a***@spenarnc.xs4all.nl
2024-04-10 13:46:12 UTC
It is comparatively easy to grow a windows 64 bit excitable
to allow more dictionary space. To do it properly one has to adjust
the redundancy check, that is a summation of 16 bit entities to which
is added the file length, generating 32 bits.
The following code is doing that:
(lina is a 64 bit windows Forth )
\ -------------------- 8< ----------------------------
#!/usr/bin/lina -s
\ Correct the checksum in the 64 bit executable in the first argument.
WANT -ROT $-PREFIX BOUNDS H. DUMP /STRING
: W@ @ $FFFF AND ; \ Intel only!
1 ARG[] GET-FILE .S
\ 0 , DUP 1 AND + \ make it even
OVER CONSTANT FILE
FILE 2 + W@ FILE + CONSTANT PE-header
PE-header 100 DUMP
PE-header 88 + CONSTANT checksum
\ PE-header FILE - /STRING
checksum L@ H.
0 checksum L!
2DUP 0 -ROT BOUNDS .S DO I W@ + 2 +LOOP .S
BEGIN DUP $FFFF > WHILE $10000 /MOD + REPEAT .S
\ INVERT $FFFF AND
OVER + .S checksum L! .S
1 ARG[] PUT-FILE
\ -------------------- 8< ----------------------------
The offsets 2 and 88 are found in
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
There is an issue at stack overflow "Windows PE checksum algorithm"
with obscure java python c# code. The actual code is
"BOUNDS DO I W@ + 2 +LOOP "
followed by folding the overflowing bits into 16 bits.
"BEGIN DUP $FFFF > WHILE $10000 /MOD + REPEAT"
Correct checksums can become in issue in DLL's, Microsoft promises
to kill offending DLL's not so for executables.
wine doesn't care for my windows 32 or 64 bits executable.
One can now patch the filesize in the COFF header, and expand the
dictionary space from 4 megabyte to 1 megabyte and have a correct
header.
Groetjes
to allow more dictionary space. To do it properly one has to adjust
the redundancy check, that is a summation of 16 bit entities to which
is added the file length, generating 32 bits.
The following code is doing that:
(lina is a 64 bit windows Forth )
\ -------------------- 8< ----------------------------
#!/usr/bin/lina -s
\ Correct the checksum in the 64 bit executable in the first argument.
WANT -ROT $-PREFIX BOUNDS H. DUMP /STRING
: W@ @ $FFFF AND ; \ Intel only!
1 ARG[] GET-FILE .S
\ 0 , DUP 1 AND + \ make it even
OVER CONSTANT FILE
FILE 2 + W@ FILE + CONSTANT PE-header
PE-header 100 DUMP
PE-header 88 + CONSTANT checksum
\ PE-header FILE - /STRING
checksum L@ H.
0 checksum L!
2DUP 0 -ROT BOUNDS .S DO I W@ + 2 +LOOP .S
BEGIN DUP $FFFF > WHILE $10000 /MOD + REPEAT .S
\ INVERT $FFFF AND
OVER + .S checksum L! .S
1 ARG[] PUT-FILE
\ -------------------- 8< ----------------------------
The offsets 2 and 88 are found in
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
There is an issue at stack overflow "Windows PE checksum algorithm"
with obscure java python c# code. The actual code is
"BOUNDS DO I W@ + 2 +LOOP "
followed by folding the overflowing bits into 16 bits.
"BEGIN DUP $FFFF > WHILE $10000 /MOD + REPEAT"
Correct checksums can become in issue in DLL's, Microsoft promises
to kill offending DLL's not so for executables.
wine doesn't care for my windows 32 or 64 bits executable.
One can now patch the filesize in the COFF header, and expand the
dictionary space from 4 megabyte to 1 megabyte and have a correct
header.
Groetjes
--
Don't praise the day before the evening. One swallow doesn't make spring.
You must not say "hey" before you have crossed the bridge. Don't sell the
hide of the bear until you shot it. Better one bird in the hand than ten in
the air. First gain is a cat purring. - the Wise from Antrim -
Don't praise the day before the evening. One swallow doesn't make spring.
You must not say "hey" before you have crossed the bridge. Don't sell the
hide of the bear until you shot it. Better one bird in the hand than ten in
the air. First gain is a cat purring. - the Wise from Antrim -