Investigating PE format (EXE and DLL)

**Charles Pegge** · 10-08-2008, 00:16

Below is an elementry program and some notes which I am using to gain detailed knowledge of the PE formats. I'll leave you to guess why

some useful links:

An In-Depth Look into the Win32 Portable Executable File Format,
Part 1 & Part 2
Matt Pietrek
http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
http://msdn.microsoft.com/en-gb/magazine/cc301808.aspx

more references included with the program

**kryton9** · 10-08-2008, 06:02

My guess is being able to use our programs on different devices, like windows ce or smartphones?

**Michael Hartlef** · 10-08-2008, 09:00

You want to create a linker. And NOT neccesarily for a mobile device as the PE format is THE executable format for Windows.

**Petr Schreiber** · 10-08-2008, 09:34

I do not say anything,

I am just very curious about final result

Charles, one note regarding the attached script. Instead of:

right$("0000000"+hex$(v),

+" "

you can go for:

hex$( v, 8 )+" "

I attached modified script.

Petr

**Charles Pegge** · 10-08-2008, 10:25

Thanks Petr - my basic is very primitive - may also end up as FB or PB.

The prospect is to be able to create standalone code using Asmosphere and thinBasic as a compiler. We can then produce modules written in Asmosphere and much else besides.

The intention is to develop a code layout typical of a regular EXE then build the required headers for it. - The code can be tested inside thinBasic then stored as a standard EXE or DLL to run on its own.

This is what the thinBasic_Oxygen headers look like:

[code=thinbasic]

FILE: thinBasic_Oxygen.dll

09:15:09 08-10-2008
DateTimeStamp: 489EA38D

----------
DOS HEADER
----------

00000000 4D 5A 90 00 MZ
00000004 03 00 00 00
00000008 04 00 00 00
0000000C FF FF 00 00 ÿÿ
00000010 B8 00 00 00 ¸
00000014 00 00 00 00
00000018 40 00 00 00 @
0000001C 00 00 00 00
00000020 00 00 00 00
00000024 00 00 00 00
00000028 00 00 00 00
0000002C 00 00 00 00
00000030 00 00 00 00
00000034 00 00 00 00
00000038 00 00 00 00
0000003C 80 00 00 00 €
00000040 0E 1F BA 0E º
00000044 00 B4 09 CD ´ Í
00000048 21 B8 01 4C !¸L
0000004C CD 21 54 68 Í!Th
00000050 69 73 20 70 is p
00000054 72 6F 67 72 rogr
00000058 61 6D 20 63 am c
0000005C 61 6E 6E 6F anno
00000060 74 20 62 65 t be
00000064 20 72 75 6E run
00000068 20 69 6E 20 in
0000006C 44 4F 53 20 DOS
00000070 6D 6F 64 65 mode
00000074 2E 0D 0D 0A .

00000078 24 00 00 00 $
0000007C 00 00 00 00

-----------------
IMAGE FILE HEADER
-----------------

00000080 Signature: 00004550
00000084 Machine: 014C
IMAGE_FILE_MACHINE_I386
00000086 Sections: 0007
00000088 TimeDateStamp: 489E7466
Date & Time: 10/August/2008 05:53:58
0000008C Pointer to symbol table: 00000000
00000090 Number of symbols: 00000000
00000094 Size of Optional header: 000E0
00000096 Characteristics: 000230E
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

--------------------
OPTIONAL FILE HEADER
--------------------

00000098 magic: 010B
0000009A major linker version: 2
0000009B minor linker version: 38
0000009C Size of Code: 00017000
000000A0 Size of Initialised Data: 0001D400
000000A4 Size of Uninitialised Data: 00061800
000000A8 Address of Entry Point: 00001000
000000AC Base of Code: 00001000
000000B0 Base of Data: 00018000
000000B4 Image Base: 10000000
000000B8 Section Alignment: 00001000
000000BC File Alignment Alignment: 00000200
000000C0 Major Operating System Version: 0004
000000C2 Minor Operating System Version: 0000
000000C4 Major Image Version: 0001
000000C6 Minor Image Version: 0000
000000C8 Major Subsystem Version: 0004
000000CA Minor Subsystem Version: 0000
000000CC Reserved: 00000000
000000D0 Size of Image 00084000
000000D4 Size of headers 00000400
000000D8 Checksum 00023958
000000DC Subsystem: 0003
IMAGE_SUBSYSTEM_WINDOWS_CUI
000000DE DLL Characteristics: 0000
000000E0 Size of Stack Reserve: 00100000
000000E4 Size of Stack Commit: 00100000
000000E8 Size of Heap Reserve: 00100000
000000EC Size of Heap Commit: 00001000
000000F0 Loader Flags: 00000000

000000F4 Number of RVA and Sizes: 00000010

000000F8 Data Dir0: EXPORT 00080000
000000FC Data Dir0: size 00000075
00000100 Data Dir1: IMPORT 00081000
00000104 Data Dir1: size 00000700
00000108 Data Dir2: RESOURCE 00000000
0000010C Data Dir2: size 00000000
00000110 Data Dir3: EXCEPTION 00000000
00000114 Data Dir3: size 00000000
00000118 Data Dir4: SECURITY 00000000
0000011C Data Dir4: size 00000000
00000120 Data Dir5: BASE RELOC 00082000
00000124 Data Dir5: size 00001508
00000128 Data Dir6: DEBUG 00000000
0000012C Data Dir6: size 00000000
00000130 Data Dir7: COPYRIGHT 00000000
00000134 Data Dir7: size 00000000
00000138 Data Dir8: GLOBAL PTR 00000000
0000013C Data Dir8: size 00000000
00000140 Data Dir9: TLS 00000000
00000144 Data Dir9: size 00000000
00000148 Data Dir10: LOAD CONFIG 00000000
0000014C Data Dir10: size 00000000
00000150 Data Dir11: BOUND IMPORT 00000000
00000154 Data Dir11: size 00000000
00000158 Data Dir12: IAT 00000000
0000015C Data Dir12: size 00000000
00000160 Data Dir13: DELAY IMPORT 00000000
00000164 Data Dir13: size 00000000
00000168 Data Dir14: COM DESCRIPTOR 00000000
0000016C Data Dir14: size 00000000
00000170 Data Dir15: Reserved 00000000
00000174 Data Dir15: size 00000000

