Use tasm to compile coff formats and connections

Author: anskya

View a copy of drocon mercury code circulating on the network
The program source code is compiled using tasm32 and connected using masm32... the key point is here.
Why use tasm to compile... Normally, the size of the program code connected by tasm
It is much larger than that connected by masm32 ..

In fact, it is not difficult to see that the size of the OBJ compiled by. tasm is very small, and the volume increases after being connected.
Now, since the Compiler Principle is almost impossible to use it like this (I compared it with FASM)
There is no difference between the OBJ volume compiled by masm32 and the connected program.
Even if you compile a MessageBox program, it will still generate a 1.9k OBJ, relatively speaking, tasm volume
It's much smaller .....

Let's talk about mercury later.
First, let's talk about the rough code. First, it is the source code compiled by tasm32 (compiled into *. OBJ) and then used
The Link (connector) of masm32 is used to connect to the exe. (see its make. bat.) The Connection Library path is
Tasm .. So some people use it. In tasm5plus, implib.exe is used to generate Lib. However
Still cannot compile...

Refer to the Link Description of masm32 here. Link.exe can only connect to OBJ in coff format, tasm32 Encoding
The translated obj is in The OMF format. To connect the link properly, only task 32 can compile the coff lattice.
Type OBJ ,.

How to do it? Examples of how to compile the coff format are provided in some routines provided by the Assembly Language compiler.
For now, I only see this on FASM. Well, let's talk about how to compile it.

First, let's take a look at his code (drocon deleted several pieces of code-Despise him here !!!), First Parameter
Transfer Method and coff import Table call method. For example, if the imported table of messageboxa is normal
Messageboxa.
It is a format like "_ imp _ messageboxa @ 16" (most of them are like this), so we write a macro.
You can add _ imp _ in the front, but the drocon Code cannot be deleted ..
In fact, how can we find that _ imp _ messageboxa @ 16 is used?
Open the VC program to write a MessageBox
Debugging-> disassembly: You can see it.
During compilation, the code entry point is located on start.
Below is a simple example.

Code:
   Callw macro x extern C _ imp __& X: DWORD call _ imp __& xendm.586.model flatpublic C start. Code start: Push 0 push 0 push 0 push 0 callw messageboxa retend start
   

 

Code:
   Bin/tasm32/MX/M4/Z msgbox. asmbin/link/subsystem: Windows lib/kernel32.lib/user32.lib/ignore: 4033,4078/nologo/entry: Start/filealign: 0x200/merge :. data =. text/merge :. RDATA =. text/section :. text, rwx msgbox. objdel msgbox. objpause
   

 

Compilation of small programs won't find anything special, but compilation of a slightly larger program can be found, mercury code 13 K but after compilation only 3.5 K (no shell)
If all the API functions use Memory search (similar to the write virus), the size after compilation is 2 k (no shell)

How can this problem be solved ~.. Is tasm compiler excellent? Excellent MASM connector?
Many materials can be found in some electronic magazines of 29A ....
======

 

Oh, can I really compile a file that is not aligned by 512 bytes?
What parameters does MASM need to add?

Yes!

Code:
   Bin/tasm32/MX/M4/z. asmbin/link/align: 32/Force: unresolved/subsystem: Windows lib/kernel32.lib/user32.lib/ignore: 4033,4078/nologo/entry: Start/filealign: 0x200/merge :. data =. text/merge :. RDATA =. text/section :. text, rwx. objdel. objpause
   

 

Add parameter:/align: 32/Force: unresolved
You can ~ The original code can compile a 604-byte exe.
(I forgot what I saw in that Code ~ Thanks to the forgotten hero ~)

However, after compilation, there will be problems with shelling ~ It is estimated that the shelling software cannot modify this alignment method.

 

 

====================