I was always thinking MS DOS is also using PE for binary executable until recently when spotting this: A PE image file begins with a MS DOS stub. It was used so that when a program is run in MS DOS, it would give a good error message (that the program must be run in windows) instead of crashing MS DOS. So it implies PE is...
PointerToSymbolTable: The file offset of the COFF symbol table, or zero if no COFF symbol table is present. It is 0 for PE image files, since debugging information is depreciated. Why it says debugging information is depreciated for PE image? AFIAK, executables in windows can also carry debug information,isn't that the case...
0x10b : PE32 executable 0×107 : ROM image 0x20b : PE32+ (64 bit) executable What is the ROM image? ...
I opened cstrike.exe(for game Counter Strike) with ollydbg, but the disassembly code isn't complete,it starts at 01401000 and stops at 0140BFFF(I mean it should at least start from 00000000 to be complete, and I can't say for sure whether 0140BFFF is the exact end or just a stripped part) 01401000 . E8 05000000 CALL cstrike.0140100...
When I try to open a PE executable , it's automatically run. How can I just open it statically without running it? I just want to see the binary file in hex format. ...
The above is the complete list of MZ DOS header fields, but I don't know which of them are mandatory and which are optional ,anyone knows? ...
As we know a PE binary usually depends on various Dynamic Link Library to work, but how can we make sure such a dll exists for all users? How is a PE product released? ...
IMO a PE executable can't run on all platforms. I'm guessing that the installer packs executables for various CPU architectures, and chooses the right one after some detecting work. But is this how major companies like MS releases their products? ...
From the above we can see count of relocation table entries is 0(there is no reloc item), but offset of first reloc item shows that the reloc item actually exists. The definition of DOS EXE Header is here. How to understand it? ...
Anyone knows? It seems to me most space of PE is taken up by Unmapped Data , is this the case in most occasions? ...
Does anyone know whether the 'import address table' in the PE executable format on Windows is 'per dll' or 'per exe'? ...
Anyone knows the difference? ...
AFAIK, .dll is in PE format, what about .lib? ...
I've been compiling simple Hello World applications in Visual Studio 2010 with the C++ compiler (Win32 is the target) to see what the product looks like under the microscope when I run it with the Immunity debugger. What I've noticed, however, is that there is some code (quite a bit of code, actually) that gets run before my main functi...
I found a tool to repair import table here, but how are PE executable without import table built in the first place in c/c++? ...
In my case I'm trying to find the container that persists the configuration parameters, which may be registry, config files (.ini or proprietary) or anything else. I've tried some resource grabbering tools that can extract resources like images/string out of the executable , but after go through them one by one I find the configuration ...