---------------
SECTION HEADERS
---------------

00000178 .text
00000180 Physical Data 00016FCC
00000184 Virtual Data 00001000
00000188 Size of Raw Data 00017000
0000018C Ptr to Raw Data 00000400
00000190 Ptr to Relocations 00000000
00000194 Ptr to LineNumbers 00000000
00000198 Number of Relocations 0000
0000019A Number of Line Numbers 0000
0000019C Characteristics 60000060
Code section
Initialised data section
Executable section
Readable section

000001A0 .data
000001A8 Physical Data 000040E0
000001AC Virtual Data 00018000
000001B0 Size of Raw Data 00004200
000001B4 Ptr to Raw Data 00017400
000001B8 Ptr to Relocations 00000000
000001BC Ptr to LineNumbers 00000000
000001C0 Number of Relocations 0000
000001C2 Number of Line Numbers 0000
000001C4 Characteristics C0000040
Initialised data section
Readable section
Writable section

000001C8 .rdata
000001D0 Physical Data 000001C0
000001D4 Virtual Data 0001D000
000001D8 Size of Raw Data 00000200
000001DC Ptr to Raw Data 0001B600
000001E0 Ptr to Relocations 00000000
000001E4 Ptr to LineNumbers 00000000
000001E8 Number of Relocations 0000
000001EA Number of Line Numbers 0000
000001EC Characteristics 40000040
Initialised data section
Readable section

000001F0 .bss
000001F8 Physical Data 00061690
000001FC Virtual Data 0001E000
00000200 Size of Raw Data 00000000
00000204 Ptr to Raw Data 00000000
00000208 Ptr to Relocations 00000000
0000020C Ptr to LineNumbers 00000000
00000210 Number of Relocations 0000
00000212 Number of Line Numbers 0000
00000214 Characteristics C0000080
Uninitialised data section
Readable section
Writable section

00000218 .edata
00000220 Physical Data 00000075
00000224 Virtual Data 00080000
00000228 Size of Raw Data 00000200
0000022C Ptr to Raw Data 0001B800
00000230 Ptr to Relocations 00000000
00000234 Ptr to LineNumbers 00000000
00000238 Number of Relocations 0000
0000023A Number of Line Numbers 0000
0000023C Characteristics 40000040
Initialised data section
Readable section

00000240 .idata
00000248 Physical Data 00000700
0000024C Virtual Data 00081000
00000250 Size of Raw Data 00000800
00000254 Ptr to Raw Data 0001BA00
00000258 Ptr to Relocations 00000000
0000025C Ptr to LineNumbers 00000000
00000260 Number of Relocations 0000
00000262 Number of Line Numbers 0000
00000264 Characteristics C0000040
Initialised data section
Readable section
Writable section

00000268 .reloc
00000270 Physical Data 00001508
00000274 Virtual Data 00082000
00000278 Size of Raw Data 00001600
0000027C Ptr to Raw Data 0001C200
00000280 Ptr to Relocations 00000000
00000284 Ptr to LineNumbers 00000000
00000288 Number of Relocations 0000
0000028A Number of Line Numbers 0000
0000028C Characteristics 42000040
Initialised data section
Readable section

00000290
00000298 Physical Data 00000000
0000029C Virtual Data 00000000
000002A0 Size of Raw Data 00000000

EXPORT DIRECTORY
0001B800 Characteristics 00000000
0001B804 Time Date Stamp 489E7466
0001B808 Major Version 0000
0001B80A Minor Version 0000
0001B80C Name 0008003C
0001B810 Base 00000001
0001B814 Number Of Functions 00000002
0001B818 Number Of Names 00000002
0001B81C Address Of Functions 00080028
0001B820 Address Of Names 00080030
0001B824 Address Of Name Ordinals 00080038

Name List

Number of names 2

--------------------------------------------------------------------------------------
OFFSET VIRTUAL FILE OFS VIRT LOC ORD NAME A+0 CODE SNIPPET
--------------------------------------------------------------------------------------
0001B851 00080051 000120C0 00012CC0 0000 LoadLocalSymbols55 89 E5 83 EC 04 C7 45
0001B862 00080062 000122B0 00012EB0 0001 UnLoadLocalSymbols55 89 E5 83 EC 04 C7 45

Import DLLs

IMPORT DIRECTORY ENTRY RECORD
0001BA00 dw RVA Function Name List 00081068
0001BA04 dw Useless 1 00000000
0001BA08 dw Useless 2 00000000
0001BA0C dw RVA Module Name 000815F0
0001BA10 dw RVA Function Address List 00081174

0001BFF0 000815F0 Module Name: thinCore.DLL

Function List (declare_order and name)

0001BB74 00081174 000A thinBasic_CheckCloseParens_Mandatory
0001BB78 00081178 0011 thinBasic_CheckOpenParens_Optional
0001BB7C 0008117C 001B thinBasic_LoadSymbol_FB
0001BB80 00081180 0026 thinBasic_ParseLong
0001BB84 00081184 0029 thinBasic_ParseString
0001BB88 00081188 0031 thinBasic_VariableGetInfoEX

IMPORT DIRECTORY ENTRY RECORD
0001BA14 dw RVA Function Name List 00081088
0001BA18 dw Useless 1 00000000
0001BA1C dw Useless 2 00000000
0001BA20 dw RVA Module Name 00081624
0001BA24 dw RVA Function Address List 00081194

0001C024 00081624 Module Name: KERNEL32.dll

Function List (declare_order and name)

0001BB94 00081194 0001 AddAtomA
0001BB98 00081198 00AF FindAtomA
0001BB9C 0008119C 00D5 FreeLibrary
0001BBA0 000811A0 00DC GetAtomNameA
0001BBA4 000811A4 014F GetModuleHandleA
0001BBA8 000811A8 016A GetProcAddress
0001BBAC 000811AC 020A LoadLibraryA
0001BBB0 000811B0 021B LockFile
0001BBB4 000811B4 0302 UnlockFile

IMPORT DIRECTORY ENTRY RECORD
0001BA28 dw RVA Function Name List 000810B4
0001BA2C dw Useless 1 00000000
0001BA30 dw Useless 2 00000000
0001BA34 dw RVA Module Name 000816DC
0001BA38 dw RVA Function Address List 000811C0

0001C0DC 000816DC Module Name: MSVCRT.DLL

Function List (declare_order and name)

