I have VCC6 & MASM6.15 and am familiar with coding straight executables and DLLs.  I want to make an executable marked as "LE" or "NE" that will run under XP (dos prompt or otherwise).  Why ?  We use (censored) as our spam filter vendor.  They stop any file with the std  MZ/PE format from coming into our email domain.  I am betting that they do not stop executables built as "LE" or "NE" format from coming across.  That said - I also do not know if the std XP loader will run a correctly built "LE" executable.  I have found that if you have a true "PE" file - you can name it anytning you want and XP will recognize it as a "PE" file and run it !!  thks Ms - I think.

I have tried using a hex editor to change the "PE" to "LE" and then executing it.  No  - I did not expect it to work and it didn't.  Therefore my search for a means to generate a correctly built "LE" file and see if I can run it on my XP box.  I have not tried it but think that the old Watcom C++ linker might be able to make an "LE" executable.

thanks for any help
Posted on 2005-12-07 11:47:14 by deros68
Why not ZIPping it with a password?
Posted on 2005-12-07 11:52:10 by ti_mo_n
ZIP it with a password - have not tried that - thks much
Posted on 2005-12-07 12:02:49 by deros68

ZIP it with a password - have not tried that - thks much


Darn - our email filter people have that one down. All ZIps (password or not) get dropped  - but I did try sending a PE file (with the PE set to LE) across and it got through !! SO I may start digging up an Watcom linker to see if I can create a real LE or NE module - I thnk that XP's NTDVM will run a valid module of this type - more research 
Posted on 2005-12-07 12:13:53 by deros68
Very stupid spam filter, IMHO.
Posted on 2005-12-07 12:18:28 by ti_mo_n
Ask the vendor if there is a work around available.  Otherwise, there is FTP.  And you should have control over that.

One other tip, when we do have e-mail problems with attached files for other reasons, use www.yousendit.com.

Regards,  P1  8)
Posted on 2005-12-07 12:52:36 by P1
just remember that you'll be limited to win16 if you choose NE format. LE (or was it LX?) is used for VxDs on win9x and can't be executed directly afaik.

You aren't trying to get around the spamfilter for malicious purposes, are you?
Posted on 2005-12-07 13:03:20 by f0dder

just remember that you'll be limited to win16 if you choose NE format. LE (or was it LX?) is used for VxDs on win9x and can't be executed directly afaik.

You aren't trying to get around the spamfilter for malicious purposes, are you?


No  I am trying to get the attention of my vendor (email spam filter) - I also think that they have a filter that is poorly implemented.  If I do get the LE built, made run-able and can email it inside - than I have enough evidence to go the vendor and "make them aware" of a potential vulnerability.  Also - it is the fun part of my job to find vulnerabilities! 

Any code that I would write would be a demo - kick off 50 "charmaps" etc..

thanks 
Posted on 2005-12-07 13:20:02 by deros68
Last suggestion, encrypt and rename.  I know that will work.  There is the ancient, write to acsii hex and back technique too.

Regards,  P1  8)
Posted on 2005-12-13 10:48:52 by P1
If you really want to do so, you can still encrypt your original PE file into a DOS or NE file that drops it when executed.
Posted on 2005-12-13 20:08:27 by Axial
you can make these type of executables with open watcom package. i did not do this, but there are samples inside. it still supports os2 and win16 platforms.
Posted on 2005-12-14 00:03:19 by Shoo

If you really want to do so, you can still encrypt your original PE file into a DOS or NE file that drops it when executed.


I already use the packers - such as mew11 and upack - but - unless my brain is fried - the executahble that comes out still has the MZ/PE header format.  That format is what my vendor looks for.  Am I missing something - how do I get a valid PE file without those headers ?  At least all my "packed" files have the MZ and PE at the correct offsets.  I am always willing to learn some ways -:)
thanks
Posted on 2005-12-21 16:47:07 by deros68

you can make these type of executables with open watcom package. i did not do this, but there are samples inside. it still supports os2 and win16 platforms.


I thought that I remembered that the Watcom (old as I am) packages would make an OS/2 file.  Is the watcom assembler/linker (ok - if I have to I will try the C compiler) open source ??  I will google for it on the Net.  Any urls appreciated.

thanks
Posted on 2005-12-21 16:52:24 by deros68
just thought: the easiest way to get NE file: just take any ready  8)
Posted on 2005-12-21 23:47:20 by Shoo

just thought: the easiest way to get NE file: just take any ready  8)


Shoo - if you get time - finish your sentence - above - what was your thought ?
Posted on 2005-12-27 12:17:33 by deros68
i mean just get any ready NE file - there should be a lot of them. (if you do not care what it do: for the test).
you may search into the side of tasm and work it out fast enough ;)
==========
here c example from open watcom (there are dummy asm to make "compile" avaible in winasm studio)
Attachments:
Posted on 2005-12-28 00:19:26 by Shoo

i mean just get any ready NE file - there should be a lot of them. (if you do not care what it do: for the test).
you may search into the side of tasm and work it out fast enough ;)
==========
here c example from open watcom (there are dummy asm to make "compile" avaible in winasm studio)
[/quote

Thanks - I have located a watcom compiler & wrote my own little demo - now I can beat the email spam filter provider over the head with this!!!  It's crazy - these 16 bit programs can do a lot of damage - along with navie users who open (not view) any damn attachment !!!! And I learned a little more about x68 asm !!  thanks to all
Posted on 2006-01-04 17:52:33 by deros68