Thx fodder, Svin, and others who helped on Zoomin. About PE, it is intended for more than one OS and therefore it is unsound to assume that Windows xyz will conform closely, or at all, to the description of all those fields. ("Tool Interface Standard" is the defining document -- see Intel or www.wotzit.org or I can upload it.) Even in the section table you can leave the RVA's 0, and Windows will calculate them and fill them in for you. "Readable" and "writeable" are also quite unreliable adjectives. I tried putting the resources in the code section (seemed reasonable since resources are read- only, as a rule) and Kernel crashed when it attempted to READ a text string therein, even though the code section was flagged "readable". Yet in other circumstances the code can be read. There are lots of other ambiguities to try to figure out in connection with PE. More later.
Posted on 2001-05-16 18:20:00 by Larry Hammick
Correction: The resources CAN go in a readable code section. (I know, I'm the only one who cares, sigh:))
Posted on 2001-05-17 04:58:00 by Larry Hammick
No you're not. I think it's pretty important to understand the fileformat of your target platform. Anyway, when "messing around", just make sure your code works on *all* the win32 platforms. Of course this can be a bit hard to test if you've only got win98. I propose that we sit down and figure out which tricks works on which platforms. Which PE header fields that are important, which ones that aren't. This would be useful to anybody trying to code a packer/protector, and is generally nice information to have. Does anybody know of other platforms than win32 that uses the PE file format? (Not just coff, but PE -- there's a big difference). I'm planning on using (or at least supporting) PE in my own toy OS, since that makes it a bit easier to code apps (don't have to invent my own linker etc), and I also plan on implementing a subset of the win32 api. But hey, that's far future from where my OS is now.
Posted on 2001-05-17 05:20:00 by f0dder
Win9x and NT support slightly different memory "models". NT defines and supports all combinations of READ-WRITE-EXECUTABLE attributes. Win9x supports a subset. The subset is probably the one most easily supported by the x86 memory management capabilities.
Posted on 2001-05-17 23:08:00 by tank
I agree, f0dder. Feel free to e-mail.
Posted on 2001-05-18 20:17:00 by Larry Hammick
I managed to make a hello-world demo of less than 1K. There is an uninitialized data section for the IAT, and a section for the code plus the other import stuff. Zoomin should now be okay for WinNT, and this hello- world will also be at hammick.com later tonight (Friday).
Posted on 2001-05-19 03:57:00 by Larry Hammick