0001BBC0 000811C0 0038 __dllonexit
0001BBC4 000811C4 0046 __mb_cur_max
0001BBC8 000811C8 0090 _assert
0001BBCC 000811CC 00A8 _controlfp
0001BBD0 000811D0 00BD _errno
0001BBD4 000811D4 00D2 _filelengthi64
0001BBD8 000811D8 00EE _gcvt
0001BBDC 000811DC 00F0 _get_osfhandle
0001BBE0 000811E0 0111 _iob
0001BBE4 000811E4 0113 _isctype
0001BBE8 000811E8 0132 _itoa
0001BBEC 000811EC 018F _pctype
0001BBF0 000811F0 01B6 _snprintf
0001BBF4 000811F4 01CC _stricmp
0001BBF8 000811F8 01E7 _ultoa
0001BBFC 000811FC 0250 abort
0001BC00 00081200 025C calloc
0001BC04 00081204 0265 exit
0001BC08 00081208 0268 fclose
0001BC0C 0008120C 026B fflush
0001BC10 00081210 026D fgetpos
0001BC14 00081214 026E fgets
0001BC18 00081218 0273 fopen
0001BC1C 0008121C 0274 fprintf
0001BC20 00081220 0279 fread
0001BC24 00081224 027A free
0001BC28 00081228 027B freopen
0001BC2C 0008122C 027F fsetpos
0001BC30 00081230 0280 ftell
0001BC34 00081234 0282 fwrite
0001BC38 00081238 02AD malloc
0001BC3C 0008123C 02AF mbstowcs
0001BC40 00081240 02B3 memcpy
0001BC44 00081244 02B4 memmove
0001BC48 00081248 02B5 memset
0001BC4C 0008124C 02C3 realloc
0001BC50 00081250 02CA setvbuf
0001BC54 00081254 02D3 strchr
0001BC58 00081258 02DA strlen
0001BC5C 0008125C 02E2 strtod
0001BC60 00081260 02EF tolower
0001BC64 00081264 0302 wcslen

IMPORT DIRECTORY ENTRY RECORD
0001BA3C dw RVA Function Name List 00081164
0001BA40 dw Useless 1 00000000
0001BA44 dw Useless 2 00000000
0001BA48 dw RVA Module Name 000816F0
0001BA4C dw RVA Function Address List 00081270

0001C0F0 000816F0 Module Name: OLEAUT32.DLL

Function List (declare_order and name)

0001BC70 00081270 0051 SysAllocStringByteLen
0001BC74 00081274 0053 SysFreeString

[/code]

**Michael Hartlef** · 10-08-2008, 13:53

WOW

**Petr Schreiber** · 10-08-2008, 14:31

Charles,

that is perfect plan.
I just wonder ... do -you- need any programming language?
You know machine code, assembler and by the way you create compiler now ;D.
I think when you sleep, entities in your dreams talk to you in opcodes ;D.

Petr

**Charles Pegge** · 10-08-2008, 16:52

Well I thought it would be fun to make a compiler in thinBasic

O2 script is well suited to building these headers. They are quite complicated with a number of pointers and mappings to resolve.

Fortunately for Asmosphere, there is very little implicit binding - just LoadLibrary, GetProcAddress and FreeLibrary. And we should be able to get away without using relocation tables - the code can be written to run at any location in memory without fixups.

The Operating system requires that code and data are organised in sections in units of 4kb, which can be designated read/write/initialised/executable. So we have to ensure that headers, code and data are all correctly aligned.

But when these sections are stored in the EXE file - the alignments all change from 4kb boundaries to 512 bytes normally. Otherwise the files would become bloated.

headers and skeleton program in O2 script:
[code=thinbasic]

jmp long main

o2
(

; ----------
; DOS HEADER
; ----------

`MZ` 90 00 ; 0000
03 00 00 00 ; 0004
04 00 00 00 ; 0008
FF FF 00 00 ; 000c
B8 00 00 00 ; 0010
00 00 00 00 ; 0014
40 00 00 00 ; 0018
00 00 00 00 ; 001c
00 00 00 00 ; 0020
00 00 00 00 ; 0024
00 00 00 00 ; 0028
00 00 00 00 ; 002c
00 00 00 00 ; 0030
00 00 00 00 ; 0034
00 00 00 00 ; 0038
80 00 00 00 ; 003c

0E 1F BA 0E ; 0040
00 B4 09 CD ; 0044
21 B8 01 4C ; 0048
CD 21

`This program cannot be run in DOS mode.` 0d 0a 00

/0080

; -----------------
; IMAGE FILE HEADER
; -----------------

/0080

`PE` 00 00 ; 0080 Signature: 00004550
hw014C ; 00000084 Machine: 014C
; IMAGE_FILE_MACHINE_I386
hw0004 ; 00000086 Sections: 0007
hl00000000 ; 00000088 TimeDateStamp: 489E0DEE
; Date & Time: 09/August/2008 22:36:46
hl00000000 ; 0000008C Pointer to symbol table: 00000000
hl00000000 ; 00000090 Number of symbols: 00000000
hw00E0 ; 00000094 Size of Optional header: 000E0
hw230E ; 00000096 Characteristics: 000230E
; IMAGE_FILE_LINE_NUMS_STRIPPED
; IMAGE_FILE_LINE_NUMS_STRIPPED
; IMAGE_FILE_LOCAL_SYMS_STRIPPED
; IMAGE_FILE_32BIT_MACHINE
; IMAGE_FILE_DEBUG_STRIPPED
; IMAGE_FILE_DLL

