I'm trying to do a little IAT hooking in explorer.exe. Specs: Windows 7 x64, Visual C++. I've made it to a point where I am capable of reading thunk data from any executable of my choosing except for C:\Windows\Explorer.exe. When I run my program against that I receive an access violation in reading memory from that executable. However, when I run this against C:\Windows\system32\Explorer.exe and C:\Windows\sysWOW64\Explorer.exe I don't have any problems. Why is this? Is C:\Windows\Explorer.exe some sort of symbolic link to one of the other explorer.exe's? What could be keeping me from reading this file?
On my Windows 7 x64 system C:\windows\explorer.exe is a 64-bit binary, PE32+ format, whereas c:\windows\syswow64\explorer.exe is a 32-bit binary, PE32 format. Is your application designed to read both PE32 and PE32+ formats?
And when opening C:\Windows\System32\Explorer.exe from a 32-bit process that is a redirect to the c:\windows\syswow64\explorer.exe copy. From a 64-bit process c:\windows\system32\explorer.exe doesn't exist.
Related
This question already has an answer here:
Reading writing fortran direct access unformatted files with different compilers
(1 answer)
Closed 6 years ago.
I have a Fortran code which writes an unformatted direct access file. The problem is that the size and the contents of the file changes when I switch to different platforms:
First platform is Windows (32bit version of the program using Intel compiler - version around 2009)
Second platform is Linux (64 bit version of the program with gfortran compiler v4.9.0).
Unfortunately the file that is produced in Linux can not be read from windows. The file in LINUX is 5-6 times smaller. However, the total number of records that are written seems to be the same. I opened both files with a hex editor and the main difference is that a lot of zeros exist in the windows version of the file.
Is there any way produce exactly the same file in LINUX?
If it helps, you can find both files here: https://www.dropbox.com/sh/erjlf5sps40in0e/AAC4XEi-p4nnTNzhyai_ZCZVa?dl=0
I open the file with the command: OPEN(IAST,FILE=ASTFILR,ACCESS='DIRECT',FORM='UNFORMATTED',RECL=80)
I write with the command:
WRITE(IAST,REC=IRC) (SNGL(PHI(I)-REF), I=IBR,IER)
I read with the command: READ(IAST,REC=IRC,ERR=999) (PHIS(I), I=1,ISTEP)
where PHIS is a REAL*4 array
The issue is that by default Intel Fortran specifies that RECL= is in units of words, whereas GFortran uses bytes. There's an Intel Fortran compiler option that you can use to make it use byte units. On Linux that option is
-assume byterecl
for Windows I'm not sure what the syntax is, maybe something like
/assume:byterecl
I have written a small 16-bit assembly program that writes some values in some memory locations.Is there a way I can test it in 32-bit protected mode on Linux?
qemu, dosbox, bochs
Yes, 16-bit code is supported in user processes in Linux. The system call to do it is called vm86() (there's a man page, but there's not much in it). It is, naturally, only works on x86 platforms (and 32-bit only).
If you want an example, the ELKS project has a complete tool for running ELKS 8086 binaries on Linux, which uses it:
https://github.com/lkundrak/dev86/tree/master/elksemu
Look for the run_elks() function. It's pretty straightforward.
I'm writing a small utility that should run on both 16\32\64 bit systems.
My old utility ran both on 32 and 16 bit by compressing the 16bit version to the 32 bit and applying the /stub switch in visual studio 2008 (/STUB -MS-DOS Stub File Name ).
I'm looking for a way to do the same with my 64 bit executable.
The target 64bit system is Win PE 64bit and it doesn't have the WOW64 installed on it.
Is it possible?
The DOS stub of Windows executables uses the MZ section, whereas both 32-bit and 64-bit executables use the PE section. This allows the DOS stub to exist within either Windows executable, but causes a collision when trying to combine 32- and 64-bit executables.
You should pack your 32 and 64 bit util in resources of another exe, let's call it launcher 32 bit.
Then your launcher should detect on what system it is started from and then extract proper binary from it's resources and start it.
Windows 32-bit runs 16-bit applications by wowexec.exe, and Win64 runs 32-bit application by wow64. So without wow64 it's impossible for your program to create a universal launcher on Windows. (Note: Mac OSX supports multiple architecture in single binary anyway)
The best approach I can figure out is to create a single MSI installer package and put both 32/64 exes into it.
I'm currently in the process of learning assembly language.
I'm using Gas on Linux Mint (32-bit). Using this book:
Programming from the Ground Up.
The machine I'm using has an AMD Turion 64 bit processor, but I'm limited to 2 GB of RAM.
I'm thinking of upgrading my Linux installation to the 64-bit version of Linux Mint, but I'm worried that because the book is targeted at 32-bit x86 architecture that the code examples won't work.
So two questions:
Is there likely to be any problems with the code samples?
Has anyone here noticed any benefits in general in using 64-bit Linux over 32-bit (I've seen some threads on Stack Overflow about this but they are mostly related to Windows Vista vs. Windows XP.)
Your code examples should all still work. 64-bit processors and operating systems can still run 32-bit code in a sort of "compatability mode". Your assembly examples are no different. You may have to provide an extra line of assembly or two (such as .BITS 32) but that's all.
In general, using a 64-bit OS will be faster than using a 32-bit OS. x86_64 has more registers than i386. Since you're working on assembly, you already know what registers are used for... Having more of them means less stuff has to be moved on and off the stack (and other temporary memory) thus your program spends less time managing data and more time working on that data.
Edit: To compile 32-bit code on 64-bit linux using gas, you just use the commandline argument "--32", as noted in the GAS manual
Even if you run Linux 64bit, it is possible to compile and run 32bit binaries on it. I don't know how good Mint's support for that is, I assume you should check.
64bit assembler however is not fully compatible to 32bit, for example you have different (more) registers. There are some specific instructions not available on either platform.
I would say the move to 64bit is not a big deal. You can still write 32bit assembly and then perhaps try to get it also running as 64bit (shouldn't be too hard), as a source of even more programming/learning fun.
Usually 32-bits is plenty so only use 64-bits or more if you really NEED IT.
Best to decide prior to programming if you want to do it as a 32-bit app or
a 64-bit app and then stick to it as mixed mode debugging ca get tricky fast.
What are the guidelines for porting a 32-bit program to a 64-bit version?
Apart from the obvious issues with calling 32-bit libraries:
Don't assume a pointer is the same size as an integer.
Don't assume subtracting one pointer from another yields a value that fits in an integer.
See also http://msdn.microsoft.com/en-us/library/aa384190(VS.85).aspx
Don't use hard coded registry/file system paths as some are different on a 64-Bit machine. For example, 32 bit apps get installed in 'Program Files (x86)'.
If you are developing in Windows using .NET, make sure you are using the System or Microsoft.Win32 libraries to access resources.