📄 formats.inc
字号:
default_stub:
use16
push cs
pop ds
mov dx,stub_message-default_stub
mov ah,9
int 21h
mov ax,4C01h
int 21h
stub_message db 'This program cannot be run in DOS mode.',0Dh,0Ah,24h
rq 1
default_stub_end:
use32
stub_from_file:
push esi
mov esi,edx
call open_binary_file
mov edx,edi
mov ecx,1Ch
mov esi,edx
call read
jc binary_stub
cmp word [esi],'MZ'
jne binary_stub
add edi,1Ch
movzx ecx,word [esi+6]
add ecx,11b
and ecx,not 11b
add ecx,(40h-1Ch) shr 2
lea eax,[edi+ecx*4]
cmp edi,[display_buffer]
jae out_of_memory
xor eax,eax
rep stos dword [edi]
mov edx,40h
xchg dx,[esi+18h]
xor al,al
call lseek
movzx ecx,word [esi+6]
shl ecx,2
lea edx,[esi+40h]
call read
mov edx,edi
sub edx,esi
shr edx,4
xchg dx,[esi+8]
shl edx,4
xor al,al
call lseek
movzx ecx,word [esi+4]
dec ecx
shl ecx,9
movzx edx,word [esi+2]
add ecx,edx
mov edx,edi
sub ecx,eax
je read_stub_code
jb stub_code_ok
push ecx
dec ecx
shr ecx,3
inc ecx
shl ecx,1
lea eax,[edi+ecx*4]
cmp eax,[display_buffer]
jae out_of_memory
xor eax,eax
rep stos dword [edi]
pop ecx
read_stub_code:
call read
stub_code_ok:
call close
mov edx,edi
sub edx,esi
mov ax,dx
and ax,1FFh
mov [esi+2],ax
dec edx
shr edx,9
inc edx
mov [esi+4],dx
mov eax,edi
sub eax,esi
mov [esi+3Ch],eax
pop esi
stub_ok:
ret
binary_stub:
mov esi,edi
mov ecx,40h shr 2
xor eax,eax
rep stos dword [edi]
mov al,2
xor edx,edx
call lseek
push eax
xor al,al
xor edx,edx
call lseek
mov ecx,[esp]
add ecx,40h+111b
and ecx,not 111b
mov ax,cx
and ax,1FFh
mov [esi+2],ax
lea eax,[ecx+1FFh]
shr eax,9
mov [esi+4],ax
mov [esi+3Ch],ecx
sub ecx,40h
mov eax,10000h
sub eax,ecx
jbe binary_heap_ok
shr eax,4
mov [esi+0Ah],ax
binary_heap_ok:
mov word [esi],'MZ'
mov word [esi+8],4
mov ax,0FFFFh
mov [esi+0Ch],ax
dec ax
mov [esi+10h],ax
sub ax,0Eh
mov [esi+0Eh],ax
mov [esi+16h],ax
mov word [esi+14h],100h
mov word [esi+18h],40h
mov eax,[display_buffer]
sub eax,ecx
cmp edi,eax
jae out_of_memory
mov edx,edi
shr ecx,2
xor eax,eax
rep stos dword [edi]
pop ecx
call read
call close
pop esi
ret
format_pe:
xor edx,edx
mov [machine],14Ch
mov [subsystem],3
mov [subsystem_version],3 + 10 shl 16
mov [image_base],400000h
test [format_flags],8
jz pe_settings
mov [machine],8664h
mov [subsystem_version],5 + 0 shl 16
mov [image_base_high],0
pe_settings:
cmp byte [esi],84h
je get_stub_name
cmp byte [esi],80h
je get_pe_base
cmp byte [esi],1Bh
jne pe_settings_ok
lods byte [esi]
lods byte [esi]
test al,80h+40h
jz subsystem_setting
cmp al,80h
je dll_flag
cmp al,81h
je wdm_flag
jmp pe_settings
dll_flag:
bts [format_flags],8
jc setting_already_specified
jmp pe_settings
wdm_flag:
bts [format_flags],9
jc setting_already_specified
jmp pe_settings
subsystem_setting:
bts [format_flags],7
jc setting_already_specified
and ax,3Fh
mov [subsystem],ax
cmp byte [esi],'('
jne pe_settings
inc esi
cmp byte [esi],'.'