; --------------------
; OPTIONAL FILE HEADER
; --------------------

hw010b ; 00000098 magic: 010B
02 ; 0000009A major linker version: 2
38 ; 0000009B minor linker version: 38
hl00004000 ; 0000009C Size of Code: 00001200
hl00001000 ; 000000A0 Size of Initialised Data: 00001E00
hl00001000 ; 000000A4 Size of Uninitialised Data: 00005600
hl00001000 ; 000000A8 Address of Entry Point: 00001000
hl00001000 ; 000000AC Base of Code: 00001000
hl00003000 ; 000000B0 Base of Data: 00003000
hl10000000 ; 000000B4 Image Base: 10000000
hl00001000 ; 000000B8 Section Alignment: 00001000
hl00000200 ; 000000BC File Alignment Alignment: 00000200
hw0004 ; 000000C0 Major Operating System Version: 0004
hw0000 ; 000000C2 Minor Operating System Version: 0000
hw0001 ; 000000C4 Major Image Version: 0001
hw0000 ; 000000C6 Minor Image Version: 0000
hw0004 ; 000000C8 Major Subsystem Version: 0004
hw0000 ; 000000CA Minor Subsystem Version: 0000
hl00000000 ; 000000CC Reserved: 00000000
hl00001000 ; 000000D0 Size of Image 0000E000
hl00000400 ; 000000D4 Size of headers 00000400
hl00000000 ; 000000D8 Checksum 00005709
hw0003 ; 000000DC Subsystem: 0003
; IMAGE_SUBSYSTEM_WINDOWS_CUI
hw0000 ; 000000DE DLL Characteristics: 0000
hl00100000 ; 000000E0 Size of Stack Reserve: 00100000
hl00100000 ; 000000E4 Size of Stack Commit: 00100000
hl00100000 ; 000000E8 Size of Heap Reserve: 00100000
hl00001000 ; 000000EC Size of Heap Commit: 00001000
hl00000000 ; 000000F0 Loader Flags: 00000000

hl00000010 ; 000000F4 Number of RVA and Sizes: 00000010

hl0000B000 ; 000000F8 Data Dir0: EXPORT 0000B000
hl00000000 ; 000000FC Data Dir0: size 00000049
hl0000C000 ; 00000100 Data Dir1: IMPORT 0000C000
hl00000000 ; 00000104 Data Dir1: size 0000029C
hl00000000 ; 00000108 Data Dir2: RESOURCE 00000000
hl00000000 ; 0000010C Data Dir2: size 00000000
hl00000000 ; 00000110 Data Dir3: EXCEPTION 00000000
hl00000000 ; 00000114 Data Dir3: size 00000000
hl00000000 ; 00000118 Data Dir4: SECURITY 00000000
hl00000000 ; 0000011C Data Dir4: size 00000000
hl00000D00 ; 00000120 Data Dir5: BASE RELOC 0000D000
hl00000000 ; 00000124 Data Dir5: size 00000108
hl00000000 ; 00000128 Data Dir6: DEBUG 00000000
hl00000000 ; 0000012C Data Dir6: size 00000000
hl00000000 ; 00000130 Data Dir7: COPYRIGHT 00000000
hl00000000 ; 00000134 Data Dir7: size 00000000
hl00000000 ; 00000138 Data Dir8: GLOBAL PTR 00000000
hl00000000 ; 0000013C Data Dir8: size 00000000
hl00000000 ; 00000140 Data Dir9: TLS 00000000
hl00000000 ; 00000144 Data Dir9: size 00000000
hl00000000 ; 00000148 Data Dir10: LOAD CONFIG 00000000
hl00000000 ; 0000014C Data Dir10: size 00000000
hl00000000 ; 00000150 Data Dir11: BOUND IMPORT 00000000
hl00000000 ; 00000154 Data Dir11: size 00000000
hl00000000 ; 00000158 Data Dir12: IAT 00000000
hl00000000 ; 0000015C Data Dir12: size 00000000
hl00000000 ; 00000160 Data Dir13: DELAY IMPORT 00000000
hl00000000 ; 00000164 Data Dir13: size 00000000
hl00000000 ; 00000168 Data Dir14: COM DESCRIPTOR 00000000
hl00000000 ; 0000016C Data Dir14: size 00000000
hl00000000 ; 00000170 Data Dir15: Reserved 00000000
hl00000000 ; 00000174 Data Dir15: size 00000000

; ---------------
; SECTION HEADERS
; ---------------

.text
`.text` 00 00 00 ; 00000178
hl00000000 ; 00000180 Physical Data 000010FC
ga main ; 00000184 Virtual Data 00001000
hl00000000 ; 00000188 Size of Raw Data 00001200
hl00000000 ; 0000018C Ptr to Raw Data 00000400
hl00000000 ; 00000190 Ptr to Relocations 00000000
hl00000000 ; 00000194 Ptr to LineNumbers 00000000
hw0000 ; 00000198 Number of Relocations 0000
hw0000 ; 0000019A Number of Line Numbers 0000
hl00000000 ; 0000019C Characteristics 60000060
; Code section
; Initialised data section
; Executable section
; Readable section

; .data
; `.data` 00 00 00 ; 000001A0
; ;
; hl00000000 ; 000001A8 Physical Data 00000040
; hl00000000 ; 000001AC Virtual Data 00003000
; hl00000000 ; 000001B0 Size of Raw Data 00000200
; hl00000000 ; 000001B4 Ptr to Raw Data 00001600
; hl00000000 ; 000001B8 Ptr to Relocations 00000000
; hl00000000 ; 000001BC Ptr to LineNumbers 00000000
; hw0000 ; 000001C0 Number of Relocations 0000
; hw0000 ; 000001C2 Number of Line Numbers 0000
; hl00000000 ; 000001C4 Characteristics C0000040
; ; Initialised data section
; ; Readable section
; ; Writable section
;
; .rdata
; `.rdata` 00 00 ; 000001C8
; ;
; hl00000000 ; 000001D0 Physical Data 000000D0
; hl00000000 ; 000001D4 Virtual Data 00004000
; hl00000000 ; 000001D8 Size of Raw Data 00000200
; hl00000000 ; 000001DC Ptr to Raw Data 00001800
; hl00000000 ; 000001E0 Ptr to Relocations 00000000
; hl00000000 ; 000001E4 Ptr to LineNumbers 00000000
; hw0000 ; 000001E8 Number of Relocations 0000
; hw0000 ; 000001EA Number of Line Numbers 0000
; hl00000000 ; 000001EC Characteristics 40000040
; ; Initialised data section
; ; Readable section

.bss
`.bss` 00 00 00 00 ; 000001F0
;
hl00000000 ; 000001F8 Physical Data 00005600
hl00000000 ; 000001FC Virtual Data 00005000
hl00000000 ; 00000200 Size of Raw Data 00000000
hl00000000 ; 00000204 Ptr to Raw Data 00000000
hl00000000 ; 00000208 Ptr to Relocations 00000000
hl00000000 ; 0000020C Ptr to LineNumbers 00000000
hw0000 ; 00000210 Number of Relocations 0000
hw0000 ; 00000212 Number of Line Numbers 0000
hl00000000 ; 00000214 Characteristics C0000080
; Uninitialised data section
; Readable section
; Writable section

