I've always been confused about how the linker works, and it's a difficult subject to search for. To demonstrate my question and to provide a framework for an answer, I'll put down what I know (or think I know) so far. I may be very wrong. :) First, each .cpp file is built into an intermediate file (.o for Posix/ELF and .obj for Win/PE...
As a precursor to writing a compiler I'm trying to understand the Windows (32-bit) Portable Executable format. In particular I'd like to see an example of a bare-bones executable which does nothing except load correctly, run and exit. I've tried writing and compiling a simple C main function which does nothing but the resulting .exe is ...
I am using Msys to build a home brew kernel that I wrote under Linux. Linux used ELF for its binary format and Msys uses PE. I have the source setup to allow it to be booted by Grub using the Multiboot spec. At the end of the build, I get some undefined symbols: init.o:init.S:(.text+0x14): undefined reference to `edata' main.o:main....
I've noticed (on Win32 at least) that in executables, code sections (.text) have the "read" access bit set, as well as the "execute" access bit. Are there any bonafide legit reasons for code to be reading itself instead of executing itself? I thought this was what other sections were for (such as .rdata). (Specifically, I'm talking abou...
We have a .NET application that will be distributed through USB drive. End users will connect the drive and double click on the EXE (a .NET exe) to run it WITHOUT installing it. Now the problem is, if .NET is not installed we would like to trigger the .NET installer instead of showing the default download message that MS has put there. ...
I'm working on a program that will parse a PE object for various pieces of information. Reading the specifications though, I cannot find out why the MZ bytes are there, as I cannot find this on the list of machine types that these 2 bytes are supposed to represent. Can anyone clarify? ...
Hi! I'm currently trying to implement something that combines reverse engineering and graph theory. Therefore I'd like to disassemble PE binaries. There're some very sophisticated tools to do so, like IDA or w32dasm. Latter seems to be dead. IDA is not scriptable - as far as I know. The reason why I want a scriptable disassembler is, t...
The ultimate goal is comparing 2 binaries built from exact same source in exact same environment and being able to tell that they indeed are functionally equivalent. One application for this would be focusing QA time on things that were actually changed between releases, as well as change monitoring in general. MSVC in tandem with PE ...
After adding the /TSAWARE linker flag to one of my projects (Visual Studio 6), I was surprised to find a new section in the PE file (.idata). If I don't set the flag, the imports are merged into .rdata. To illustrate the "problem" we start out with a simple console program: #include <stdio.h> int main() { printf("hello world\n");...
Hi, I want to run a auto modify .dll service, users submit a specific .dll, I modify it on the server, then user can download modified version of the .dll. Are there any native Linux app that provide common Win32 PE modification capabilities like Icons, Strings, Accelerators, Dialogues, etc. which at least provide a commandline or script...
Hey Folks, I want to work with PE files in Perl and didn't find a module, so I think I will write my own (already did that in delphi once). I only got one problem, when mapping the executable to a buffer, how can i search for octals like 0x00004550 (IMAGE_NT_SIGNATURE), convert them back to writeable strings etc? ...
What I essentially want to do is have another program write data into this "empty space" for the executable to "work" on I thought of appending a signature to the application and then writing the data, searching for it later, but that doesn't quite sound right... Now, other important thing ... I know it should be possible to create...
Hello, I'd like to find out which of the DLLs located in various of my installed softwares have been compiled with SafeSEH and which ones haven't. Is there a tool that could give me that information, otherwise what would be the best solution to code something that does that verification? Thanks in advance. ...
Hi: I need any method to protect pe file resources form editing and thank you very much.. editing like: 1) open pe file as binary file and search about a string then edit it. or 2) edit assembly code like "jne"(jumb if not equal) to "je"(jumb if equal) **best regards** ...
How to protect c++ output file(pe file) from editing using crc(Cyclic Redundancy Check)? **Best Regards** ...
I want to try the following: I have a C# program which takes a file as input and calculate MD5 algorithm for these five MD5. My algorithm has a unique value for each file; this value is a 128 bit value, so I want to use this technique to protect my programs by saving the output value of md5 algorithm into a my PE file (let's say the val...
What are the requirements of a PE file (PE/COFF)? What fields should be set, which value, at a bare minimum for enabling it to "run" on Windows (i.e. executing "ret" instruction and then close, without error). The library I am building first is the linker: Now, the problem I have is the PE file (PE/COFF). I don't know what is "required"...
I want to append some binary data to the end of my executable. This is just to make my program into a single file. I tried using UpdateResource but I hit some bug inside it with my specific data, so I have to use another solution. So I need to know the original file size to determine if there is actually any data appended to it. Is it po...
I've seen a strange value placed in EXE header 00000000 :4D 5A 90 00 03 00 00 00 - 04 00 00 00 FF FF 00 00 00000010 :B8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 00000020 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 00000030 :00 00 00 00 00 00 00 00 - 00 00 00 00 A8 00 00 00 00000030 :00 00 00 00 00 00 00 00 - 00 00 00 00 A...
Hi! I have an old plugin (as binary, dll), used by my application. It was build for WM2003. And now it crashes the app, if loaded on Windows Mobile 6.1 (WM5 works fine, WM6 too). The source code is not available and it's no more supported by developer. So I can't rebuild it for WM6.1. Is it possible to patch or convert the binary to a...