_minalloc WORD ?
e_maxalloc WORD ?
e_ss WORD ?
e_sp WORD ?
e_csum WORD ?
e_ip WORD ?
e_cs WORD ?
e_lfarlc WORD ?
e_ovno WORD ?
e_res WORD 4 dup (?)
e_oemid WORD ?
e_oeminfo WORD ?
e_res2 WORD 10 dup (?)
e_lfanew SDWORD ?
IMAGE_DOS_HEADER ends
IMAGEBASE equ 400000h
PEHDR segment dword FLAT
;--- define the DOS "MZ" header
ORG IMAGEBASE
IMAGE_DOS_HEADER <"ZM", 90h, 3, 0,4,0,0ffffh,0,0b8h,0,0,0,40h,0,<0>,0,0,<0>,IMAGEREL PEHdr>
db 0Eh ;push cs
db 1Fh ;pop ds
db 0BAh,0Eh,0 ;mov dx,text
db 0B4h,09h ;mov ah,9
db 0CDh,21h ;int 21h
db 0B8h,01h,4Ch;mov ax,4c01h
db 0CDh,21h ;int 21h
db "My custom-made DOS stub",13,10,'$'
PEHdr label byte
ORG PEHdr
PEHDR ends
Note: The widespread variation of building for 16 bits and then using the undocumented 16 bit link.exe /KNOWEAS switch wastes a lot of space.
an empty stub.bin
EDIT: small stub00000000 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ.........ÿÿ..
00000010 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ¸.......@.......
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 00 ............P...
00000040 B8 01 4C CD 21 57 69 6E 4E 54 20 73 74 75 62 00 ¸.LÍ!WinNT stub.
Now using MASM to produce the custom MS-DOS stub which can be used by link.exe or polink.exe with the option /STUB:mystub.bin
;\masm32\bin\ml -c -omf Stub.asm
; Need the 16-bit Microsoft segmented linker
;\masm32\bin\link16 /TINY Stub.obj,Stub.bin
.model TINY
option casemap:none
IMAGE_DOS_HEADER struct
e_magic WORD ?
e_cblp WORD ?
e_cp WORD ?
e_crlc WORD ?
e_cparhdr WORD ?
e_minalloc WORD ?
e_maxalloc WORD ?
e_ss WORD ?
e_sp WORD ?
e_csum WORD ?
e_ip WORD ?
e_cs WORD ?
e_lfarlc WORD ?
e_ovno WORD ?
e_res WORD 4 dup (?)
e_oemid WORD ?
e_oeminfo WORD ?
e_res2 WORD 10 dup (?)
e_lfanew SDWORD ?
IMAGE_DOS_HEADER ends
PEHDR segment
ORG 0
start:
IMAGE_DOS_HEADER <"ZM", 90h, 3, 0,4,0,0ffffh,0,0b8h,0,0,0,40h,0,<0>,0,0,<0>,offset PEHdr>
push cs
pop ds
mov dx, offset string - sizeof IMAGE_DOS_HEADER
mov ah,9
int 21h
mov ah,04Ch
int 21h
string db "My custom-made DOS stub",13,10,'$'
PEHdr label byte
PEHDR Ends
END start
You can test in the DosBox after changing the extension from .bin to .com
This is the source code for Timo's empty stub. It will crash if you launch in DOS, of course. :(
.model TINY
option casemap:none
IMAGE_DOS_HEADER struct
e_magic WORD ?
e_cblp WORD ?
e_cp WORD ?
e_crlc WORD ?
e_cparhdr WORD ?
e_minalloc WORD ?
e_maxalloc WORD ?
e_ss WORD ?
e_sp WORD ?
e_csum WORD ?
e_ip WORD ?
e_cs WORD ?
e_lfarlc WORD ?
e_ovno WORD ?
e_res WORD 4 dup (?)
e_oemid WORD ?
e_oeminfo WORD ?
e_res2 WORD 10 dup (?)
e_lfanew SDWORD ?
IMAGE_DOS_HEADER ends
PEHDR segment
ORG 0
start:
IMAGE_DOS_HEADER <"ZM", 90h, 3, 0,4,0,0ffffh,0,0b8h,0,0,0,40h,0,<0>,0,0,<0>,offset PEHdr>
PEHdr label byte
PEHDR Ends
END start
Building a custom DOS stub :
\masm32\bin\ml /c /coff Sample.asm
\masm32\bin\ml /c Mystub.asm
\masm32\bin\link16 /KNOWEAS Mystub.obj
\masm32\bin\link /SUBSYSTEM:WINDOWS /STUB:Mystub.exe Sample.obj
Mystub.asm :
.model small
.stack
.data
msg db 'Hello DOS!','$'
.code
start:
mov ax,@data
mov ds,ax
mov dx,OFFSET msg
mov ah,9
int 21h
mov ah,04Ch
int 21h
END start
The KNOWEAS option above is required to build the DOS stub :
\masm32\bin\link /SUBSYSTEM:WINDOWS /STUB:Mystub.exe Sample.obj
Microsoft (R) Incremental Linker Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
Mystub.exe : warning LNK4060: stub file missing full MS-DOS header; rebuild stub
with /KNOWEAS 16-bit LINK option
Hello Vortex,
Yes, I am aware of that procedure but you end up with a stub of 539 bytes :(
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 4D 5A 1B 00 02 00 01 00 20 00 41 00 FF FF 02 00 MZ...... .A.ÿÿ..
00000010 00 04 00 00 00 00 00 00 40 00 00 00 01 00 00 00 ........@.......
00000020 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 20 02 00 00 ............ ...
00000040 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000200 B8 01 00 8E D8 BA 00 00 B4 09 CD 21 B4 4C CD 21 ¸..ŽØº..´.Í!´LÍ!
00000210 48 65 6C 6C 6F 20 44 4F 53 21 24 00 00 00 00 00 Hello DOS!$.....