.edata
`.edata` 00 00 ; 00000218
;
hl00000000 ; 00000220 Physical Data 00000049
hl00000000 ; 00000224 Virtual Data 0000B000
hl00000000 ; 00000228 Size of Raw Data 00000200
hl00000000 ; 0000022C Ptr to Raw Data 00001A00
hl00000000 ; 00000230 Ptr to Relocations 00000000
hl00000000 ; 00000234 Ptr to LineNumbers 00000000
hw0000 ; 00000238 Number of Relocations 0000
hw0000 ; 0000023A Number of Line Numbers 0000
hl00000000 ; 0000023C Characteristics 40000040
; Initialised data section
; Readable section

.idata
`.idata` 00 00 ; 00000240
;
hl00000100 ; 00000248 Physical Data 0000029C
ga imports ; 0000024C Virtual Data 0000C000
hl00000100 ; 00000250 Size of Raw Data 00000400
hl00000000 ; 00000254 Ptr to Raw Data 00001C00
hl00000000 ; 00000258 Ptr to Relocations 00000000
hl00000000 ; 0000025C Ptr to LineNumbers 00000000
hw0000 ; 00000260 Number of Relocations 0000
hw0000 ; 00000262 Number of Line Numbers 0000
hl00000000 ; 00000264 Characteristics C0000040
; Initialised data section
; Readable section
; Writable section

; .reloc
; `.reloc` 00 00 ; 00000268
; hl00000000 ; 00000270 Physical Data 00000108
; hl00000000 ; 00000274 Virtual Data 0000D000
; hl00000000 ; 00000278 Size of Raw Data 00000200
; hl00000000 ; 0000027C Ptr to Raw Data 00002000
; hl00000000 ; 00000280 Ptr to Relocations 00000000
; hl00000000 ; 00000284 Ptr to LineNumbers 00000000
; hw0000 ; 00000288 Number of Relocations 0000
; hw0000 ; 0000028A Number of Line Numbers 0000
; hl00000000 ; 0000028C Characteristics 42000040
; ; Initialised data section
; ; Readable section

/+1000

) ; end of headers

.load_a_lib
ret

.main
mov eax,42
ret

o2
(
/+1000

; ----------------
; EXPORT DIRECTORY
; ----------------

/+1000
.exports

hl00000000 ; 00001A00 Characteristics 00000000
hl00000000 ; 00001A04 Time Date Stamp 489E0DEE
hw0000 ; 00001A08 Major Version 0000
hw0000 ; 00001A0A Minor Version 0000
hl00000000 ; 00001A0C Name 0000B032
hl00000000 ; 00001A10 Base 00000001
hl00000000 ; 00001A14 Number Of Functions 00000001
hl00000000 ; 00001A18 Number Of Names 00000001

ga exp_funcs ; 00001A1C Address Of Functions 0000B028
ga exp_names ; 00001A20 Address Of Names 0000B02C
ga exp_ordls ; 00001A24 Address Of Name Ordinals 0000B030

.exp_funcs
ga load_a_lib

.load_a_lib ga name1

.exp_names
ga name1

.name1 `load_a_lib` 00

.exp_ordls
hw0000

; --------------------------------------------------------------------------------------
; OFFSET VIRTUAL FILE OFS VIRT LOC ORD NAME A+0 CODE SNIPPET
; --------------------------------------------------------------------------------------
; 00001A3E 0000B03E 000005A0 000011A0 0000 load_a_lib 55 89 E5 83 EC 04 C7 45

; -----------
; Import DLLs
; -----------

; IMPORT DIRECTORY ENTRY RECORD
; -----------------------------

/+1000
.imports

ga name_list ; 00001C00 dw RVA Function Name List 0000C040
hl00000000 ; 00001C04 dw Useless 1 00000000
hl00000000 ; 00001C08 dw Useless 2 00000000
ga module_name ; 00001C0C dw RVA Module Name 0000C244
ga proc_address_list ; 00001C10 dw RVA Function Address List 0000C0A8

; Function List (declare_order and name)
; ---------------------------------------
; 00001CB0 0000C0A0 0001 FreeLibrary
; 00001CBC 0000C0A4 0002 GetProcAddress
; 00001CC0 0000C0A8 0003 LoadLibraryA

/+4
.proc_address_list

ga FreeLibrary
ga GetProcAddress
ga LoadLibraryA

/+4
.module_name `KERNEL32.DLL` 00 00

/+4
.name_list

.FreeLibrary hw0001 `FreeLibrary` 00 00
.GetProcAddress hw0002 `GetProcAddress` 00 00
.LoadLibraryA hw0003 `LoadLibraryA` 00 00

) ; end of section bodies

[/code]

**Charles Pegge** · 15-08-2008, 00:04

I've finally cracked the basic PE format for making DLLs & EXEs

This program generates a skeleton EXE file t.exe which has export and import sections. t.exe does nothing but execute successfully without incurring abusive messages from the operating system, and also reads correctly in a PE viewer.

It is intriguing to note that the only difference between an EXE and a DLL is a single bit setting in the header, and of course you name it .DLL instead of .EXE

This is written mostly in o2 script with some skeleton test code in Assembler. We first assemble an executable memory image. This is then compacted and patched with some pointer and size parameters ready for filing. It produces a very small file (2.5k)because it does not require relocation tables or a constant table. Indeed it is possible to slice off anothe 512 bytes by putting import and export tables into a single section (PB does this).

I had to make a small correction to Asmosphere to get this to assemble correctly, which you will need if you want to try it out: - The two programs PE_DLLgen and PE_Report are included in the package.

http://community.thinbasic.com/index.php?topic=1845

[code=thinbasic]

