Masm32 SDK description, downloads and other helpful links
Started by jj2007, June 18, 2017, 07:48:25 PM
IMAGE_OPTIONAL_HEADER32 STRUCT Magic WORD ? MajorLinkerVersion BYTE ? MinorLinkerVersion BYTE ? SizeOfCode DWORD ? SizeOfInitializedData DWORD ? SizeOfUninitializedData DWORD ? AddressOfEntryPoint DWORD ? BaseOfCode DWORD ? BaseOfData DWORD ? ImageBase DWORD ?...
Quote from: jj2007 on June 18, 2017, 07:48:25 PMWhat am I missing?
Quote from: jj2007 on June 18, 2017, 08:30:08 PMThanks, José and Erol :icon14:It turns out that codebase is "wrong" because the exe is UPX-ed. So it really starts at the exotic address 5B6410h, but only to decompress itself. Afterwards, codebase is 401000h, i.e. the usual 400000h plus the initialised data. Hmpffff ::)
Dump of file ImageBaseBuglink614.exePE signature foundFile Type: EXECUTABLE IMAGEFILE HEADER VALUES 14C machine (i386) 3 number of sections 5946727A time date stamp Sun Jun 18 14:30:50 2017 0 file pointer to symbol table 0 number of symbols E0 size of optional header 10F characteristics Relocations stripped Executable Line numbers stripped Symbols stripped 32 bit word machineOPTIONAL HEADER VALUES 10B magic # 5.12 linker version 5400 size of code B3600 size of initialized data 0 size of uninitialized data 1000 RVA of entry point 1000 base of code 7000 base of data 400000 image base 1000 section alignment 200 file alignment 4.00 operating system version 0.00 image version 4.00 subsystem version 0 Win32 version BB000 size of image 400 size of headers 0 checksum 3 subsystem (Windows CUI) 0 DLL characteristics 100000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit
Quote from: aw27 on June 18, 2017, 11:54:57 PMSize of initialized data is frequently wrong. The file will load with any value you put there. Sizeofimage is a consequence.
stack error in line 11, (push-pop)=-1stack error in line 43, (push-pop)=1line 27: retaddr 12345678 is above code segment
Quote from: jj2007 on June 19, 2017, 05:17:31 PMI grant you an exclusive personal license to put an int 3 before the @MbRet in the source attached above :P
line 1573: retaddr 0018FE48 is a local address (too many pushes?), below code segment
line 1573: retaddr 00000005 is below code segment