Created
November 5, 2019 14:11
-
-
Save somma/8e37b2873e3da2378fb3bbe3a6be488b to your computer and use it in GitHub Desktop.
Very tiny program that prints the sum of 1 to 10.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; | |
| ; TinyPE.asm | |
| ; | |
| BITS 32 | |
| ; IMAGE_NT_HEADERS 의 시작 위치가 4 이어야 하므로 섹션/파일 얼라인먼트를 4 로. | |
| ; 공교롭게도 e_lfanew = 4 로 동일하게 맞아떨어짐 | |
| ; | |
| SectionAlignment equ 0x00000004 | |
| FileAlignment equ 0x00000004 | |
| %define round(n, r) (((n+(r-1))/r)*r) | |
| ; | |
| ; MZ Header (IMAGE_DOS_HEADER) | |
| ; | |
| mzhdr: | |
| dw "MZ" ; e_magic; // Magic number | |
| ; 48 bytes 사용 가능 | |
| ; 4 바이트 얼라인을 맞춰야 하므로 e_cblp 필드는 그냥 놔두고, | |
| ; dos header 의 46 바이트 영역을 IMAGE_NT_HEADERS 로 덮어쓸 수 있음 | |
| ; | |
| dw 0x00 ; e_cblp; // Bytes on last page of file | |
| ;dw 0x00 ; e_cp; // Pages in file | |
| ;dw 0x00 ; e_crlc; // Relocations | |
| ; | |
| ; IMAGE_NT_HEADERS | |
| ; | |
| pehdr: | |
| dd 0x00004550 ; Signature ( IMAGE_NT_SIGNATURE ) | |
| ; | |
| ; IMAGE_FILE_HEADER | |
| ; | |
| ;dw 0x00 ; e_cparhdr; // Size of header in paragraphs | |
| dw 0x014C ; Machine (IMAGE_FILE_MACHINE_I386) | |
| ;dw 0x00 ; e_minalloc; // Minimum extra paragraphs needed | |
| dw 0x0001 ; NumberOfSections | |
| ;dw 0x00 ; e_maxalloc; // Maximum extra paragraphs needed | |
| ;dw 0x00 ; e_ss; // Initial (relative) SS value | |
| dd 0x00000000 ; TimeDateStamp | |
| ;dw 0x00 ; e_sp; // Initial SP value | |
| ;dw 0x00 ; e_csum; // Checksum | |
| dd 0x00000000 ; PointerToSymbolTable | |
| ;dw 0x00 ; e_ip; // Initial IP value | |
| ;dw 0x00 ; e_cs; // Initial (relative) CS value | |
| dd 0x00000000 ; NumberOfSymbols | |
| ;dw 0x00 ; e_lfarlc; // File address of relocation table | |
| dw OptionalHeaderSize ; SizeOfOptionalHeader | |
| ;dw 0x00 ; e_ovno; // Overlay number | |
| dw 0x0103 ; Characteristics (IMAGE_FILE_RELOCS_STRIPPED, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_32BIT_MACHINE) | |
| ;times 4 dw 0x00 ; e_res[4]; // Reserved words | |
| ;dw 0x00 ; e_oemid; // OEM identifier (for e_oeminfo) | |
| ;dw 0x00 ; e_oeminfo; // OEM information; e_oemid specific | |
| ; | |
| ; IMAGE_OPTIONAL_HEADER | |
| ; | |
| OPTIONAL_HEADER_START: | |
| ; standard fields | |
| ; | |
| dw 0x010B ; Magic ( IMAGE_NT_OPTIONAL_HDR32_MAGIC ) | |
| db 0x0A ; MajorLinkerVersion | |
| db 0x00 ; MinorLinkerVersion | |
| dd round(CodeSize, FileAlignment) ; SizeOfCode | |
| dd 0x00000000 ; SizeOfInitializedData | |
| ;times 10 dw 0x00; e_res2[10]; // Reserved words | |
| dd 0x00000000 ; SizeOfUninitializedData | |
| dd _main ; AddressOfEntryPoint | |
| dd 0x00000000 ; BaseOfCode | |
| dd round(FileSize, SectionAlignment) ; BaseOfData | |
| ; NT additional fields | |
| ; | |
| dd 0x00400000 ; ImageBase; | |
| ;========================================================================== | |
| ; IMAGE_DOS_HEADER::e_lfanew 값과 IMAGE_NT_HEADERS::SectionAlignment | |
| ; 오프셋, 값이 정확히 일치 | |
| ; | |
| ;dd pehdr ; e_lfanew; // File address of new exe header | |
| dd SectionAlignment | |
| dd FileAlignment | |
| dw 0x0005 ; MajorOperatingSystemVersion | |
| dw 0x0001 ; MinorOperatingSystemVersion | |
| dw 0x0000 ; MajorImageVersion | |
| dw 0x0000 ; MinorImageVersion | |
| dw 0x0005 ; MajorSubsystemVersion | |
| dw 0x0001 ; MinorSubsystemVersion | |
| dd 0x00000000 ; Win32VersionValue | |
| dd round(FileSize, SectionAlignment) ; SizeOfImage | |
| dd round(HeaderSize, FileAlignment) ; SizeOfHeaders | |
| dd 0x00000000 ; CheckSum | |
| dw 0x0003 ; Subsystem ( IMAGE_SUBSYSTEM_WINDOWS_CUI ) | |
| dw 0x0000 ; DllCharacteristics | |
| dd 0x00100000 ; SizeOfStackReserve | |
| dd 0x00001000 ; SizeOfStackCommit | |
| dd 0x00100000 ; SizeOfHeapReserve | |