' DLL gen

Uses "File"
Uses "Oxygen"

function TimeDateEncode(s as string) as long
dim ss,mi,hh,mm,dd,yy as long
if s="" then s=time$+" "+date$
hh=val(mid$(s,1,2))
mi=val(mid$(s,4,2))
ss=val(mid$(s,7,2))
mm=val(mid$(s,11,2))
dd=val(mid$(s,14,2)) 'rebase 0
yy=val(mid$(s,17,4))
if mm>1 then dd=dd+31
if mm>2 then dd=dd+28:if mod(yy,4) = 0 then dd+=1
if mm>3 then dd=dd+31
if mm>4 then dd=dd+30
if mm>5 then dd=dd+31
if mm>6 then dd=dd+30
if mm>7 then dd=dd+31
if mm>8 then dd=dd+31
if mm>9 then dd=dd+30
if mm>10 then dd=dd+31
if mm>11 then dd=dd+30
yy-=1970
dd=dd+yy*365-1
'leaps
dd=dd+yy\4 ' base 1968. 0 . add days for previous leaps
ss+=(mi*60)+(hh*3600)
ss+=dd*86400 ' total seconds
ss-=3600 ' fudge
function=ss
end function

dim src as string="

o2
(

; ----------
; DOS HEADER
; ----------

`MZ` 90 00 ; 0000
03 00 00 00 ; 0004
04 00 00 00 ; 0008
FF FF 00 00 ; 000c
B8 00 00 00 ; 0010
00 00 00 00 ; 0014
40 00 00 00 ; 0018
00 00 00 00 ; 001c
00 00 00 00 ; 0020
00 00 00 00 ; 0024
00 00 00 00 ; 0028
00 00 00 00 ; 002c
00 00 00 00 ; 0030
00 00 00 00 ; 0034
00 00 00 00 ; 0038
80 00 00 00 ; 003c

0E 1F BA 0E ; 0040
00 B4 09 CD ; 0044
21 B8 01 4C ; 0048
CD 21

`This program cannot be run in DOS mode.` 0d 0a 00

/0080

; -----------------
; IMAGE FILE HEADER
; -----------------

/0080

`PE` 00 00 ; 0080 Signature: 00004550
hw014C ; 00000084 Machine: 014C
; IMAGE_FILE_MACHINE_I386
hw0004 ; 00000086 Sections: 0007
hl00000000 ; 00000088 TimeDateStamp: 489E0DEE
; Date & Time: 09/August/2008 22:36:46
hl00000000 ; 0000008C Pointer to symbol table: 00000000
hl00000000 ; 00000090 Number of symbols: 00000000
hw00E0 ; 00000094 Size of Optional header: 000E0
hw230E ; 00000096 Characteristics: 000230E
; IMAGE_FILE_LINE_NUMS_STRIPPED
; IMAGE_FILE_LINE_NUMS_STRIPPED
; IMAGE_FILE_LOCAL_SYMS_STRIPPED
; IMAGE_FILE_32BIT_MACHINE
; IMAGE_FILE_DEBUG_STRIPPED
; IMAGE_FILE_DLL &h2000

; --------------------
; OPTIONAL FILE HEADER
; --------------------

hw010b ; 00000098 magic: 010B
02 ; 0000009A major linker version: 2
38 ; 0000009B minor linker version: 38
hl00000000 ; 0000009C Size of Code: 00001200
hl00000000 ; 000000A0 Size of Initialised Data: 00001E00
hl00000000 ; 000000A4 Size of Uninitialised Data: 00005600
ga entry_point
; 000000A8 Address of Entry Point: 00001000
ga base_of_code
; 000000AC Base of Code: 00001000
ga base_of_data
; 000000B0 Base of Data: 00003000
hl04000000 ; 000000B4 Image Base: 10000000
hl00001000 ; 000000B8 Section Alignment: 00001000
hl00000200 ; 000000BC File Alignment Alignment: 00000200
hw0004 ; 000000C0 Major Operating System Version: 0004
hw0000 ; 000000C2 Minor Operating System Version: 0000
hw0001 ; 000000C4 Major Image Version: 0001
hw0000 ; 000000C6 Minor Image Version: 0000
hw0004 ; 000000C8 Major Subsystem Version: 0004
hw0000 ; 000000CA Minor Subsystem Version: 0000
hl00000000 ; 000000CC Reserved: 00000000
hl00005000 ; 000000D0 Size of Image 0000E000
hl00000400 ; 000000D4 Size of headers 00000400
hl00000000 ; 000000D8 Checksum 00005709
hw0003 ; 000000DC Subsystem: 0003
; IMAGE_SUBSYSTEM_WINDOWS_CUI
hw0000 ; 000000DE DLL Characteristics: 0000
hl00100000 ; 000000E0 Size of Stack Reserve: 00100000
hl00100000 ; 000000E4 Size of Stack Commit: 00100000
hl00100000 ; 000000E8 Size of Heap Reserve: 00100000
hl00001000 ; 000000EC Size of Heap Commit: 00001000
hl00000000 ; 000000F0 Loader Flags: 00000000

hl00000010 ; 000000F4 Number of RVA and Sizes: 00000010

ga exports ; 000000F8 Data Dir0: EXPORT 0000B000
hl00000000 ; 000000FC Data Dir0: size 00000049
ga imports ; 00000100 Data Dir1: IMPORT 0000C000
hl00000000 ; 00000104 Data Dir1: size 0000029C
hl00000000 ; 00000108 Data Dir2: RESOURCE 00000000
hl00000000 ; 0000010C Data Dir2: size 00000000
hl00000000 ; 00000110 Data Dir3: EXCEPTION 00000000
hl00000000 ; 00000114 Data Dir3: size 00000000
hl00000000 ; 00000118 Data Dir4: SECURITY 00000000
hl00000000 ; 0000011C Data Dir4: size 00000000
hl00000000 ; 00000120 Data Dir5: BASE RELOC 00000d00
hl00000000 ; 00000124 Data Dir5: size 00000100
hl00000000 ; 00000128 Data Dir6: DEBUG 00000000
hl00000000 ; 0000012C Data Dir6: size 00000000
hl00000000 ; 00000130 Data Dir7: COPYRIGHT 00000000
hl00000000 ; 00000134 Data Dir7: size 00000000
hl00000000 ; 00000138 Data Dir8: GLOBAL PTR 00000000
hl00000000 ; 0000013C Data Dir8: size 00000000
hl00000000 ; 00000140 Data Dir9: TLS 00000000
hl00000000 ; 00000144 Data Dir9: size 00000000
hl00000000 ; 00000148 Data Dir10: LOAD CONFIG 00000000
hl00000000 ; 0000014C Data Dir10: size 00000000
hl00000000 ; 00000150 Data Dir11: BOUND IMPORT 00000000
hl00000000 ; 00000154 Data Dir11: size 00000000
hl00000000 ; 00000158 Data Dir12: IAT 00000000
hl00000000 ; 0000015C Data Dir12: size 00000000
hl00000000 ; 00000160 Data Dir13: DELAY IMPORT 00000000
hl00000000 ; 00000164 Data Dir13: size 00000000
hl00000000 ; 00000168 Data Dir14: COM DESCRIPTOR 00000000
hl00000000 ; 0000016C Data Dir14: size 00000000
hl00000000 ; 00000170 Data Dir15: Reserved 00000000
hl00000000 ; 00000174 Data Dir15: size 00000000

