This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: read/write header characteristics of Win32/PE executable


Pavel,


On Wed, Jul 21, 2010 at 5:13 PM, Pavel Pavlov <pavel@summit-tech.ca> wrote:
>> -----Original Message-----
>> From: binutils-owner@sourceware.org [mailto:binutils-
>> owner@sourceware.org] On Behalf Of Sean McNamara
>> Sent: Wednesday, July 21, 2010 04:04
>> To: binutils@sourceware.org
>> Subject: bfd: read/write header characteristics of Win32/PE executable
>>
>> Hello,
>>
>
> Hi Sean, I'm not good at bfd, but your task seems to be trivial enough to do it using plain winapi!! Accessing PE headers is really easy, using bfd for that... you'll waste more time figuring out simple stuff, while straight forward winapi will get you there in a couple of hours. I had to do something related to PE and eventually I did it all myself without any libraries.
> ontl has some good code that you can use for reference:
> http://code.google.com/p/ontl/source/browse/trunk/ntl/pe/image.hxx
> If you ask on their mailing list on how to switch from bfd to ontl for your simple task, I think you'll get a 5 line function that does what you want.

First the good news: I've hacked together a program that did what I wanted. :)

I ended up giving up on ontl (it's very poorly documented, and doesn't
work with MinGW, and I couldn't figure it out at all). Instead, I went
with the pure Win32 API. I used a combination of
http://blogs.msdn.com/b/kstanton/archive/2004/03/31/105060.aspx and
http://technet.microsoft.com/en-us/library/ee829684%28WS.10%29.aspx
and some wine-1.2 code ;-) to get what I needed.

Turns out that 99% of the structural information about Win32/PE files
is quite literally documented in <winnt.h> which is included either in
MSVC or MinGW.

Setting the LAA flag was easy; then I spent another few hours figuring
out how to fix the checksum.

Setting a correct checksum is good; setting a 0 checksum is acceptable
(usually) but may lead to problems; and setting an incorrect checksum
(or not updating the checksum if it was previously non-zero and you
change the LAA bit) is highly unacceptable, according to Win32. If you
just change the LAA bit, it complains that it's not a valid win32
application ;)

Anyway, thanks to wine code and winnt.h, I brought together a program
that compiles on both *NIX and Win32 that does the job.

I made a release in git at git://tiyukquellmalz.org/pelaa.git and the
tarball is at http://tiyukquellmalz.org/pelaa/pelaa-latest.tar.bz2

The bad news is that I gave up on getting bfd to do this. I don't
really *need* bfd, as I can see now; my program is basically just
POSIX fopen/fread/fwrite + C99.

Anyway, I wanted to write in to share the fruits of my labor (licensed
GPLv3+) and to say that I learned a lot about low-level programming,
BFD, Win32/PE, and binary formats in general over the last 3 days.
Part of that was because you helped me along. :) I guess it is also
semi-relevant to the list, too, to note that some things can be done
_without_ needing BFD -- almost as useful as knowing what BFD _can_
do.

Thanks a lot,

Sean

>
>
>
>
>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]