Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to index page
Thread view  Board view
grompe(R)

Homepage

Russia,
28.04.2008, 11:44
 

pestub + large stub = invalid executable for WinXP (DOSX)

Hello.

I noticed that pestub makes executables invalid for Windows XP, if it was
used to attach too large stub and size of PE header greater grew larger
than 4096 bytes. Trying different command line options didn't help.

It's not because of "stupid Windows XP" that I read somewhere (I don't
remember where, can't find it again), but because it's logical that PE
sections must not overlap, and PE header itself is considered a section.
Of course, PE header must be mapped into address space.


So, here are methods to solve this problem:

1. Use the following scheme:

[ MZ header ][ PE header ][ DOS data ][ Windows data ]

In this scheme, PE header wouldn't be larger than 4096 bytes unless there
are enormous number of sections in it.

I tried to move PE header this way after processing an executable with
pestub, t ran in Windows after that, but DOS executable failed. It was
HDLD32.BIN saying "memory shrink Error". In MZ header I changed only
"paragraphs in header" value. I tried to play with "minimum memory" and
"maximum memory", but didn't get any results. What I missed here?


2. Relocate an executable to fit DOS stub.

If relocations are present, we can relocate the sections so first section
start at bigger virtual address and fit whole DOS stub.


3. Reduce executable's image base to fit DOS stub.

If there are no relocations, we can reduce image base by needed space
size and fit DOS stub again. That would work for cases when we deliberately
increased image base to, say, 410000h when compiling the executable.

Maybe that's not very good idea and useless method, because when we can
compile, we always can insert relocation data (?).

Japheth(R)

Homepage

Germany (South),
28.04.2008, 11:55

@ grompe
 

pestub + large stub = invalid executable for WinXP

> I noticed that pestub makes executables invalid for Windows XP, if it was
> used to attach too large stub and size of PE header greater grew larger
> than 4096 bytes. Trying different command line options didn't help.

Just to be sure: did you also try the -s option? Because that one is supposed to ensure that the binary remains valid for NT/XP.

---
MS-DOS forever!

grompe(R)

Homepage

Russia,
28.04.2008, 12:02

@ Japheth
 

The -s option doesn't help with large stub

> Just to be sure: did you also try the -s option? Because that one is
> supposed to ensure that the binary remains valid for NT/XP.

Yes, I tried the -s option. With large stub, it makes header overlapped with the first section.

DOS386(R)

01.05.2008, 05:19
(edited by DOS386, 01.05.2008, 06:22)

@ Japheth
 

pestub + large stub = invalid executable for WinXP

> Just to be sure: did you also try the -s option? Because that one is
> supposed to ensure that the binary remains valid for NT/XP.

But why isn't it being adjusted by default ? As-is PESTUB creates a faulty PE, just DPMILD and ME/9x don't care :confused:

There are 2 (two !) problems:

- PESTUB fails to adjust SizeOfHeaders by default, problem for any stub bigger than original, including DPMIST32.BIN
- (Headers size < lowest RVA) - problem only for big stubs, cca > 3 KiB, PE needs rellocating

This has recently been discussed in other forum also :-(

> So, here's a full solution to make executables valid for HX DOS Extender and Windows XP: 1. Compile the program

But if you can compile then you should be able to raise those RVA's ...

The other solution (usable also if you don't have the PE source / can't compile it):

[MZ-stub + loader, < 3 KiB][PE ... ... ...][here additional DOS stuff]

---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***

grompe(R)

Homepage

Russia,
01.05.2008, 17:48

@ DOS386
 

Thanks, but there's no need to search for another solution

> But if you can compile then you should be able to raise those RVA's ...

Not with any compiler. Especially ones with built-in linker.

> The other solution (usable also if you don't have the PE source / can't
> compile it):
>
> [MZ-stub + loader, < 3 KiB][PE ... ... ...][here additional DOS stuff]

This solution is actually harder to implement, requires specially prepared stub, and limits overlay usage (in my solution you could also append any data to the end of executable and use it).

P.S. So when pestub will be updated?

DOS386(R)

02.05.2008, 21:43

@ grompe
 

Thanks, but there's no need to search for another solution

> P.S. So when pestub will be updated?

