Assembly Language for Beginners

(Jeff_L) #1

6.5. WINDOWS NT


abnormally with the following error:


runtime error R6030



  • CRT not initialized


Global object initializations in C++ is also occur in theCRTbefore the execution ofmain():3.18.4 on
page 564.


The value thatmain()returns is passed tocexit(), or in$LN32, which in turn callsdoexit().


Is it possible to get rid of theCRT? Yes, if you know what you are doing.


TheMSVC’s linker has the/ENTRYoption for setting an entry point.


#include <windows.h>


int main()
{
MessageBox (NULL, "hello, world", "caption", MB_OK);
};


Let’s compile it in MSVC 2008.


cl no_crt.c user32.lib /link /entry:main


We are getting a runnable .exe with size 2560 bytes, that has a PE header in it, instructions calling
MessageBox, two strings in the data segment, theMessageBoxfunction imported fromuser32.dlland
nothing else.


This works, but you cannot writeWinMainwith its 4 arguments instead ofmain().


To be precise, you can, but the arguments are not prepared at the moment of execution.


By the way, it is possible to make the .exe even shorter by aligning thePEsections at less than the default
4096 bytes.


cl no_crt.c user32.lib /link /entry:main /align:16


Linker says:


LINK : warning LNK4108: /ALIGN specified without /DRIVER; image may not run


We get an .exe that’s 720 bytes. It can be executed in Windows 7 x86, but not in x64 (an error message
will be shown when you try to execute it).


Withevenmoreefforts,itispossibletomaketheexecutableevenshorter,butasyoucansee,compatibility
problems arise quickly.


6.5.2 Win32 PE.


PEis an executable file format used in Windows. The difference between .exe, .dll and .sys is that .exe
and .sys usually do not have exports, only imports.


ADLL^14 , just like any other PE-file, has an entry point (OEP) (the function DllMain() is located there) but
this function usually does nothing. .sys is usually a device driver. As of drivers, Windows requires the
checksum to be present in the PE file and for it to be correct^15.


Starting at Windows Vista, a driver’s files must also be signed with a digital signature. It will fail to load
otherwise.


Every PE file begins with tiny DOS program that prints a message like “This program cannot be run in DOS
mode.”—if you run this program in DOS or Windows 3.1 (OS-es which are not aware of the PE format), this
message will be printed.


(^14) Dynamic-Link Library
(^15) For example, Hiew(7.1 on page 789) can calculate it

Free download pdf