Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Newbie question ASPR 1.23 RC4 (long!)
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 02-13-2004, 04:00
Satyric0n
 
Posts: n/a
Quote:
1. Relocation table: Taking a look at 2EA9C4, it seems clear that the relocation table is empty, since there is only the header of the fix-up block (manipulated by ASPR?). I pushed that part to 231000, since there should be the original rel. table. After that I've fixed the directory table entry to 231000. No problem.
This is a perfectly acceptable solution, although there is a better one yet. What you can do is change both your Relocation RVA and Size to 0, then in your PE Characteristics, set the Relocation Stripped flag. That way, you don't even need the header, and can simply delete the .reloc section's physical data and set its RSize to 0 in the section header. You might even be able to be rid of the section entirely, and wipe the section header out of the PE header, but I have never tested it; I'm always hesitant to delete sections created by the compiler, maybe I'm just too cautious...

Quote:
First I've simply tried to transfer those 24 bytes to 22e00 and fix the directory table entry for TlsTable accordingly.
I'm not sure if this would cause problems or not, as I'm not entirely sure what the section at 22E000 is for. It certainly could work, as the thing that's causing your exe to not run after you remove the .data section is not related to TLS. Needless to say, I have a different solution than yours; not to say that mine is a better solution, but it is different. The only thing I have against your solution is my general hesitation to copy data to 00'd out sections, as those sections are usually initialized at runtime and data you put there has a tendancy to get overwritten.

Quote:
Callbacks : 630010 (-base = 230010; hmmm... looks interesting, since at 630000 there's an exact copy of the TLS at 2ea9cc...)
This is a good observation... Run with it!

Quote:
Now I've got not the slightest idea on how to proceed... So I'm afraid I'll need another hint
Reread my description of what the .data section is. There are more things relocated in that section that the Relocation table and TLS table.

Regards
Last edited by Satyric0n; 02-13-2004 at 06:09.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
one newbie question SubzEro General Discussion 7 03-12-2015 06:05
ASPR, ARMA question sgdt General Discussion 3 04-09-2006 03:38
ASPR 1.2 question gabri3l General Discussion 42 05-01-2004 15:09
a newbie question about CRC32 abccc General Discussion 13 04-23-2004 03:13
"newbie" question for crackers ;) newbie007 General Discussion 4 10-07-2003 04:46


All times are GMT +8. The time now is 15:13.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )