Ok, the bug is caused by SizeOfImage. I couldn't determine what values exactly don't work, but everything over 0FFh is dangerous. It will reboot or generate a BLUE SCREEN of DEATH on most/every machine, as far as I can see all of them had SP1 (Service Pack 1 for XP) installed.

I lowered SoI to a apperently safer value. However by doing this some space for code was lost and the Messagebox has less functionality now.

There are about 30-40 bytes of space available in the 97 byte PE file. Although they aren't available in one piece and have to be connected by jumps. The largest blocks are 14 bytes and 12 bytes. Some additional tricks (add al, 0 ... load Gdi32 instead of User32 ... use IMAGEBASE for code) can be used to get a few more bytes, but that won't be a big help.

It is basicly impossible to make a GUI/Msgbox version that works for every XP release. Every Service Pack and also the Bugfixes change the offset of kernel32/user32 functions, so direct addressing is specific to ONE release only. There simply isn't enough space to dynamicly load User32 and MsgBoxA. The strings alone take half the space.

Therefore I made 3 EXE files, compiled for different XP versions. The sources states all the offsets I have found.

USE AT OWN RISK (like always)

H4ve Phun
Posted on 2004-04-18 15:39:20 by pmpch
Greetings n u M I T_o r, Thanks for uploading 133. I tested it on Win2kSp4 and it runs perfectly!
Posted on 2004-04-18 15:51:11 by Poimander