; ---------------
; SECTION HEADERS
; ---------------

.text
`.text` 00 00 00 ; 00000178
hl00000000 ; 00000180 Physical Data 000010FC
ga main
; 00000184 Virtual Data 00001000
hl00000000 ; 00000188 Size of Raw Data 00001200
hl00000000 ; 0000018C Ptr to Raw Data 00000400
hl00000000 ; 00000190 Ptr to Relocations 00000000
hl00000000 ; 00000194 Ptr to LineNumbers 00000000
hw0000 ; 00000198 Number of Relocations 0000
hw0000 ; 0000019A Number of Line Numbers 0000
hl60000060 ; 0000019C Characteristics 60000060
; Code section
; Initialised data section
; Executable section
; Readable section

; .data
; `.data` 00 00 00 ; 000001A0
; ;
; hl00000000 ; 000001A8 Physical Data 00000040
; hl00000000 ; 000001AC Virtual Data 00003000
; hl00000000 ; 000001B0 Size of Raw Data 00000200
; hl00000000 ; 000001B4 Ptr to Raw Data 00001600
; hl00000000 ; 000001B8 Ptr to Relocations 00000000
; hl00000000 ; 000001BC Ptr to LineNumbers 00000000
; hw0000 ; 000001C0 Number of Relocations 0000
; hw0000 ; 000001C2 Number of Line Numbers 0000
; hlc0000040 ; 000001C4 Characteristics C0000040
; ; Initialised data section
; ; Readable section
; ; Writable section
;
; .rdata
; `.rdata` 00 00 ; 000001C8
; ;
; hl00000000 ; 000001D0 Physical Data 000000D0
; hl00000000 ; 000001D4 Virtual Data 00004000
; hl00000000 ; 000001D8 Size of Raw Data 00000200
; hl00000000 ; 000001DC Ptr to Raw Data 00001800
; hl00000000 ; 000001E0 Ptr to Relocations 00000000
; hl00000000 ; 000001E4 Ptr to LineNumbers 00000000
; hw0000 ; 000001E8 Number of Relocations 0000
; hw0000 ; 000001EA Number of Line Numbers 0000
; hl40000040 ; 000001EC Characteristics 40000040
; ; Initialised data section
; ; Readable section

.bss
`.bss` 00 00 00 00 ; 000001F0
;
hl00001000 ; 000001F8 Physical Data 00005600
ga bssdata
; 000001FC Virtual Data 00005000
hl00000000 ; 00000200 Size of Raw Data 00000000
hl00000000 ; 00000204 Ptr to Raw Data 00000000
hl00000000 ; 00000208 Ptr to Relocations 00000000
hl00000000 ; 0000020C Ptr to LineNumbers 00000000
hw0000 ; 00000210 Number of Relocations 0000
hw0000 ; 00000212 Number of Line Numbers 0000
hlc0000080 ; 00000214 Characteristics C0000080
; Uninitialised data section
; Readable section
; Writable section

.edata
`.edata` 00 00 ; 00000218
;
hl00000000 ; 00000220 Physical Data 00000049
ga exports ; 00000224 Virtual Data 0000B000
hl00000000 ; 00000228 Size of Raw Data 00000200
hl00000000 ; 0000022C Ptr to Raw Data 00001A00
hl00000000 ; 00000230 Ptr to Relocations 00000000
hl00000000 ; 00000234 Ptr to LineNumbers 00000000
hw0000 ; 00000238 Number of Relocations 0000
hw0000 ; 0000023A Number of Line Numbers 0000
hl40000040 ; 0000023C Characteristics 40000040
; Initialised data section
; Readable section

.idata
`.idata` 00 00 ; 00000240
;
hl00000100 ; 00000248 Physical Data 0000029C
ga imports ; 0000024C Virtual Data 0000C000
hl00000000 ; 00000250 Size of Raw Data 00000400
hl00000000 ; 00000254 Ptr to Raw Data 00001C00
hl00000000 ; 00000258 Ptr to Relocations 00000000
hl00000000 ; 0000025C Ptr to LineNumbers 00000000
hw0000 ; 00000260 Number of Relocations 0000
hw0000 ; 00000262 Number of Line Numbers 0000
hlc0000040 ; 00000264 Characteristics C0000040
; Initialised data section
; Readable section
; Writable section

; .reloc
; `.reloc` 00 00 ; 00000268
; hl00000000 ; 00000270 Physical Data 00000108
; hl00000000 ; 00000274 Virtual Data 0000D000
; hl00000000 ; 00000278 Size of Raw Data 00000200
; hl00000000 ; 0000027C Ptr to Raw Data 00002000
; hl00000000 ; 00000280 Ptr to Relocations 00000000
; hl00000000 ; 00000284 Ptr to LineNumbers 00000000
; hw0000 ; 00000288 Number of Relocations 0000
; hw0000 ; 0000028A Number of Line Numbers 0000
; hl42000040 ; 0000028C Characteristics 42000040
; ; Initialised data section
; ; Readable section

/+1000

) ; end of headers

.entry_point
.main
.base_of_code
; procedure to get absolute address of imports table
; and bind the imported procs
push ebx
push esi
push edi
call here
.here
pop eax
sub eax,8
sub eax, base_of_code
add eax, proc_address_list
mov ebx,eax
def FreeLibrary proc [ebx]
def GetProcAddress proc [ebx+04]
def LoadLibraryA proc [ebx+08]
pop edi
pop esi
pop ebx
;
ret

o2 /+4
.load_a_lib
ret

o2 /+200
o2 01 `end_of_code` 01

o2
(
/+1000
.base_of_data
.bssdata
/+1000 ; space allocation for bssdata

; ----------------
; EXPORT DIRECTORY
; ----------------
.exports

hl00000000 ; 00001A00 Characteristics 00000000
hl00000000 ; 00001A04 Time Date Stamp 489E0DEE
hw0000 ; 00001A08 Major Version 0000
hw0000 ; 00001A0A Minor Version 0000
ga exp_name ; 00001A0C Name 0000B032
hl00000001 ; 00001A10 Base 00000001
hl00000001 ; 00001A14 Number Of Functions 00000001
hl00000001 ; 00001A18 Number Of Names 00000001

ga exp_funcs ; 00001A1C Address Of Functions 0000B028
ga exp_names ; 00001A20 Address Of Names 0000B02C
ga exp_ordls ; 00001A24 Address Of Name Ordinals 0000B030
hl0
.exp_name
hl0

