Hi all,
Got a bad problem. I tryed to compress with UPX (just for a test) my hand-written PE, but it failed. Afters hours and hours of tracking I found the problem to be not in the PE image, but in the MZ one. Finally, I tracked down the problem being in the .e_cblp and .e_cp fields. I've looked into all the docs I own, and on MSDN, on Usenet, on Google and other search engines.. but no real help. I examinated other executables (both existing and generated by me via an assembler and a linker).. still no definitive clue.

What I need to know is how should I set .e_cp and .e_cblp exactly?

Thanks,
Maverick
Posted on 2002-05-31 06:41:34 by Maverick
Maverick,

I know you hate MASM so here is the structure in PowerBASIC,


TYPE IMAGE_DOS_HEADER
e_magic AS WORD ' Magic number
e_cblp AS WORD ' Bytes on last page of file
e_cp AS WORD ' Pages in file
e_crlc AS WORD ' Relocations
e_cparhdr AS WORD ' Size of header in paragraphs
e_minalloc AS WORD ' Minimum extra paragraphs needed
e_maxalloc AS WORD ' Maximum extra paragraphs needed
e_ss AS WORD ' Initial (relative) SS value
e_sp AS WORD ' Initial SP value
e_csum AS WORD ' Checksum
e_ip AS WORD ' Initial IP value
e_cs AS WORD ' Initial (relative) CS value
e_lfarlc AS WORD ' File address of relocation table
e_ovno AS WORD ' Overlay number
e_res(0 TO 3) AS WORD ' Reserved words
e_oemid AS WORD ' OEM identifier (for e_oeminfo)
e_oeminfo AS WORD ' OEM information; e_oemid specific
e_res2(0 TO 9) AS WORD ' Reserved words
e_lfanew AS LONG ' File address of new exe header
END TYPE

Hope its useful to you.

Regards,

hutch@movsd.com
Posted on 2002-05-31 08:33:16 by hutch--
Argh.. I found it, .e_lfarlc must be set to $40 even if one has no relocations at all.

Hutch: thanks for the help anyway. ;)
Posted on 2002-05-31 08:40:37 by Maverick
Maverick,

This is actually a fault in UPX that you can modify the IMAGE_DOS_HEADER in a hex editor and UPX will no longer recognise the EXE file as one that it has packed.

Change it to 00 and voila, UPX no longer understands it.

Regards,

hutch@movsd.com
Posted on 2002-05-31 22:01:41 by hutch--

Maverick,

This is actually a fault in UPX that you can modify the IMAGE_DOS_HEADER in a hex editor and UPX will no longer recognise the EXE file as one that it has packed.

Change it to 00 and voila, UPX no longer understands it.

Regards,

hutch@movsd.com
Yup, I deliberately made some experiments on it and noticed that even e.g. just realigning the sections...

:)

An effective protection only for wannabe crackers, though.. but a nice hint I could then give to a friend.
Posted on 2002-06-01 05:41:50 by Maverick