jne invalid_value
inc esi
push edx
cmp byte [esi+11],0
jne invalid_value
cmp byte [esi+10],2
ja invalid_value
mov dx,[esi+8]
cmp dx,8000h
je zero_version
mov eax,[esi+4]
cmp dx,7
jg invalid_value
mov cx,7
sub cx,dx
mov eax,[esi+4]
shr eax,cl
mov ebx,eax
shr ebx,24
cmp bl,100
jae invalid_value
and eax,0FFFFFFh
mov ecx,100
mul ecx
shrd eax,edx,24
jnc version_value_ok
inc eax
version_value_ok:
shl eax,16
mov ax,bx
jmp subsystem_version_ok
zero_version:
xor eax,eax
subsystem_version_ok:
pop edx
add esi,13
mov [subsystem_version],eax
jmp pe_settings
get_pe_base:
bts [format_flags],10
jc setting_already_specified
lods word [esi]
cmp ah,'('
jne invalid_argument
cmp byte [esi],'.'
je invalid_value
push edx edi
add edi,[stub_size]
test [format_flags],8
jnz get_pe64_base
call get_dword_value
mov [image_base],eax
jmp pe_base_ok
get_pe64_base:
call get_qword_value
mov [image_base],eax
mov [image_base_high],edx
pe_base_ok:
pop edi edx
cmp [value_type],0
jne invalid_use_of_symbol
cmp byte [esi],84h
jne pe_settings_ok
get_stub_name:
lods byte [esi]
lods word [esi]
cmp ax,'('
jne invalid_argument
lods dword [esi]
mov edx,esi
add esi,eax
inc esi
pe_settings_ok:
mov ebp,[stub_size]
or ebp,ebp
jz make_pe_stub
cmp edx,[stub_file]
je pe_stub_ok
sub edi,[stub_size]
mov [code_start],edi
make_pe_stub:
call make_stub
mov eax,edi
sub eax,[code_start]
mov [stub_size],eax
mov [code_start],edi
mov ebp,eax
pe_stub_ok:
mov edx,edi
mov ecx,18h+0E0h
test [format_flags],8
jz zero_pe_header
add ecx,10h
zero_pe_header:
add ebp,ecx
shr ecx,2
xor eax,eax
rep stos dword [edi]
mov word [edx],'PE' ; signature
mov ax,[machine]
mov word [edx+4],ax
mov dword [edx+38h],1000h ; section alignment
mov dword [edx+3Ch],200h ; file alignment
mov word [edx+40h],1 ; OS version
mov eax,[subsystem_version]
mov [edx+48h],eax
mov ax,[subsystem]
mov [edx+5Ch],ax
cmp ax,1
jne pe_alignment_ok
mov eax,20h
mov dword [edx+38h],eax
mov dword [edx+3Ch],eax
pe_alignment_ok:
mov word [edx+1Ah],VERSION_MAJOR + VERSION_MINOR shl 8
test [format_flags],8
jnz init_pe64_specific
mov dword [edx+14h],0E0h ; size of optional header
mov dword [edx+16h],10B010Eh; flags and magic value
mov eax,[image_base]
mov dword [edx+34h],eax
mov dword [edx+60h],1000h ; stack reserve
mov dword [edx+64h],1000h ; stack commit
mov dword [edx+68h],10000h ; heap reserve
mov dword [edx+6Ch],0 ; heap commit
mov dword [edx+74h],16 ; number of directories
jmp pe_header_ok
init_pe64_specific:
mov dword [edx+14h],0F0h ; size of optional header
mov dword [edx+16h],20B002Eh; flags and magic value
mov eax,[image_base]
mov dword [edx+30h],eax
mov eax,[image_base_high]
mov dword [edx+34h],eax
mov dword [edx+60h],1000h ; stack reserve
mov dword [edx+68h],1000h ; stack commit
mov dword [edx+70h],10000h ; heap reserve
mov dword [edx+78h],0 ; heap commit
mov dword [edx+84h],16 ; number of directories
pe_header_ok:
bsf ecx,[edx+3Ch]
imul ebx,[number_of_sections],28h
