3 #the first bytes of an image must be 4d 5a
5 assembly simple-assembly.exe
6 valid offset 0 set-byte 0x4d
7 invalid offset 0 set-byte 0x4e
9 valid offset 1 set-byte 0x5a
10 invalid offset 1 set-byte 0
12 #the spec says it should be 0x90 but no modern COFF loader cares about this.
13 valid offset 2 set-byte 0
16 #the offset to the pe-image
18 assembly simple-assembly.exe
20 #truncate the file before and after
21 invalid offset 0x3c truncate
22 invalid offset 0x3d truncate
23 invalid offset 0x3e truncate
24 invalid offset 0x3f truncate
26 #not enough space for the PE water mark
27 invalid offset 0x3c set-uint 0xffffffff
28 invalid offset 0x3c set-uint file-size - 1
29 invalid offset 0x3c set-uint file-size - 2
33 assembly simple-assembly.exe
35 valid offset pe-signature + 0 set-byte 'P'
36 valid offset pe-signature + 1 set-byte 'E'
37 valid offset pe-signature + 2 set-byte 0
38 valid offset pe-signature + 3 set-byte 0
40 invalid offset pe-signature + 0 set-byte 'M'
41 invalid offset pe-signature + 1 set-byte 'K'
42 invalid offset pe-signature + 2 set-byte 1
43 invalid offset pe-signature + 3 set-byte 2
45 invalid offset pe-signature + 1 truncate
46 invalid offset pe-signature + 2 truncate
50 assembly simple-assembly.exe
53 invalid offset pe-header + 0 truncate
54 invalid offset pe-header + 1 truncate
55 invalid offset pe-header + 18 truncate
56 invalid offset pe-header + 19 truncate
59 valid offset pe-header set-ushort 0x14c
60 invalid offset pe-header set-ushort 0x14d
61 invalid offset pe-header set-ushort 0x24c
63 #symbol table value doesn't matter
64 valid offset pe-header + 8 set-uint 0
65 valid offset pe-header + 8 set-uint 99
66 valid offset pe-header + 8 set-uint 0xffffffff
68 #number of symbols value doesn't matter
69 valid offset pe-header + 12 set-uint 0
70 valid offset pe-header + 12 set-uint 99
71 valid offset pe-header + 12 set-uint 0xffffffff
73 #characteristics - it's value is not important
74 valid offset pe-header + 18 set-ushort 0
75 valid offset pe-header + 18 set-ushort 0x4000
77 #FIXME 0x2000 is used for signaling it's a dll and peverify complains about the entrypoint signature. WHAT?
78 #invalid offset pe-header + 18 set-ushort 0x2000
81 pe-optional-header-standard-fields {
82 assembly simple-assembly.exe
84 #this header is optional only in the names
85 valid offset pe-header + 16 set-ushort 224
86 invalid offset pe-header + 16 set-ushort 0
87 invalid offset pe-header + 16 set-ushort 223
89 invalid offset pe-header + 18 truncate
90 invalid offset pe-header + 239 truncate
92 #test optional header magic
93 valid offset pe-optional-header + 0 set-ushort 0x10b
94 invalid offset pe-optional-header + 0 set-ushort 0x10c
95 invalid offset pe-optional-header + 0 set-ushort 0
97 #LMajor and LMinor are the linker version. It's an informative field with no use.
98 valid offset pe-optional-header + 2 set-byte 6
99 valid offset pe-optional-header + 2 set-byte 99
101 valid offset pe-optional-header + 3 set-byte 0
102 valid offset pe-optional-header + 3 set-byte 99
104 #Code size is just an informative field as well, nobody cares
105 valid offset pe-optional-header + 4 set-uint 0
106 valid offset pe-optional-header + 4 set-uint 0x999999
108 #Intialized data size is just an informative field as well, nobody cares
109 valid offset pe-optional-header + 8 set-uint 0
110 valid offset pe-optional-header + 8 set-uint 0x999999
112 #Unintialized data size is just an informative field as well, nobody cares
113 valid offset pe-optional-header + 12 set-uint 0
114 valid offset pe-optional-header + 12 set-uint 0x999999
116 valid offset pe-optional-header + 20 set-uint 0
117 valid offset pe-optional-header + 20 set-uint 0x999999
119 valid offset pe-optional-header + 24 set-uint 0
120 valid offset pe-optional-header + 24 set-uint 0x999999
122 #FIXME add tests for PE32+
125 pe-optional-header-nt-fields {
126 assembly simple-assembly.exe
128 #Image base - System.dll has 0x790c0000 and it's fine. No idea what the rule really is, so letÅ› just ignore for now
129 #valid offset pe-optional-header + 28 set-uint 0x400000
130 #invalid offset pe-optional-header + 28 set-uint 0x990000
133 valid offset pe-optional-header + 32 set-uint 0x2000
134 invalid offset pe-optional-header + 32 set-uint 0x4000
135 invalid offset pe-optional-header + 32 set-uint 0x2001
138 valid offset pe-optional-header + 36 set-uint 0x200
139 #LAMEIMPL MS reject this at the same time it produces assemblies with this value
140 valid offset pe-optional-header + 36 set-uint 0x1000
141 invalid offset pe-optional-header + 36 set-uint 999
142 invalid offset pe-optional-header + 36 set-uint 0x1200
145 #Number of Directories
146 valid offset pe-optional-header + 92 set-uint 0x10
147 #it's ok to have less
148 valid offset pe-optional-header + 92 set-uint 0x0F
149 #it's ok to have less
150 valid offset pe-optional-header + 92 set-uint 0
151 #but not more than 0x10
152 invalid offset pe-optional-header + 92 set-uint 0x11