no problem for the formats of source code.
Thank you very much for your efforts !
I overlook the source on the fly, and I can create a Flat image, that work.
How did you get it working ?
You are welcome,
I have played with the
PE headers for years, so this wasn't a problem, years ago when i am bored i just go and download viruses and trojans just to disassemble them and see how they work, it was fun and still, alas life doesn't have mercy and spare you time, any way if you are interested but be careful, i mean extra careful and use protection like dissect and run the on VM like Hyper-V, of course if you wish then see this
https://github.com/Endermanch/MalwareDatabase
Again many scary things are there, but the things of manipulated are unimaginable.
Back to this
PE header, first i tried to search the internet, very little i found, i thought there must be a ready solution like yours, but i couldn't found anything else than two examples, one on StackOverflow
https://stackoverflow.com/questions/...-assembly-nasm also and few threads on NAsm forum
https://forum.nasm.us/index.php?topic=1663.15
But this forum looks down now, it seems someone forgot to pay the hosting or something !!! and i can't recognize which is links from history as i spend hours in nice journey just reading more and more on
PE and playing, never got to my mind to use NASM in such way, as i always use MASM with NotePad++ or RadAsm the
IDE.
One section will definitely work but will have some serious red flags, also my implementation above is far from right to the one section, see memory pages should have right protection flag, but the sections above are 512b each and they are location on one page, Windows had no problem running it.
Also found this strange thing that Windows is in few places are very forgiving for wrong/incorrect/invalid values, addresses and alignment, but mostly aggressive with zero tolerance.
Anyway big chunk of that part is from the snippet in the nasm forum, which is existed in few threads and used as template, so i used it, the strange thing is, that thread called solved didn't work on my Windows 10 and didn't generate valid 32bit exe, so i changed and fixed the parameters to x64 and one extra DLLs imports.
For analyzing the content of the EXE i used Interactive Disassembler from HexRays, they have free (and limited) version
https://hex-rays.com/ida-free/ but it is powerful, yet it deceived me as fixed a lot of the errors without my permission, very useful to walk everything in EXE not only assembly but structures and headers.
Also if you not familiar with Ghidra
https://ghidra-sre.org/ then you are missing a lot, you will love it, and love its decompiler, yes full decompiler.
For your interesst:
in the Time, you present your Source Solution, I worked on a Compiler/Transpiler that is used AsmJit, wich you can use, to create Assembly Code with C++.
My Environment is MSYS2 MinGW32/64.
It emulate a POSIX BASH Shell, with powerful Tools.
I create a Bash Shell script, to compile, and link the Applications.
It comes with a Lexer/Parser (pc.exe) - that should read-up Pascal Syntax, and form a
AsmJit Assembly file.
This Assembly file can then reverse create AsmJit Assembly. So you have Pascal scripts that will be transpile to Assembly. And when you have Assembly source file, it will transpiled back to AsmJit, so you can do things like execute, and/or code injections.
Feel free, and drop a message - if you have Questions.
That is very interesting indeed, and it is nice and useful, i am sure will enjoy digging in it, and will come back with any questions or just nagging.