or ebx,ebx
jnz reserve_space_for_section_headers
mov ebx,28h
reserve_space_for_section_headers:
add ebx,ebp
dec ebx
shr ebx,cl
inc ebx
shl ebx,cl
sub ebx,ebp
mov ecx,ebx
mov eax,[display_buffer]
sub eax,ecx
cmp edi,eax
jae out_of_memory
shr ecx,2
xor eax,eax
rep stos dword [edi]
mov eax,edi
sub eax,[code_start]
add eax,[stub_size]
mov [edx+54h],eax ; size of headers
mov ecx,[edx+38h]
dec ecx
add eax,ecx
not ecx
and eax,ecx
bt [format_flags],8
jc pe_entry_init_ok
mov [edx+28h],eax ; entry point rva
pe_entry_init_ok:
mov [number_of_sections],0
movzx ebx,word [edx+14h]
lea ebx,[edx+18h+ebx]
mov [current_section],ebx
mov dword [ebx],'.fla'
mov dword [ebx+4],'t'
mov [ebx+14h],edi
mov [ebx+0Ch],eax
mov dword [ebx+24h],0E0000060h
xor ecx,ecx
not eax
not ecx
add eax,1
adc ecx,0
add eax,edi
adc ecx,0
test [format_flags],8
jnz pe64_org
sub eax,[edx+34h]
sbb ecx,0
mov bl,2
mov [code_type],32
jmp pe_org_ok
pe64_org:
sub eax,[edx+30h]
sbb ecx,[edx+34h]
mov bl,4
mov [code_type],64
pe_org_ok:
bt [resolver_flags],0
jc pe_labels_type_ok
xor bl,bl
pe_labels_type_ok:
mov [labels_type],bl
mov dword [org_origin],eax
mov dword [org_origin+4],ecx
mov [org_registers],0
mov [org_start],edi
bt [format_flags],8
jnc dll_flag_ok
or dword [edx+16h],2000h
dll_flag_ok:
bt [format_flags],9
jnc wdm_flag_ok
or word [edx+5Eh],2000h
wdm_flag_ok:
jmp instruction_assembled
pe_section:
call close_pe_section
bts [format_flags],5
lea ecx,[ebx+28h]
add edx,[edx+54h]
sub edx,[stub_size]
cmp ecx,edx
jbe new_section
lea ebx,[edx-28h]
or [next_pass_needed],-1
push edi
mov edi,ebx
mov ecx,28h shr 4
xor eax,eax
rep stos dword [edi]
pop edi
new_section:
mov [ebx+0Ch],eax
lods word [esi]
cmp ax,'('
jne invalid_argument
lea edx,[esi+4]
mov ecx,[esi]
lea esi,[esi+4+ecx+1]
cmp ecx,8
ja name_too_long
xor eax,eax
mov [ebx],eax
mov [ebx+4],eax
push esi edi
mov edi,ebx
mov esi,edx
rep movs byte [edi],[esi]
pop edi esi
mov dword [ebx+24h],0
mov [ebx+14h],edi
mov edx,[code_start]
mov eax,edi
xor ecx,ecx
sub eax,[ebx+0Ch]
sbb ecx,0
test [format_flags],8
jnz pe64_section_org
sub eax,[edx+34h]
sbb ecx,0
mov [labels_type],2
mov [code_type],32
bt [resolver_flags],0
jc pe_section_org_ok
mov [labels_type],0
jmp pe_section_org_ok
pe64_section_org:
sub eax,[edx+30h]
sbb ecx,[edx+34h]
mov [labels_type],4
mov [code_type],64
bt [resolver_flags],0
jc pe_section_org_ok
mov [labels_type],0
pe_section_org_ok:
mov dword [org_origin],eax
mov dword [org_origin+4],ecx
mov [org_registers],0
mov [org_start],edi
get_section_flags:
lods byte [esi]
cmp al,1Ah
je set_directory
cmp al,19h
je section_flag
dec esi
jmp instruction_assembled
set_directory:
movzx eax,byte [esi]
inc esi
mov ecx,ebx
test [format_flags],8
jnz pe64_directory
xchg ecx,[edx+78h+eax*8]
mov dword [edx+78h+eax*8+4],-1
jmp pe_directory_set
pe64_directory:
xchg ecx,[edx+88h+eax*8]
mov dword [edx+88h+eax*8+4],-1
pe_directory_set:
or ecx,ecx
jnz data_already_defined
