Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Relocatable is not mean that image has relocation directory.

By: 0xbadfca11 on Jun 21st, 2012  |  syntax: ASM (NASM)  |  size: 5.62 KB  |  hits: 37  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. BITS  32
  2.  
  3. IMAGE_DOS_SIGNATURE                   EQU  "MZ"
  4. IMAGE_NT_SIGNATURE                     EQU  "PE"
  5. IMAGE_FILE_MACHINE_I386               EQU  0x014c
  6. IMAGE_FILE_EXECUTABLE_IMAGE           EQU  0x0002
  7. IMAGE_NT_OPTIONAL_HDR32_MAGIC         EQU  0x10b
  8. IMAGE_SUBSYSTEM_WINDOWS_GUI           EQU  2
  9. IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE EQU  0x0040
  10. IMAGE_NUMBEROF_DIRECTORY_ENTRIES       EQU  0x10
  11. IMAGE_SCN_CNT_CODE                     EQU  0x00000020
  12. IMAGE_SCN_MEM_EXECUTE                 EQU  0x20000000
  13. IMAGE_SCN_MEM_READ                     EQU  0x40000000
  14.  
  15. IMAGE_DOS_HEADER:
  16. DW      IMAGE_DOS_SIGNATURE
  17. TIMES   58      DB      0
  18. DD      IMAGE_NT_HEADERS
  19.  
  20. IMAGE_NT_HEADERS:
  21. DD      IMAGE_NT_SIGNATURE
  22.  
  23. Machine               EQU  IMAGE_FILE_MACHINE_I386
  24. NumberOfSections     EQU  2
  25. TimeDateStamp         EQU  0
  26. PointerToSymbolTable EQU  0
  27. NumberOfSymbols       EQU  0
  28.  
  29. IMAGE_FILE_HEADER:
  30. DW      Machine
  31. DW      NumberOfSections
  32. DD      TimeDateStamp
  33. DD      PointerToSymbolTable
  34. DD      NumberOfSymbols
  35. DW      IMAGE_SIZEOF_NT_OPTIONAL_HEADER
  36. DW      IMAGE_FILE_EXECUTABLE_IMAGE
  37.  
  38. Magic                       EQU  IMAGE_NT_OPTIONAL_HDR32_MAGIC
  39. MajorLinkerVersion           EQU  0
  40. MinorLinkerVersion           EQU  0
  41. SizeOfCode                   EQU  0
  42. SizeOfInitializedData       EQU  0
  43. SizeOfUninitializedData     EQU  0
  44. AddressOfEntryPoint         EQU  text._start
  45. BaseOfCode                   EQU  0
  46. BaseOfData                   EQU  0
  47. ImageBase                   EQU  0x00400000
  48. SectionAlignment             EQU  0x1000
  49. FileAlignment               EQU  SectionAlignment
  50. MajorOperatingSystemVersion EQU  0
  51. MinorOperatingSystemVersion EQU  0
  52. MajorImageVersion           EQU  0
  53. MinorImageVersion           EQU  0
  54. MajorSubsystemVersion       EQU  4
  55. MinorSubsystemVersion       EQU  0
  56. Win32VersionValue           EQU  0
  57. ;SizeOfImage
  58. ;SizeOfHeaders
  59. CheckSum                     EQU  0
  60. Subsystem                   EQU  IMAGE_SUBSYSTEM_WINDOWS_GUI
  61. DllCharacteristics           EQU  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
  62. SizeOfStackReserve           EQU  0x100000
  63. SizeOfStackCommit           EQU  0x10000
  64. SizeOfHeapReserve           EQU  0x100000
  65. SizeOfHeapCommit             EQU  0x10000
  66. LoaderFlags                 EQU  0
  67. NumberOfRvaAndSizes         EQU  IMAGE_NUMBEROF_DIRECTORY_ENTRIES
  68.  
  69. IMAGE_OPTIONAL_HEADER:
  70. DW      Magic
  71. DB      MajorLinkerVersion, MinorLinkerVersion
  72. DD      SizeOfCode
  73. DD      SizeOfInitializedData
  74. DD      SizeOfUninitializedData
  75. DD      AddressOfEntryPoint
  76. DD      BaseOfCode
  77. DD      BaseOfData
  78. DD      ImageBase
  79. DD      SectionAlignment
  80. DD      FileAlignment
  81. DW      MajorOperatingSystemVersion, MinorOperatingSystemVersion
  82. DW      MajorImageVersion, MinorImageVersion
  83. DW      MajorSubsystemVersion, MinorSubsystemVersion
  84. DD      Win32VersionValue
  85. DD      SizeOfImage
  86. DD      SizeOfHeaders
  87. DD      Win32VersionValue
  88. DW      Subsystem
  89. DW      DllCharacteristics
  90. DD      SizeOfStackReserve
  91. DD      SizeOfStackCommit
  92. DD      SizeOfHeapReserve
  93. DD      SizeOfHeapCommit
  94. DD      LoaderFlags
  95. DD      NumberOfRvaAndSizes
  96.  
  97. VirtualAddress EQU  0
  98. Size           EQU  0
  99.  
