PE File Run Fixedbase
Runs PE executables that have been created without relocation
information by placing them into the loader executable buffer.
Runs a fixed-base PE executable by placing it into the beginning
of the loader executable. This is possible by placing a special
“dummy section” in front of all PE sections in the MSVC++ compiler.
Doing so merges the module handles of both the loader and the
executable, so we avoid having to patch internal Win32 structures.
- create a “.exebuf” code_seg section in-code and place a big char buffer into it (using __declspec(allocate()))
- create an empty “.newexe” code_seg section after it
- specify the linker option /MERGE=.text=.newexe
- disable Link Time Code Generation (prevents recreation of new .text section)
- disable Incremental Linking (gets rid of .textbss)
- verify in the main function that the address of the char buffer is ( GetModuleHandle( NULL ) - 0x1000 )
- load the custom executable and verify that it’s size is small enough to fit into the buffer
- resolve all executable references
- run the entry point
The generated loader is bigger than the to-be-run executable due to
MSVC Linker behavior.