Cannot run the hand written PE file on Windows7 64 bit
I would like to write my first PE file format (an EXE file) in NASM and run it on Win7 64 bit machine.
This is what I have:
IMAGEBASE equ 0x400000
org IMAGEBASE
bits 32
SECTIONALIGN equ 0x1000
FILEALIGN equ 0x200
db 'MZ' ; e_magic
dw 0 ; e_cblp
dw 0 ; e_cp
dw 0 ; e_crlc
dw 0 ; e_cparhdr
dw 0 ; e_minalloc
dw 0 ; e_maxalloc
dw 0 ; e_ss
dw 0 ; e_sp
dw 0 ; e_csum
dw 0 ; e_ip
dw 0 ; e_cs
dw 0 ; e_lsarlc
dw 0 ; e_ovno
times 4 dw 0 ; e_res
dw 0 ; e_oemid
dw 0 ; e_oeminfo
times 10 dw 0 ; e_res2
dd PE_SIGNATURE - IMAGEBASE ; e_lfanew
PE_SIGNATURE:
db 'PE', 0, 0 ; Signature
dw 0x14c ; Machine
dw NUMBEROFSECTIONS ; NumberOfSections
dd 0 ; TimeDateStamp
db 0 ; PointerToSymbolTable
dd 0 ; NumberOfSymbols
dw SIZEOFOPTIONALHEADER ; SizeOfOptionalHeader
dw 0x0002 | 0x0100 ; Characteristics
OptionalHeader:
dw 0x10B ; Magic
db 0 ; MajorLinkerVersion
db 0 ; MinorLinkerVersion
dd 0 ; SizeOfCode
dd 0 ; SizeOfInitializedData
dd 0 ; SizeOfUninitializedData
dd Start - IMAGEBASE ; AddressOfEntryPoint
dd Start - IMAGEBASE ; BaseOfCode
dd DataSection - IMAGEBASE ; BaseOfData
dd IMAGEBASE ; ImageBase
dd SECTIONALIGN ; SectionAlignment
dd FILEALIGN ; FileAlignment
dw 0 ; MajorOperatingSystemVersion
dw 0 ; MinorOperatingSystemVersion
dw 0 ; MajorImageVersion
dw 0 ; MinorImageVersion
dw 4 ; MajorSubsystemVersion
dw 0 ; MinorSubsystemVersion
dd 0 ; Win32VersionValue
dd 4 * SECTIONALIGN ; SizeOfImage
dd SIZEOFHEADERS ; SizeOfHeaders
dd 0 ; CheckSum
dw 2 ; Subsystem
dw 0 ; DllCharacteristics
dd 0 ; SizeOfStackReserve
dd 0 ; SizeOfStackCommit
dd 0 ; SizeOfHeapReserve
dd 0 ; SizeOfHeapCommit
dd 0 ; LoaderFlags
dd 16 ; NumberOfRvaAndSizes
;DataDirectory
dd 0 ;ExportsVA resd 1
dd 0 ;ExportsSize resd 1
dd ImpDescriptor - IMAGEBASE ;ImportsVA resd 1
dd 0 ;ImportsSize resd 1
dd 0 ;ResourceVA resd 1
dd 0 ;ResourceSize resd 1
dd 0
dd 0 ;Exception resd 2
dd 0
dd 0 ;Security resd 2
dd 0 ;FixupsVA resd 1
dd 0 ;FixupsSize resd 1
dd 0 ;DebugVA resd 1
dd 0 ;DebugSize resd 1
dd 0
dd 0 ;Description resd 2
dd 0
dd 0 ;MIPS resd 2
dd 0 ;TLSVA resd 1
dd 0 ;TLSSize resd 1
dd 0
dd 0 ;Load resd 2
dd 0 ;BoundImportsVA resd 1
dd 0 ;BoundImportsSize resd 1
dd 0 ;IATVA resd 1
dd 0 ;IATSize resd 1
dd 0 ;DelayImportsVA resd 1
dd 0 ;DelayImportsSize resd 1
dd 0
dd 0 ;COM resd 2
dd 0
dd 0 ;reserved resd 2
SIZEOFOPTIONALHEADER equ $ - OptionalHeader
; section table
SectionHeader:
db '.text', 0, 0, 0 ;Name resb 8