| dd 0x00001000 ; SizeOfHeapCommit | |
| dd 0x0000 ; LoaderFlags | |
| dd 3 ; NumberOfRvaAndSizes -> 16 | |
| ; Data Directories | |
| ; IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory | |
| ; IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory | |
| ; | |
| dd 0,0 ; Export Table | |
| dd iatdata ; Import Table | |
| dd iatdatasize | |
| dd 0,0 ; null - 이걸 해줘야 크래시 안남 | |
| OptionalHeaderSize equ $ - OPTIONAL_HEADER_START | |
| ; | |
| ; IMAGE_SECTION_HEADER | |
| ; | |
| db ".text", 0, 0, 0 ; IMAGE_SECTION_HEADER::Name, 8bytes | |
| dd CodeSize ; IMAGE_SECTION_HEADER::VirtualSize | |
| dd round(HeaderSize, SectionAlignment) ; IMAGE_SECTION_HEADER::VirtualAddress | |
| dd round(HeaderSize, FileAlignment) ; IMAGE_SECTION_HEADER::SizeOfRawData | |
| dd code ; IMAGE_SECTION_HEADER::PointerToRawData | |
| dd 0x00000000 ; IMAGE_SECTION_HEADER::PointerToRelocations | |
| dd 0x00000000 ; IMAGE_SECTION_HEADER::PointerToLinenumbers | |
| dw 0x0000 ; IMAGE_SECTION_HEADER::NumberOfRelocations | |
| dw 0x0000 ; IMAGE_SECTION_HEADER::NumberOfLinenumbers | |
| dd 0x60000020 ; IMAGE_SECTION_HEADER::Characteristics ( IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ) | |
| HeaderSize equ $ - $$ | |
| ; | |
| ; .text 섹션 데이터 | |
| ; | |
| align FileAlignment, db 0 ; 1 바이트 정렬을 이용하고, padding 은 0 으로 채움 | |
| code: | |
| ; entry point | |
| ; | |
| _main: | |
| ;============================================================================== | |
| ; msvcrt:printf 함수 정보 | |
| ; | |
| ;0x00242060: C:\WINDOWS\system32\msvcrt.dll | |
| ; Base 0x77bc0000 EntryPoint 0x77bcf2a1 Size 0x00058000 | |
| ; Flags 0x80084006 LoadCount 0x0000ffff TlsIndex 0x00000000 | |
| ; (77bf186a) MSVCRT!printf | |
| ;============================================================================== | |
| ; 1~10 까지의 합을 구하는 코드 | |
| ; | |
| ; for (int i=1;i<11;++i) | |
| ;00F61000 33 C0 xor eax,eax | |
| ;00F61002 33 C9 xor ecx,ecx | |
| ;00F61004 40 inc eax | |
| ; { | |
| ; ret += i; | |
| ;00F61005 03 C8 add ecx,eax | |
| ;00F61007 40 inc eax | |
| ;00F61008 83 F8 0B cmp eax,0Bh | |
| ;00F6100B 7C F8 jl wmain+5 (0F61005h) | |
| ; } | |
| ;printf("%d", ret); | |
| ;00F6100E 51 push ecx | |
| ;00F6100F 68 F4 20 F6 00 push offset string "%d" (0F620F4h) | |
| ;00F61014 FF 15 A0 20 F6 00 call dword ptr [__imp__printf (0F620A0h)] | |
| xor eax, eax | |
| xor ecx, ecx | |
| inc eax | |
| _sum: | |
| add ecx, eax | |
| inc eax | |
| cmp eax, 0x0b | |
| jl _sum | |
| _print: | |
| push ecx | |
| push 0x00400000 + format_string | |
| mov eax, 0x77bf186a | |
| call eax | |
| add esp, 8 | |
| ret | |
| ; IAT 정보 (array of IMAGE_IMPORT_DESCRIPTOR) | |
| ; | |
| iatdata: | |
| dd int ; OriginalFirstThunk // import by ordinal | |
| dd 0x00000000 ; TimeDateStamp | |
| dd 0x00000000 ; ForwarderChain; // -1 if no forwarders | |
| dd msvcrt_dll ; Name (RVA) | |
| dd iat ; FirstThunk | |
| ; empty IMAGE_IMPORT_DESCRIPTOR | |
| ; | |
| ; #1 328 bytes | |
| ;dd 0x00000000 | |
| ;dd 0x00000000 | |
| ;dd 0x00000000 | |
| ;dd 0x00000000 | |
| ;dd 0x00000000 | |
| iatdatasize equ $ - iatdata | |
| ; Import name table - IMAGE_THUNK_DATA32 | |
| ; | |
| int: | |
| dd 0x80000001 ; ordinal 값 1 인 함수를 임포트 (그냥..) | |
| ; ASLR 적용된 경우 ordinal 값을 통해 함수를 호출하게 하면 됨 | |
| ; 귀찮음... -_- | |
| dd 0x00000000 | |
| ; | |
| ; Import address table - IMAGE_THUNK_DATA32 | |
| ; | |
| iat: | |
| dd 0x80000001 ; ordinal 값 1 인 함수를 임포트 (그냥..) | |
| dd 0x00000000 | |
| ;============================================================================== | |
| ; 필요한 문자열 정의 | |
| ; | |
| msvcrt_dll: db "msvcrt.dll",0 | |
| format_string: db "%d",0 | |
| CodeSize equ $ - code | |
| FileSize equ $ - $$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment