Hi all,
Got a bad problem. I tryed to compress with UPX (just for a test) my hand-written PE, but it failed. Afters hours and hours of tracking I found the problem to be not in the PE image, but in the MZ one. Finally, I tracked down the problem being in the .e_cblp and .e_cp fields. I've looked into all the docs I own, and on MSDN, on Usenet, on Google and other search engines.. but no real help. I examinated other executables (both existing and generated by me via an assembler and a linker).. still no definitive clue.
What I need to know is how should I set .e_cp and .e_cblp exactly?
Thanks,
Maverick
Got a bad problem. I tryed to compress with UPX (just for a test) my hand-written PE, but it failed. Afters hours and hours of tracking I found the problem to be not in the PE image, but in the MZ one. Finally, I tracked down the problem being in the .e_cblp and .e_cp fields. I've looked into all the docs I own, and on MSDN, on Usenet, on Google and other search engines.. but no real help. I examinated other executables (both existing and generated by me via an assembler and a linker).. still no definitive clue.
What I need to know is how should I set .e_cp and .e_cblp exactly?
Thanks,
Maverick
Maverick,
I know you hate MASM so here is the structure in PowerBASIC,
Hope its useful to you.
Regards,
hutch@movsd.com
I know you hate MASM so here is the structure in PowerBASIC,
TYPE IMAGE_DOS_HEADER
e_magic AS WORD ' Magic number
e_cblp AS WORD ' Bytes on last page of file
e_cp AS WORD ' Pages in file
e_crlc AS WORD ' Relocations
e_cparhdr AS WORD ' Size of header in paragraphs
e_minalloc AS WORD ' Minimum extra paragraphs needed
e_maxalloc AS WORD ' Maximum extra paragraphs needed
e_ss AS WORD ' Initial (relative) SS value
e_sp AS WORD ' Initial SP value
e_csum AS WORD ' Checksum
e_ip AS WORD ' Initial IP value
e_cs AS WORD ' Initial (relative) CS value
e_lfarlc AS WORD ' File address of relocation table
e_ovno AS WORD ' Overlay number
e_res(0 TO 3) AS WORD ' Reserved words
e_oemid AS WORD ' OEM identifier (for e_oeminfo)
e_oeminfo AS WORD ' OEM information; e_oemid specific
e_res2(0 TO 9) AS WORD ' Reserved words
e_lfanew AS LONG ' File address of new exe header
END TYPE
Hope its useful to you.
Regards,
hutch@movsd.com
Argh.. I found it, .e_lfarlc must be set to $40 even if one has no relocations at all.
Hutch: thanks for the help anyway. ;)
Hutch: thanks for the help anyway. ;)
Maverick,
This is actually a fault in UPX that you can modify the IMAGE_DOS_HEADER in a hex editor and UPX will no longer recognise the EXE file as one that it has packed.
Change it to 00 and voila, UPX no longer understands it.
Regards,
hutch@movsd.com
This is actually a fault in UPX that you can modify the IMAGE_DOS_HEADER in a hex editor and UPX will no longer recognise the EXE file as one that it has packed.
Change it to 00 and voila, UPX no longer understands it.
Regards,
hutch@movsd.com
Maverick,
This is actually a fault in UPX that you can modify the IMAGE_DOS_HEADER in a hex editor and UPX will no longer recognise the EXE file as one that it has packed.
Change it to 00 and voila, UPX no longer understands it.
Regards,
hutch@movsd.com
:)
An effective protection only for wannabe crackers, though.. but a nice hint I could then give to a friend.