dd SECTIONALIGN ;VirtualSize resd 1
dd SECTIONALIGN ;VirtualAddress resd 1
dd FILEALIGN ;SizeOfRawData resd 1
dd FILEALIGN ;PointerToRawData resd 1
dd 0 ;PointerToRelocations resd 1
dd 0 ;PointerToLinenumbers resd 1
dw 0 ;NumberOfRelocations resw 1
dw 0 ;NumberOfLinenumbers resw 1
dd 0x20 | 0x20000000 | 0x40000000 ;Characteristics resd 1
db '.rdata', 0, 0 ;Name resb 8
dd SECTIONALIGN ;VirtualSize resd 1
dd 2 * SECTIONALIGN ;VirtualAddress resd 1
dd FILEALIGN ;SizeOfRawData resd 1
dd 2 * FILEALIGN ;PointerToRawData resd 1
dd 0 ;PointerToRelocations resd 1
dd 0 ;PointerToLinenumbers resd 1
dw 0 ;NumberOfRelocations resw 1
dw 0 ;NumberOfLinenumbers resw 1
dd 0x40 | 0x40000000 ;Characteristics resd 1
db '.data', 0, 0, 0 ;Name resb 8
dd SECTIONALIGN ;VirtualSize resd 1
dd 3 * SECTIONALIGN ;VirtualAddress resd 1
dd FILEALIGN ;SizeOfRawData resd 1
dd 3 * FILEALIGN ;PointerToRawData resd 1
dd 0 ;PointerToRelocations resd 1
dd 0 ;PointerToLinenumbers resd 1
dw 0 ;NumberOfRelocations resw 1
dw 0 ;NumberOfLinenumbers resw 1
dd 0x40 | 0x40000000 | 0x80000000
NUMBEROFSECTIONS equ ($ - SectionHeader) / 40
align FILEALIGN, db 0
SIZEOFHEADERS equ $ - IMAGEBASE
; some aliases
_1 equ IMAGEBASE + SECTIONALIGN
_2 equ IMAGEBASE + 2 * SECTIONALIGN
;code
section progbits vstart=_1 align=FILEALIGN
Start:
mov eax, 0x10
ret
section nobits vstart=_2 align=FILEALIGN
ImpDescriptor:
; kernel32 descriptor
dd 0 ;OriginalFirstThunk resd 1 ; Characteristics
dd 0 ;TimeDateStamp resd 1
dd 0 ;ForwarderChain resd 1
dd kernel32_name - IMAGEBASE ;Name1 resd 1
dd 0 ;FirstThunk resd 1
; user32 descriptor
dd 0 ;OriginalFirstThunk resd 1 ; Characteristics
dd 0 ;TimeDateStamp resd 1
dd 0 ;ForwarderChain resd 1
dd user32_name - IMAGEBASE ;Name1 resd 1
dd 0 ;FirstThunk resd 1
; terminator-all-empty descriptor
dd 0 ;OriginalFirstThunk resd 1 ; Characteristics
dd 0 ;TimeDateStamp resd 1
dd 0 ;ForwarderChain resd 1
dd 0 ;Name1 resd 1
dd 0 ;FirstThunk resd 1
kernel32_name db 'kernel32.dll', 0
user32_name db 'user32.dll', 0
align FILEALIGN, db 0
;data
DataSection:
;... TODO
align FILEALIGN, db 0
When assembled and created the EXE file, there was no error, but running the program will give the error:
"is not a valid Win32 application."
It would be nice if someone can have a look at the source code and let me know what might be the problem.
Iman.
asked on Stack Overflow Jan 7, 2020 by 
Iman Abdollahzadeh
Iman Abdollahzadeh0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0