  100. IMAGE_DATA_DIRECTORY:
  101. DD      VirtualAddress, Size
  102. DD      rdata.IMAGE_IMPORT_DESCRIPTOR, rdata.IMAGE_SIZEOF_IMPORT_DESCRIPTOR
  103. TIMES   (IMAGE_NUMBEROF_DIRECTORY_ENTRIES - 2)  DD      VirtualAddress, Size
  104.  
  105. IMAGE_SIZEOF_NT_OPTIONAL_HEADER EQU  $ - IMAGE_OPTIONAL_HEADER
  106.  
  107. PointerToRelocations EQU  0
  108. PointerToLinenumbers EQU  0
  109. NumberOfRelocations   EQU  0
  110. NumberOfLinenumbers   EQU  0
  111.  
  112. IMAGE_SECTION_HEADER:
  113. DQ      ".text"
  114. DD      text.VirtualSize - text
  115. DD      text
  116. DD      text.VirtualSize - text
  117. DD      text
  118. DD      PointerToRelocations
  119. DD      PointerToLinenumbers
  120. DW      NumberOfRelocations
  121. DW      NumberOfLinenumbers
  122. DD      IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ
  123.  
  124. DQ      ".rdata"
  125. DD      rdata.VirtualSize - rdata
  126. DD      rdata
  127. DD      rdata.VirtualSize - rdata
  128. DD      rdata
  129. DD      PointerToRelocations
  130. DD      PointerToLinenumbers
  131. DW      NumberOfRelocations
  132. DW      NumberOfLinenumbers
  133. DD      IMAGE_SCN_MEM_READ
  134.  
  135. ALIGN   SectionAlignment
  136. SizeOfHeaders:
  137.  
  138. text:
  139. .GetEip:
  140.         mov   ebp, [esp]
  141.         ret
  142. ._start:
  143.         mov   edi, esp
  144.         sub   esp, 20
  145.         xor   esi, esi
  146.         call  .GetEip
  147. .Eip:
  148.         lea   ebx, [ebp + rdata.FORMAT_STRING - .Eip]
  149.         push  esi
  150.         call  [ebp + rdata._imp__GetModuleHandleW - .Eip]
  151.         push  eax
  152.         push  ebx
  153.         push  edi
  154.         call  [ebp + rdata._imp__wsprintfW - .Eip]
  155.         push  esi
  156.         push  esi
  157.         push  edi
  158.         push  esi
  159.         call  [ebp + rdata._imp__MessageBoxW - .Eip]
  160.         push  esi
  161.         call  [ebp + rdata._imp__ExitProcess - .Eip]
  162.  
  163. .VirtualSize:
  164. ALIGN   SectionAlignment
  165.  
  166. rdata:
  167. .FORMAT_STRING:
  168. DW      __UTF16__('%p'), 0
  169.  
  170. OriginalFirstThunk EQU  0  ; "0 for terminating null import descriptor" is incorrect
  171. ;TimeDateStamp      EQU  0
  172. ForwarderChain     EQU  0xffffffff  ; -1 if no forwarders
  173. Name               EQU  0
  174. FirstThunk         EQU  0
  175.  
  176. .IMAGE_IMPORT_DESCRIPTOR:
  177. DD      OriginalFirstThunk
  178. DD      TimeDateStamp
  179. DD      ForwarderChain
  180. DD      .KERNEL32
  181. DD      .ImportAddressTableFromKernel32
  182.  
  183. DD      OriginalFirstThunk
  184. DD      TimeDateStamp
  185. DD      ForwarderChain
  186. DD      .USER32
  187. DD      .ImportAddressTableFromUser32
  188.  
  189. DD      OriginalFirstThunk
  190. DD      TimeDateStamp
  191. DD      ForwarderChain
  192. DD      Name
  193. DD      FirstThunk
  194. .IMAGE_SIZEOF_IMPORT_DESCRIPTOR EQU  $ - .IMAGE_IMPORT_DESCRIPTOR
  195.  
  196. .KERNEL32:
  197. DB      "KERNEL32.DLL", 0
  198.  
  199. .USER32:
  200. DB      "USER32.DLL", 0
  201.  
  202. .IMAGE_THUNK_DATA:
  203. .ImportAddressTableFromKernel32:
  204. ._imp__GetModuleHandleW:
  205. DD      .GetModuleHandleW
  206. ._imp__ExitProcess:
  207. DD      .ExitProcess
  208. DD      0
  209.  
  210. .ImportAddressTableFromUser32:
  211. ._imp__wsprintfW:
  212. DD      .wsprintfW
  213. ._imp__MessageBoxW:
  214. DD      .MessageBoxW
  215. DD      0
  216.  
  217. Hint EQU  0
  218.  
  219. .IMAGE_IMPORT_BY_NAME:
  220.  
  221. .GetModuleHandleW:
  222. DW      Hint
  223. DB      "GetModuleHandleW", 0
  224.  
  225. .ExitProcess:
  226. DW      Hint
  227. DB      "ExitProcess", 0
  228.  
  229. .wsprintfW:
  230. DW      Hint
  231. DB      "wsprintfW", 0
  232.  
  233. .MessageBoxW:
  234. DW      Hint
  235. DB      "MessageBoxW", 0
  236.  
  237. .VirtualSize:
  238. ALIGN   SectionAlignment
  239.  
  240. SizeOfImage:
create a new version of this paste RAW Paste Data