Pending (non-critical) sugg:

-> Allow PX as input and patch back to PE

PS: I just brewed the world's 1st FASM example using LOADPEX ... seems to work very well ... just the speeeeeeeeed :clap:

---
This is a LOGITECH mouse driver, but some software expect here
the following string:*** This is Copyright 1983 Microsoft ***

Japheth(R)

Homepage

Germany (South),
28.04.2008, 12:29

@ grompe
 

pestub + large stub = invalid executable for WinXP

> It's not because of "stupid Windows XP" that I read somewhere (I don't
> remember where, can't find it again), but because it's logical that PE
> sections must not overlap, and PE header itself is considered a section.
> Of course, PE header must be mapped into address space.

the WinXP possibly isn't "stupid", but it also isn't smart. Because it could easily check if the header overlaps with the first section and if yes, skip the DOS part of the header.

> 1. Use the following scheme:
>
> [ MZ header ][ PE header ][ DOS data ][ Windows data ]

I don't understand what's the "DOS data" is supposed to be.

> 2. Relocate an executable to fit DOS stub.
>
> If relocations are present, we can relocate the sections so first section
> start at bigger virtual address and fit whole DOS stub.

Ok, but the problem is that almost all applications are without relocs.

> 3. Reduce executable's image base to fit DOS stub.
>
> If there are no relocations, we can reduce image base by needed space
> size and fit DOS stub again.

A funny idea, but it might indeed work for many cases. However, it will change the module's base address, so it isn't fully transparent for the Win32 code.

---
MS-DOS forever!

grompe(R)

Homepage

Russia,
28.04.2008, 12:37

@ Japheth
 

DOS data is just a stub without MZ header

> I don't understand what's the "DOS data" is supposed to be.

Well, that's everything you see in usual DOS executable apart from MZ header.

> Ok, but the problem is that almost all applications are without relocs.

At least this will work for own applications when we can direct the compiler to include relocation data. (But doesn't support customizing stub, otherwise there wouldn't be such problem.)


Btw, the third method should be considered with care, if image base is less than 400000h, that executable won't run in Windows 9x.

grompe(R)

Homepage

Russia,
30.04.2008, 12:41

@ grompe
 

Method 1 verified and works! Solution

Method 1 verified and works!
I missed "pages in file" and "bytes on last page" values in MZ header.
It has nothing to do with memory, by mistake only part of the stub was loaded into memory.

So, here's a full solution to make executables valid for HX DOS Extender and Windows XP:
1. Compile the program
2. Process it with pestub without -s option*
3. Move PE header from after the end of DOS stub to at 40h in file
4. Validate pointer to PE header at 3Ch by setting it to 40h
5. Validate "paragraphs in header" value at 8h by increasing it by "PE header size" / 16
6. Validate "relocation address" value at 18h by increasing it by "PE header size"
7. Validate "pages in file" (at 4h) and "bytes on last page" (at 2h):
"pages in file" += "PE header size" / 512
"bytes on last page" += "PE header size" % 512
if "bytes on last page" gets larger than or equal to 512 (200h), subtract 512 from it and add one to "pages in file" value.

Note: we assume here that PE header size is multiply of 16.
If it's smaller, just round it to the next bigger value.

Note 2: all values are word size except pointer to PE header (dword).

* Btw, -s option is totally useless now.

Rugxulo(R)

Homepage

Usono,
01.05.2008, 05:48

@ grompe
 

pestub + large stub = invalid executable for WinXP

> Hello.
>
> I noticed that pestub makes executables invalid for Windows XP

Just FYI, this guy wrote a 700-byte PE from scratch recently (if you're curious). ;-)

grompe(R)

Homepage

Russia,
28.01.2009, 20:51

@ grompe
 

Sigh... Still not fixed

It's pity that this bug still haven't fixed, although solution was provided 1.5 years ago.

Japheth(R)

Homepage

Germany (South),
30.01.2009, 17:28

@ grompe
 

Sigh... Still not fixed

> ... although solution was provided 1.5 years ago.

The post is from 30.4.2008. How long is the Russian year? In Western time it's about 9 Month since 30.4.2008, which is 0.75 years only.

---
MS-DOS forever!

cm(R)

Homepage E-mail

Düsseldorf, Germany,
30.01.2009, 17:56

@ Japheth
 

Sigh... Still not fixed

> > ... although solution was provided 1.5 years ago.
>
> The post is from 30.4.2008. How long is the Russian year? In Western time
> it's about 9 Month since 30.4.2008, which is 0.75 years only.

Beside examination of periods of time it might be interesting to read whether the bug is fixed (if it's a bug at all).

---
l

grompe(R)

Homepage

Russia,
30.01.2009, 22:42

@ Japheth
 

Miscounted, don't take it seriously.

Sorry, I miscounted =)
Was sleepy, don't take it seriously.

Back to index page
Thread view  Board view
15115 Postings in 1359 Threads, 249 registered users, 17 users online (0 registered, 17 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum