EXE header
-
I'm new in working with exe files so i wanna know.. How i can get the size of the header of an exe file. or read data from it. i read about exe file format and i knew that header size is stored @ 08H. is that true? if it's true then i tried to read the 8th byte but it contains zero!! if not then what's true. thanks 4 All plextoR
-
I'm new in working with exe files so i wanna know.. How i can get the size of the header of an exe file. or read data from it. i read about exe file format and i knew that header size is stored @ 08H. is that true? if it's true then i tried to read the 8th byte but it contains zero!! if not then what's true. thanks 4 All plextoR
If you're refering to the PE/COFF header, a lot more is typically involved. Take a look at Shell Extensions for .NET Assemblies[^]. I read the header to accomplish something else but a simple branch in code would get you what you want. There's also an article in MSDN Magazine (you can see it online from MSDN[^]) that contains more in-depth analysis of the header. Either should be a good place to start. "Well, I wouldn't say I've been missing it, Bob." - Peter Gibbons
-
If you're refering to the PE/COFF header, a lot more is typically involved. Take a look at Shell Extensions for .NET Assemblies[^]. I read the header to accomplish something else but a simple branch in code would get you what you want. There's also an article in MSDN Magazine (you can see it online from MSDN[^]) that contains more in-depth analysis of the header. Either should be a good place to start. "Well, I wouldn't say I've been missing it, Bob." - Peter Gibbons
-
Thanks Alot but sorry i can't understand what do you mean with PE/COFF :confused:. As i told you i'm new with this operations. i'll read the article .. thanks alot plextoR
If you're going to work with executable headers (which aren't just .exe's BTW), you have to know what PE/COFF headers are. The Common Object File Format actually started back on VAX/VMS. Microsoft modified it with a Portable Executable header which contains a sort of bootstrapper that is actually a small DOS executable (yes, even in NT). The PE header is just a bunch of structures with pointers to other structures and a lot of flags. For instance, the difference in the headers for a .exe and a .dll is a single bit. You can find a couple really great articles about reading PE/COFF headers written by Matt Pietrek for MSDN Magazine at the following locations: Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format[^] Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format, Part 2[^] You may be interested in a utility he wrote called DUMPBIN. Microsoft distributes it with developers studios, so it's probably already on your system. "Well, I wouldn't say I've been missing it, Bob." - Peter Gibbons