push ebx edx
call generate_pe_data
pop edx ebx
jmp get_section_flags
section_flag:
lods byte [esi]
cmp al,9
je invalid_argument
cmp al,11
je invalid_argument
mov cl,al
mov eax,1
shl eax,cl
test dword [ebx+24h],eax
jnz setting_already_specified
or dword [ebx+24h],eax
jmp get_section_flags
close_pe_section:
mov ebx,[current_section]
mov edx,[code_start]
mov eax,edi
sub eax,[ebx+14h]
jnz finish_section
bt [format_flags],5
jc finish_section
mov eax,[ebx+0Ch]
ret
finish_section:
mov [ebx+8],eax
cmp edi,[undefined_data_end]
jne align_section
cmp dword [edx+38h],1000h
jb align_section
mov edi,[undefined_data_start]
align_section:
mov [undefined_data_end],0
mov ebp,edi
sub ebp,[ebx+14h]
mov ecx,[edx+3Ch]
dec ecx
lea eax,[ebp+ecx]
not ecx
and eax,ecx
mov [ebx+10h],eax
sub eax,ebp
mov ecx,eax
xor al,al
rep stos byte [edi]
mov eax,[code_start]
sub eax,[stub_size]
sub [ebx+14h],eax
mov eax,[ebx+8]
or eax,eax
jz udata_ok
cmp dword [ebx+10h],0
jne udata_ok
or byte [ebx+24h],80h
udata_ok:
mov ecx,[edx+38h]
dec ecx
add eax,ecx
not ecx
and eax,ecx
add eax,[ebx+0Ch]
add ebx,28h
mov [current_section],ebx
inc word [number_of_sections]
jz format_limitations_exceeded
ret
data_directive:
cmp [output_format],3
jne illegal_instruction
lods byte [esi]
cmp al,1Ah
je predefined_data_type
cmp al,'('
jne invalid_argument
call get_byte_value
cmp al,16
jb data_type_ok
jmp invalid_value
predefined_data_type:
movzx eax,byte [esi]
inc esi
data_type_ok:
mov ebx,[current_section]
mov ecx,edi
sub ecx,[ebx+14h]
add ecx,[ebx+0Ch]
mov edx,[code_start]
test [format_flags],8
jnz pe64_data
xchg ecx,[edx+78h+eax*8]
jmp init_pe_data
pe64_data:
xchg ecx,[edx+88h+eax*8]
init_pe_data:
or ecx,ecx
jnz data_already_defined
call allocate_structure_data
mov word [ebx],data_directive-assembler
mov [ebx+2],al
mov edx,[current_line]
mov [ebx+4],edx
call generate_pe_data
jmp instruction_assembled
end_data:
cmp [output_format],3
jne illegal_instruction
call find_structure_data
jc unexpected_instruction
movzx eax,byte [ebx+2]
mov edx,[current_section]
mov ecx,edi
sub ecx,[edx+14h]
add ecx,[edx+0Ch]
mov edx,[code_start]
test [format_flags],8
jnz end_pe64_data
sub ecx,[edx+78h+eax*8]
mov [edx+78h+eax*8+4],ecx
jmp remove_structure_data
end_pe64_data:
sub ecx,[edx+88h+eax*8]
mov [edx+88h+eax*8+4],ecx
jmp remove_structure_data
pe_entry:
lods byte [esi]
cmp al,'('
jne invalid_argument
cmp byte [esi],'.'
je invalid_value
test [format_flags],8
jnz pe64_entry
call get_dword_value
mov bl,2
bt [resolver_flags],0
jc check_pe_entry_label_type
xor bl,bl
check_pe_entry_label_type:
cmp [value_type],bl
je pe_entry_ok
cmp [error_line],0
jne pe_entry_ok
mov edx,[current_line]
mov [error_line],edx
mov [error],invalid_address
pe_entry_ok:
mov edx,[code_start]
sub eax,[edx+34h]
mov [edx+28h],eax
jmp instruction_assembled
pe64_entry:
call get_qword_value
mov bl,4
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -