Forums before death by AOL, social media and spammers... "We can't have nice things"
| alt.os.development | Operating system development chatter | 4,255 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 4,082 of 4,255 |
| wolfgang kern to All |
| Re: KESYS may go UEFI |
| 07 Jan 24 06:58:00 |
From: nowhere@never.at On 05/01/2024 11:34, I wrote: still many question marks in there (my size cast: b/w/q/dq/qq/dqq/qqq for 8/16/32/64/128/256/512) info gathered from WIKI and Herbert's PE. the PE-file: ;but it should be UEFI x8664 conform is my main code an object or not? TIA for any insight. __ wolfgang ------------------------------------------------------- 000 w 5A4D "MZ" DOS 2.0 Compatible EXE Header 002 w .... remaining bytes on last sector, aka tail start (0160)? 004 w 0001 file size (in 512 byte sectors) 006 w 0000 number of relocation entries ??? required or not ??? 008 w 0004 DOS header size (in 16 byte paragraphs) ==0040 00a w 0000 needed minimum extra paragraphs 00c w ffff needed maximum extra paragraphs ?? why max ??? 00e w 0000 add SS (to load-address) 010 w .... SP initial (0160 if it use the tail here) 012 w 0000 checksum (of what and how) 014 w 0000 IP initial 016 w 0000 add CS (to load address) 018 w 0040 offset of RELOCATION table **** useless if none ??? 01a w 0000 overlay number 01c dq.... reserved, all Zero 024 w 0000 OEM identifier, mine would be "KE" even not recognized 026 w 0000 OEM specific 028 .... unused, all Zero 03c q 00a0 Offset to PE Header (relative to file-start) 040 ... relocation table (if any at all) DOS 2.0 Stub Program 040 push CS ;assume it's 0004 (from DOS header size) yet ??? 041 pop DS 042 mov DX,000e 045 mov AH,09 047 INT_21 049 mov AX.4c01 04c INT_21 04e (aka 000e) just text+$ 0004:000e ------------ PE HEADER pointed to by file-offset 003c q +[003c]q == 00a0 yet 0a0 q 00004550 "PE"0,0 SIGNATURE 0a4 w 0000 Unknown CPU TYPE 014C 80386 014D 80486 014E PentiumTM ???? RYZEN 5/6.. ???? 0a6 w 0001 number of sections 0a8 q 3700_0000 TIMESTAMP (seconds since 31.12.69 16:00) 0ac q reserved Zero/ PointerToSymbolTable 0b0 q reserved Zero/ NumberOfSymbols 0b4 w 00e0 why? SizeOfOptionalHeader 0b6 w 010f (I had 030f) Characteristics-flags bit# my |if set 0 1 Relocation info stripped from file. 1 1 File is executable (i.e. no unresolved externel references). 2 1 Line numbers stripped from file. 3 1 Local symbols stripped from file. 4 0 Aggressively trim working set 5..6 00 ?? 7 0 Bytes of machine word are reversed. 8 1 ? 32 bit word machine. 9 1 Debugging info stripped from file in .DBG file 10 0 If Image is on removable media, copy and run from swap file. 11 0 If Image is on Net, copy and run from the swap file. 12 0 System File. 13 0 File is a DLL. 14 0 File should only be run on a UP machine 15 0 Bytes of machine word are reversed. 0b8 w 010b MAGIC # ?? 0ba b 05 ?? major linker version 0bb b 0c ?? minor 0bc q any SizeOfCode 0c0 q any SizeOfInitializedData 0c4 q any SizeOfUninitializedData 0c8 q ???? /winmain-ImageBase;AddressOfEntryPoint (0000_1094) ???? 0cc q any BaseOfCode 0d0 q any BaseOfData 0d4 q ... IMAGE BASE (0040_0000) ??? required by UEFI ??? 0d8 q 1000 SectionAlignment 0dc q 0200 FileAlignment 0e0 w ? MajorOperatingSystemVersion 0e2 w 0 minorOperatingSystemVersion 0e4 w 0 MajorImageVersion 0e6 w 0 MinorImageVersion 0e8 w ? MajorSubsystemVersion 0ea w 0 MinorSubsystemVersion 0ec q 0 Win32VersionValue 0f0 q any SizeOfImage 0f4 q 0200 SizeOfHeaders ? 0f8 q 0 CheckSum of what? 0fc w 0003 SUBSYSTEM bit# my |if set 0 1 Unknown subsystem. 1 1 Image doesn't require a subsystem. 2 0 Image runs in the Windows GUI subsystem. 3 0 Image runs in the Windows character subsystem. 4 0 ? 5 0 image runs in the OS/2 character subsystem. 6 0 ? 7 0 image run in the Posix character subsystem. 8 0 image run in the 8 subsystem. 9..15 all zero 0fe w 0000 DLL Characteristic flags Indicates special loader requirements. b0 Per-Process Library Initialization b1 Per-Process Library Termination b2 Per-Thread Library Initialization b3 Per-Thread Library Termination b15..4 reserved for future use and should be set to zero. 0100 q any STACK RESERVE SIZE SizeOfStackReserve 0104 q any STACK COMMIT SIZE SizeOfStackCommit 0108 q any HEAP RESERVE SIZE SizeOfHeapReserve 010c q any HEAP COMMIT SIZE SizeOfHeapCommit 0110 q 0 loader-flags ???? (guess what this is) ???? 0114 q any NumberOfRvaAndSize (entries in the data dir) 0118 dq 0 EXPORT DIRECTORY start+size 0120 dq 0 IMPORT DIRECTORY start+size 0128 dq 0 Resource Directory 0130 dq 0 Exception Directory 0138 dq 0 Security Directory 0140 dq 0 Base Relocation Table 0148 dq 0 Debug Directory 0150 dq 0 Description String 0158 dq 0 Machine Value (MIPS GP) 0160 dq 0 THREAD LOCAL STORAGE TLS Directory 0168 dq 0 Load Configuration Directory 0170 dq 0 Bound Import Directory in headers 0178 q 00000014 Import Address Table "IAT" ???? what for ??? 017c q 00001000 size 0180 dq 0 RVA/14 ;SIZE 0188 dq 0 RVA/15 ;SIZE 0190 dq 0 RVA/16 ;SIZE ----------------------- object table: Each Object Table entry has this format (40 byte): 000 dq strptr ??? or 7char+00 OBJECT NAME (ascii Z-pad) 008 q VIRTUAL SIZE /(VSizeOf_text/VSizeOf_idat/VSizeOf_udat) 00c q RVA /VBaseOf_text 010 q PHYSICAL SIZE /FSizeOf_text ;raw data 014 q PHYSICAL OFFSET /FBaseOf_text ;raw data 018 q RESERVED /pointer to relocatins 01c q RESERVED /pointer to line numbers 020 w 0 number of relocations 022 w ?? number of line numbers 024 q OBJECT FLAGS (E0000020/40/80) b5 Code object b6 Initialized data object b7 Uninitialized data object b26 Object must not be cached b27 Object is not page able b28 Object is shared b29 Executable object b30 Readable object b31 Writable object All other bits are reserved and should be set to zero. ---------------- --- SoupGate-Win32 v1.05 * Origin: you cannot sedate... all the things you hate (1:229/2) |
(c) 1994, bbs@darkrealms.ca