• entries
72
51
• views
60470

# Pure binary to C++ through PE

118 views

Hey everyone!

I am setting up the envirement that I will use for my Kernel, and I have decided to use MSVC++ 2005.

As you know, MSVC++ can only output COFF and PE object formats. Because of this, we have to parse (or strip) the header information to execute it from the Stage 2 bootloader.

I decided that stripping the header info was cheating, so decided to parse the image instead.

The Stage 2 bootloader loads the executable -- KRNL.DLL -- At 1 MB. So, to parse it, simply begin at offset 0x100000, and check certain bytes to get information while following the file format.

This is what I did:
; You are in pmode, and image is loaded at 1 MB...	mov	ebx, [0x100000+60]		; e_lfanew is a 4 byte offset address of the PE header; it is 60th byte. Get it	add	ebx, 0x100000			; Add base address. EBX now points to file sig (PE00)	; jump over to optional header (Although it isnt optional o.0 )	add	ebx, 24	mov	ax, [ebx]		; _IMAGE_FILE_HEADER is 20 bytes + size of sig (4 bytes)	add	ebx, 12	; ebx=address of entry point routine	jmp	ebx			; Execute Kernel

Thats it!

The above 6 instructions only retrieves needed information to get the entry point routine within the EXE or DLL, and calls it.

As long as the file is a PE executable or DLL, Is loaded at base addess 0x100000, and CS=Code descriptor, the above will work for any program.

Because the entry point routine is called directly, this effectivly calls a C++ main entry routine from our pure binary Stage 2 bootloader. -Cool? [grin]

Of course--This assumes you already set up MSVC++ correctly to work in Kernel Land.

There are no comments to display.

## Create an account

Register a new account