|
Hi,
Well I agree that section names are meaningless. and that different Compilers and Linkers have their own ways and means.
However, there must be documentation about what
Kernel32::LoadLibrary(...}; and
Kernel32::GetProcAddress(...) expect a PE File to look like, and what it natively expects. It is that sort of documentation that I am after.
The Section Table still serves a useful purpose. The PE File is not a memory image of the loaded executable. Trivial areas, such as the BSS, are typically left out of the File, but included in the memory image. The Section table informs the loader where to load each section, irrespective of the Name. The User (Program Writer) may also include Zero Set named sections of interest, for instance an unlimited number of named data sections which are shared between instances (Ouch..., but apparently Allowed). After this loading the Data Directory List points indeed to the correct RVA for each item. The thing is here too, that if something is allowed by the specification, however daft, some one some where in the world may just try that at some time.
So, in essence when we get an RVA from the data directory, it appears that we have to decide whether the RVA points into a section,(in which case we need an adjustment to compensate for the loading position vs file position) or, it is an RVA into the File. To muddy the waters further, we may have absolute or relative addressing in a File. In the former case, a relocation may be applied to the RVA. To muddy it further again, DllMain() may modify a lot of daft things.
I will probably end up using LoadLibrary() to dig deeper, but, at least as a first sanity check, I need to load the file manually, if for no other reason as to investigate why for instance LoadLibrary() fails on a PE File.
Afterall, the purpose of the tool I'm trying to write is not to show that everything is working perfectly, it is to provide a rich environment in which to take things apart to get to the bottom of a problem.
Friendly thanks for your reply,
Bram van Kampen
|
|
|
|
|
Here's some documentation from microsoft: http://go.microsoft.com/fwlink/p/?linkid=84140
But it doesn't really go into the corner cases. It's more focused on documenting how they think the PE format should be used than on documenting just what sort of insanity is actually accepted by the loader (which of course varies per version of windows). As far as I know MS doesn't even document that, I've only seen it in places such as corkami's github and places that talk about analysis of malware. For example, sections can actually overlap each other in virtual space (wat), with sections that are later in the section table apparently just overwriting the mapping created for an earlier section that extends further than where the later section begins - MS does not even seem to acknowledge that such a thing is possible.
Here's an other description of the PE format by corkami, including a lot of useful practical notes (or gory details..) and references to the POCs in the list I linked before: docs/PE.md at master · corkami/docs · GitHub
|
|
|
|
|
|
Well Richard,
Thanks for the links. However, it leads either to Old Documentation (1999), or CE formats.
I have the Old Formats already, via the books of Matt Pietrek. Other persons have also contributed, and I have now written a suite of functions that extract imports and exports. The next step is to extract and show resources. Matt Pietrek found that too trivial an issue to pass any remarks on. I suppose it wil take a bit more hard slogging.
Regards
|
|
|
|
|
|
Well Richard,
Thanks again.
I am avoiding LoadLibrary(..), EnumerateResources(..), LoadResource()and similar kernel functions, because I am trying to write a tool that can analyse what went wrong where any of these kernel functions fail. The Kernel functions on an end user computer do not allow for debugging there and then.
Download WHDC White Papers and Documentation from Official Microsoft Download Center looks interesting, but, points me to a site where after selecting Download, I get a Picture Page, prompting me to select a Download, but no way of selecting anything.
Very, Very Interested to get a view of this document.
Regards,
Bram van Kampen
|
|
|
|
|
Bram van Kampen wrote: LoadResource()and similar kernel functions They are nothing to do with the kernel, but part of the Windows API.
If you click your mouse to the left of the document name on the picture page until a sort of square appears, you then get the Next button lighting up so the download works. Took me a couple of seconds to figure out.
|
|
|
|
|
Well,
I Agree that some of the mentioned functions are actually part of the Windows API. Nevertheless, I still want to load a PE File and analyse it on my own terms for my stated reasons. By the way, LoadLibrary() is definitely a Kernel function (in as my Program shows, Kernel32.dll).
When clicking the Download button on the MS Website, I get a screen which states that I have No File selected for downloading.
(Download Summary:
You have not selected any file(s) to download. Total Size=0)
I have a List:
CIDPrintDev.docx 46 KB
32-64bit_install.docx 47 KB
OS_Desc_Ext_Prop.zip 144 KB
pecoff.docx 206 KB
Left clicking anywhere gives me the choice of Select All, or, Print All. The latter just prints this page with the list.
The site does not allow me to select the 'pecoff.docx' in any way whatsoever.
Spent most of last Saturday and Sunday on trying, Don't understand what is wrong.
Could you perhaps send it to me by email?
Regards
Bram van Kampen
|
|
|
|
|
If you send me a direct message via the Email link below I can send you the file.
|
|
|
|
|
Hi
I have a derived Dialog. There is a member a rich edit object. I populate the rich edit
from a file. In the INITDIALOG I open the file, to do the I/O I use CStdioFile.
The call back procedure is not part of an Object
So for both callback proc (Reading the file) and the CDoalog Opening it.
