Sunday, January 29, 2012

PE32+

One gloomy evening I decided to look at the latest Portable Executable specification, and thought it would
be pretty cool to write a PE loader.

Doing so under Linux is not particularly difficult, given the binfmt infrastructure, already well used to support legacy and emulation targets.

Two gloomy evenings later I had something that could load a rudimentary PE-COFF executable :-). It doesn't handle an IAT yet, so no shared objects, and since I was in a hurry and tired, no relocations and section alignment must equal file alignment, but I'll work those three out eventually.

Since I didn't have a PE tool chain on hand, I assembled the headers manually, kindly borrowing from them Tiny PE work.

So, uh, why? Firstly, because I can. It's fun, and it exposes me to those parts of the kernel that you don't have much opportunity otherwise to meddle in (and where the learning curve is steeper than usual). But I was lately
wondering what it would take to run the ReactOS userspace under Linux... So you could say my end goal is
write an NT personality for Linux, so I can run an unmodified ReactOS smss.exe with an unmodified ntdll.dll.

Anyway, as usual, the patch against 3.2+ and example hello.asm on my Github account -
https://github.com/andreiw/andreiw-wip/tree/master/linux/3.2/pe32+

Have fun!

No comments:

Post a Comment