Problem with an executable

[maxorator]

The attachment is an executable (renamed the extension).
I am having a problem with that one. The MessageBox won't show up. I hand-checked all the RVA-s, pointers and sizes, but I can't find the problem.
Any expert would help me out?

[SlyMaelstrom]

Any expert actually going to open some random executable they find on an internet forum?

No. Post source code like everyone else. Even if we did open the executable it would tell us almost nothing, unless someone were to go as far as looking at the disassembly when it crashes.

[maxorator]

Any expert would understand that he needs to open it with HEX editor and check some values (RVA-s etc.).
I assume you're not an expert.
This has nothing to do with source code, because this problem appeared, when I was optimizing the executable by hand.
Source code is allright, I just have some problems with it...
By the way, executables can be altered without disassembling, you just need to understand what byte does what.

[SlyMaelstrom]

You're only restricting your options by posting an executable. And even so, you could give some insight as to what you were optimizing and where. Rather than asking someone to look through the hex of the whole program.

[maxorator]

Opening it up with hex editor is much more comfortable than trying to read some random dump anyway. Also my HEX editor doesn't allow me to copy the HEX dump.

[SlyMaelstrom]

I'm asking you to understand that many people on this forum try not to go beyond looking at the post to solve the problem. While some will try to compile the code and some might even try to debug it, as a poster you should be trying to ask as little as possible of people. I'm saying if you have the source code, post it... if that doesn't matter post what you were optimizing (should I assume you were optimizing in assembly)... I, and I think I speak for others, am not fond of attachments. I like to see what I need in the post, and if that isn't provided I usually don't care enough to try to help.

You'd be helping yourself get an answer by putting more in the post and less in the attachment box.

[twomers]

Okok, right hands up who would feel more comfortable debugging with code, lefthands up who would feel more comfortable debugging with hex.

[maxorator]

I was not optimizing the source code.
I compiled to assembler file and optimized THE EXECUTABLE FILE using HEX editor.
I want someone to help me find the problem, where I have some address wrong.
Ok, if you want to see the source code, fine, but it is not going to help you, because I have done nothing to the actual source code I compiled:

Code:

.386
.Model Flat,STDCALL
mb_ok		equ 0
hWnd		equ 0
lpText		equ offset text
lpCaption 	equ offset caption

extrn MessageBoxA@16 : PROC

.Data                                        
text	db "Ega jah",13,10
		db "ASSEMBLER RUULIB",0
caption	db "Hehe",0
.Code
Main:
	push mb_ok
	push lpCaption
	push lpText
	push hWnd
	call MessageBoxA@16

End Main

Both of you didn't get the point, I WAS NOT OPTIMIZING THE SOURCE CODE.
Okay, now DEBUG the source code. Any results? No. Why? Read the above line.

[SlyMaelstrom]

Noone is going to debug the source code, I think I made that clear. My whole point was to provide the information needed inside the post. If you optimized the hex (which by the way is worth almost squat in comparision to just optimizing the assembly, you honestly won't improve your results that much), then at least put the most relevent information you can think of in the post. Where you optimized, what, why, and how.

[maxorator]

Here is what I did:
I stripped the size of all three sections from 512bytes to 96bytes (not from the header, only sections)
Updated the SizeOfCode field from 0x0400 to 0x00C0 (addr 0x00A0). (Tested it, changing this doesn't affect the program)
Updated the BaseOfData field from 0x0600 to 0x02C0 (addr 0x00B0).
Corrected the CheckSum field (addr 0x00D8). (Tested it, changing this doesn't affect the program)
Updated the SizeOfRawData from 0x0200 to 0x0060 to all sectors. (0x018C,0x01B4,0x01DC)
Updated the .rdata section PointerToRawData field from 0x0400 to 0x0260 (0x01B4)
Updated the .data section PointerToRawData field from 0x0600 to 0x02C0 (0x01DC)

[joeprogrammer]

Here is what I did:
I stripped the size of all three sections from 512bytes to 96bytes (not from the header, only sections)
Updated the SizeOfCode field from 0x0400 to 0x00C0 (addr 0x00A0). (Tested it, changing this doesn't affect the program)
Updated the BaseOfData field from 0x0600 to 0x02C0 (addr 0x00B0).
Corrected the CheckSum field (addr 0x00D8). (Tested it, changing this doesn't affect the program)
Updated the SizeOfRawData from 0x0200 to 0x0060 to all sectors. (0x018C,0x01B4,0x01DC)
Updated the .rdata section PointerToRawData field from 0x0400 to 0x0260 (0x01B4)
Updated the .data section PointerToRawData field from 0x0600 to 0x02C0 (0x01DC)

Thanks! That clears up a lot of things!

Okok, right hands up who would feel more comfortable debugging with code, lefthands up who would feel more comfortable debugging with hex.

LOL!!! twomers, will you ever run out of jokes?

[whiteflags]

> Updated the SizeOfCode field from 0x0400 to 0x00C0 (addr 0x00A0). (Tested it, changing this doesn't affect the program)
Then why did you do it?

> I was not optimizing the source code.
> I compiled to assembler file and optimized THE EXECUTABLE FILE using HEX editor.
As to all the other things which you did, the obvious solution is to undo all that wrong stuff,
and make another executable. After your linker craps out an executable file, it seems like a
very wrong place to do optimizations. It's too late.

[maxorator]

It is not too late. I've done it before, sometimes it worked...

[Shakti]

How about undo all changes, change first thing, test app, change next thing, test. Repeat that process until you find out where things went wrong.

[Salem]

Trying to write an exe compressor like upx ?