To both have access to the CStdioFile object, I declare the pointer to it not any
Class, but Global
The code works but maybe I shouldn't be doing it this way
|
|
|
|
|
Is there a question in here? Are you wanting to know if you should use a member variable vs. a global variable?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Let me ask it a different way does or rather should the stream in proc be a member of a class ?
Thanks
|
|
|
|
|
ForNow wrote: should the stream in proc be a member of a class ? It's not required. As long as it has this signature, it won't matter.
Now depending on what you want to do with the data sent to the callback function would better determine if you needed to make it a stand-alone function, or a static member of a class.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Ok thanks the data just displays storage
Thanks
|
|
|
|
|
Does anyone have example source code for VC6++ that will declare a ikspropertset variable and
make a call to a device (like a camera) using this variable to change something on the interface.
I have a camera running under a vendor's driver on VC6 and I want to change a parameter on the camera IC that is not normally accessible. They kindly supplied me with an unsupported low level call
HRESULT SetRegisterValue( IKsPropertySet& ksps, uint16_t addr, uint16_t value )
I have added
#include <windows.h>
#include <ks.h>
#include <ksproxy.h>
to the code but have trouble when trying to define the ksps structure.
If I could read a short working example I think this could help.
|
|
|
|
|
|
Thanks I saw that but could not find any sample code I could compile there
|
|
|
|
|
Maybe you need to write it.
|
|
|
|
|
Maybe post the compilation errors that you are seeing along with the pertinent code.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Hi,
I am working LDPC encoding and decoding for hardware implementation.Through Vivado HLS, I need to transform a parity-check matrix H (that only consists of ones and zeros) from a non-standard to a standard form through C/C++ programming language. Here below you may find samples of non-standard parity check matrices in which Gauss-Jordan elimination (over GF(2)) can be applied.
Initially, i am trying encoding part via C/C++ programming logic. please help me if you do have any idea about LDPC. I would need a method that works out with matrices of any dimension.
this is, express it as
Hsys = [I| P]
This is my H matrix
H=[1 1 0 0 1 0
1 0 0 1 0 1
1 1 1 0 0 1];
Expected Systematic H matrix
Hsys=[1 0 0 1 0 1
0 1 0 1 1 1
0 0 1 0 1 1];
int main()
{
int i,j;
int message;
int H_Matrix[3][6]={{1,1,0,0,1,0},{1,0,0,1,0,1},{1,1,1,0,0,1}};
int temp[3][6]={0};
for(j=0;j<6;j++)
{
temp[1][j]=(H_Matrix[1][j]^H_Matrix[0][j]);
H_Matrix[1][j] = temp[1][j];
temp[2][j]=(H_Matrix[2][j]^H_Matrix[0][j]);
H_Matrix[2][j] = temp[2][j];
temp[0][j]=(H_Matrix[0][j]^H_Matrix[1][j]);
H_Matrix[0][j] = temp[0][j];
}
for(i=0;i<3;i++)
{
for(j=0;j<6;j++)
{
printf("%d\t ",H_Matrix[i][j]);
}
printf("\n");
}
}
|
|
|
|
|
We have a MFC application with a structure that constitutes int, float and char array members. We have declared a global pointer to this struture. This application creates a shared memory using createfilemapping function and assigns the shared memory to this global variable using mapviewfile function.
The same structure is used in a console application1 which is used for doing certain calculations. This console application shares the memory created by the MFC application using openfilemapping and mapviewfile functions.
I want to create another console application2 in which the dimension of the array members of the struture to be modified. If I run the MFC application based on the selection 1 dynamically, it should create the shared memory for console application1. Similarly for selection 2 dynamically, the MFC application has to create shared memory for console application2.
Please suggest me how to do it dynamically when I run the MFC application
Note: When the MFC application is run, it invokes the console application after creating the shared memory. It invokes one console application during its each run based on the user selection.
|
|
|
|
|
You could declare the second structure in the same global space using a union . That way your global structure does not change for the existing application.
|
|
|
|
|
To make my question more specific
Is it possible to dynamically create a single global pointer to 2 different structures based on the selection, one at a time.
For Example:
If pt is the pointer and struct1 and struct2 are the 2 different structures.
if x = 0 then pt refers struct1 else pt refers struct2
Here Pt will be used throughout my application lot many times and places and I dont want to use 2 different pointers.
If it is possible, Please provide me the steps of how to do it. Or please suggest some ways to meet my requirement
modified 15-Jun-17 2:36am.
|
|
|
|
|
Yes it is possible but now you need another global variable to tell which structure it points to. Better to have some flag in the structure, preferably the first item, which tells the rest of the code which one it is. But really using global ob jects/pointers in this way is not good design.
|
|
|
|
|
If I am going to have a single pointer which will dynamically point to any of the 2 structures based on the user selection, then what should be pointer type defined...struct1 or struct2 or void
I have to define the pointer type while I code and point it to any of the strutures dynamically based on the user selection which is mostly one time. After the selection is done, the pointer will point to the selected structure throughout the application run.
|
|
|
|
|