.exp_funcs
ga load_a_lib

.load_a_lib ga name1

.exp_names
ga name1

.name1 `load_a_lib` 00

.exp_ordls
hw0001

/+200
01 `end_of_exports` 01

; --------------------------------------------------------------------------------------
; OFFSET VIRTUAL FILE OFS VIRT LOC ORD NAME A+0 CODE SNIPPET
; --------------------------------------------------------------------------------------
; 00001A3E 0000B03E 000005A0 000011A0 0000 load_a_lib 55 89 E5 83 EC 04 C7 45

; -----------
; Import DLLs
; -----------

; IMPORT DIRECTORY ENTRY RECORD
; -----------------------------

/+1000
.imports

ga proc_name_list1 ; 00001C00 dw RVA Function Name List 0000C040
hl00000000 ; 00001C04 dw Useless 1 00000000
hl00000000 ; 00001C08 dw Useless 2 00000000
ga module_name1 ; 00001C0C dw RVA Module Name 0000C244
ga proc_address_list1 ; 00001C10 dw RVA Function Address List 0000C0A8

hl0 hl0 hl0 hl0 hl0 ; termination of entries

; Function List (declare_order and name)
; ---------------------------------------
; 00001CB0 0000C0A0 000 FreeLibrary
; 00001CBC 0000C0A4 0002 GetProcAddress
; 00001CC0 0000C0A8 0003 LoadLibraryA

/+4
.module_name1 `KERNEL32.DLL` 00

/+4
.proc_name_list1
ga FreeLibrary
ga GetProcAddress
ga LoadLibraryA
hl0

; no hints 01 02 03
/+4 .FreeLibrary hw0001 `FreeLibrary` 00
/+4 .GetProcAddress hw0002 `GetProcAddress` 00
/+4 .LoadLibraryA hw0003 `LoadLibraryA` 00

/+4
; contiguous address list
.proc_address_list
;------------------
.proc_address_list1
ga FreeLibrary
ga GetProcAddress
ga LoadLibraryA
hl0
.proc_address_list2
hl0

/+200
01 `end_of_imports` 01

/+1000

) ; end of section bodies

"
' end of src

o2_asmo src

if len(o2_error) then
msgbox 0,o2_error
stop
end if

dim mage as string=o2_get
dim prc,pre,pri,ptc,pte,pti,lvc,lve,lvi,lrc,lre,lri,p,q as long
dim qt as string=chr$(1)

ptc=cvl(mage,&h185)
pte=cvl(mage,&h1d5)
pti=cvl(mage,&h1fd)

if (ptc=0)or(pte=0)or(pti=0) then
msgbox 0,"Missing section pointers"
stop
end if

lrc=instr(ptc,mage,qt+"end_of_code"+qt)-ptc-1
lre=instr(pte,mage,qt+"end_of_exports"+qt)-pte-1
lri=instr(pti,mage,qt+"end_of_imports"+qt)-pti-1

lvc=pte-ptc
lve=pti-pte
lvi=cvi(mage,&h1ad)-pti

'msgbox 0,hex$(ptc)+" "+hex$(pte)+" "+hex$(pti)
'msgbox 0,hex$(lvc)+" "+hex$(lve)+" "+hex$(lvi)

prc=&h400
pre=prc+lrc
pri=pre+lre

'msgbox 0,hex$(prc)+" "+hex$(pre)+" "+hex$(pri)
'msgbox 0,hex$(lrc)+" "+hex$(lre)+" "+hex$(lri)

dim dll as string="" _
+ left$(mage,&h400) _ ' headers
+ mid$(mage,ptc+1,lrc) _ ' code
+ mid$(mage,pte+1,lre) _ ' export section
+ mid$(mage,pti+1,lri) _ ' import section

' to patch in raw data len and offsets
'
mid$(dll,&h09d)=mkl$(lrc) ' size of code
mid$(dll,&h0a1)=mkl$(0) ' size of initialised data
mid$(dll,&h0a5)=mkl$(&h1000) ' size of uninitialised data
mid$(dll,&h0fd)=mkl$(lre) ' len virtual data for exports
mid$(dll,&h105)=mkl$(lri) ' len virtual data for imports
'
mid$(dll,&h181)=mkl$(lrc-

' len physical data for code
mid$(dll,&h1d1)=mkl$(lre-

' len physical data for exports
mid$(dll,&h1f9)=mkl$(lri-

' len physical data for imports
'
mid$(dll,&h189)=mkl$(lrc) ' len raw data for code
mid$(dll,&h1d9)=mkl$(lre) ' len raw data for exports
mid$(dll,&h201)=mkl$(lri) ' len raw data for imports
'
mid$(dll,&h18d)=mkl$(prc) ' ptr raw data for code
mid$(dll,&h1dd)=mkl$(pre) ' ptr raw data for exports
mid$(dll,&h205)=mkl$(pri) ' ptr raw data for imports
'
' time stamp
q=timedateEncode("")
mid$(dll,&h89)=mkl$(q) ' in main header
mid$(dll,pre+5)=mkl$(q) ' in exports dir

msgbox 0, ""_
& hex$(o2_len) & " Image size" & $crlf _
& hex$(cvl(mage,&h185)) & " code" & $crlf _
& hex$(cvl(mage,&h1ad)) & " bss" & $crlf _
& hex$(cvl(mage,&hb1)) & " base of data" & $crlf _
& hex$(cvl(mage,&h1d5)) & " exports" & $crlf _
& hex$(cvl(mage,&h1fd)) & " imports" & $crlf _
& "FILE PARTS:" & $crlf _
& hex$(cvl(mage,&h0d5)) & " header size" & $crlf _
& hex$(lrc) & " file code size" & $crlf _
& hex$(lre) & " file exports size" & $crlf _
& hex$(lri) & " file imports size" & $crlf _
& hex$(len(dll)) & " File size " & $crlf _
& ""

'file_save ("t.txt",o2_view(src))
'file_save ("t.dll",dll)
mid$(dll,&h97)=mki$(&h30e) ' as exe instead of DLL
file_save ("t.exe",dll)

[/code]