Feature PE kernel loading about pure64 HOT 13 CLOSED

Code looks good to me. Should it check for the full 32-bit signature of '0x50450000' just in case? This is for 64-bit PE files only?

from pure64.

There isn't a check to make sure it is 64bit, but I can add that as well.

I can extend it to check the full signature if you like.
On Sep 18, 2014 3:37 PM, "Ian Seyler" [email protected] wrote:

Code looks good to me. Should it check for the full 32-bit signature of
'0x50450000' just in case? This is for 64-bit PE files only?

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

from pure64.

Based on the layout of a PE binary (http://i.imgur.com/LIImg.jpg) it should be possible to just check 'Magic'. I guess we could verify 'Machine' as well. Have you tried loading a PE file this way?

from pure64.

Yes and it works!
On Sep 19, 2014 11:40 AM, "Ian Seyler" [email protected] wrote:

Based on the layout of a PE binary (http://i.imgur.com/LIImg.jpg) it
should be possible to just check 'Magic'. I guess we could verify 'Machine'
as well. Have you tried loading a PE file this way?

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

from pure64.

Do you have an example or instructions? If I can get full end-to-end documentation for this, that would be great!

from pure64.

I compiled a kernel in Visual C++ 2013, copied it with pure64.sys and the
bmfs bootloader (using the bmfs tool), and then ran it in boch. I did some
basic checking such as checking for a different signature and it failed to
load correctly (so I didn't have to modify my binary's signature).

I will post my example kernel later if you like and finish the signature
check.

The other fields in the PE spec are only really useful or even meaningful
if you're running windows.
On Sep 19, 2014 1:28 PM, "Ian Seyler" [email protected] wrote:

Do you have an example or instructions? If I can get full end-to-end
documentation for this, that would be great!

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

from pure64.

That would be great if you could share a small example. When I can reproduce it on my end I will add code and documentation to the repo.

from pure64.

I can upload my visual studio project and such if you would like, or if you
are not on windows I will have to upload just the pe kernel (you can use a
pe explorer tool to verify the correct locations and offsets) and you can
verify it with the code above.
On Sep 19, 2014 3:02 PM, "Ian Seyler" [email protected] wrote:

That would be great if you could share a small example. When I can
reproduce it on my end I will add code and documentation to the repo.

—
Reply to this email directly or view it on GitHub
#22 (comment)
.

from pure64.

The project will be fine. I can run VisualStudio in a VM if needed.

from pure64.

Ok I zipped my project folder as it will be the easiest way to verify anything I guess.

I have included my modified pure64.asm which replaces the

jmp 0x0000000000100000

line with:

; PE loader header check
    mov eax, [0x10003c]             ; Get the e_lfanew value which is the address of the PE header (32bit).
    mov cx, [eax + 0x100004]        ; The machine type.
    cmp cx, 0x8664                  ; Check to make sure the machine type is x64.
    jne normal_start                ; If it isn't equal jump to the normal starting address. (Commnet out to ignore result.)
    mov ebx, [eax + 0x100000]       ; The PE header signature is here.
    cmp ebx, 0x00004550     ;       ; Compare the PE header signature to make sure it matches. (little endian)
    jne normal_start                ; If it isn't equal jump to the normal starting address.

; PE loeader starting address (RVA) parsing
    add eax, 0x100028               ; Add size of PE header (24 bytes) and offset to
                                    ; AddressOfEntryPoint (16 bytes) to image base 0x100000
    mov ebx, [eax]                  ; AddressOfEntryPoint added to ImageBase to get entry point addreess
    add eax, 0x08                   ; Add the offset to get the ImageBase
    add ebx, [eax]                  ; Add ImageBase to AddressOfEntryPoint (ebx)

    xor rax, rax                    ; Clear rax and rcx; rbx has the jump location so don't clear it.
    xor rcx, rcx

pe_start:
    jmp rbx                         ; rbx has the compute RVA for the jmp

normal_start:
    xor rax, rax                    ; We can clear rax and rbx again
    xor rbx, rbx
    xor rcx, rcx
    jmp 0x0000000000100000

I added in the machine check (can be disabled by commenting out the jne line right below the cmp cx 0x8664.

The project build command invokes nasm to build the asm files and they are already set to be linked in. The run command calls a bat file (which I did not include) that copies my kernel into the bmfs along with pure64.sys.

https://www.dropbox.com/s/4gt1b22mate721u/pe_kernel.zip?dl=0

Don't hesitate to ask me any questions (I can live stream this or Youtube if the VM doesn't work).

from pure64.

IanSeyler have you had a chance to review this?

from pure64.

I have also committed my current OS effort to see it in action https://github.com/adam4813/OS .

from pure64.

#24 closes this.

from pure64.