portable-executable

How to get the PEKind and ImageFileMachine of a AMD64 assembly from a x86 .NET Application (and viceversa)?

I'm writing a installation validation tool for our product and I need to retrieve some PE information from several installed assemblies. No matter what the platform our product is installed on, we ship AMD64, x86 and MSIL assemblies to certain locations to let the user create deployment projects for these the platforms. The problem is ...

Binary Reproducibility in Visual C++

Is there a way to force the same code to produce the same binary in Visual C++? Turn off the timestamp in the PE or force the timestamp in the PE to be some fixed value, in other words? ...

How can I read the headers from a WinNT portable executable file using Perl?

Hey Folks, I want to work with PE files in Perl and didn't find a module, so I think I will write my own (already did that in delphi once). I only got one problem, when mapping the executable to a buffer, how can i search for octals like 0x00004550 (IMAGE_NT_SIGNATURE), convert them back to writeable strings etc? ...

How do I read the PE header of a module loaded in memory?

I'm experimenting with memory access in .NET. At the moment, I have a managed program that starts an unmanaged process and retrieves the BaseAddress of one of its loaded modules (a DLL). What I would like to do is somehow read the PE header of the loaded module so that I can later retrieve the addresses of its exports. Unfortunately, I ...

Portable version of ImageMagick to package with my app?

I've built a Content Management System application in CakePHP which I've utilised ImageMagick for transforming uploaded images and PDF files. The biggest problem I've found with using ImageMagick is when I come to deploy the application on someone else's hosting. Their server either doesn't have IM installed, or it's version 6.2.8 and ...

How Windows Portable Executables are portable across machine architecture

Is Windows Portable Executables are really portable across machine architectures? If so how it works? If not then what does "Portable Executable" mean or which part of executable is portable? Thanks, Siva Chandran ...

Is there is any possibility to run a portable exe in debug mode(step-by-step) ?

i want to work with portable exe for some research ,here i need some tools to run an PE debug mode ....kindly help me .if any tool is available to run a pe in step-by-step method.. thanks in advance. ...

alignment of sections and memory within an EXE file

What are the alignment of sections and memory within an EXE file I need to specify when creating using in the Mosa IL compiler? Thanks. ...

How to add PE metadata?

Windows PE (portable executable) files contain metadata that appear in the file's Properties dialog under the Details tab. It appears that arbitrary metadata can appear there. What I'd like to do is add a piece of metadata to a C# class library that I build whose value is the commit id from the git repo HEAD the project was built from...

How can I find the exported function name from ordinal (export by ordinal)?

I trying in export directory ,i got the exported function name(export by name) by browsing the directory with help of addressoffnnames property ....Here ,Example in comctl32.dll (api) total fn names 420 ,but no of fnnames 118(export by name) ,other 302 fns are exported by ordinal only...i also trying dumpbin it does not show anything(fn ...

How to get exported function names from a .dll(system) ?

Here ,i will explain ,i want the exported func namelist(by name and by ordinal)from a DLL.I got the function names(exported by name) using export directory table,but i cant retrieve exported function list ,which exported by ordinals....help me to retrieve it....i also tried .lib of that dll,there is also ,displays NONAME. thanks in advan...

how can i hook a Api function from system dll?

i want to redirect the function calls of the real function calls from the system dll.i am working with portable-executable ,i can get IAT of the system dll(advapi32.dll),here the function address calls the system memory address ,i want to redirect to what i specified address..how can its possible ?.... ...

Find out where PE file ends through PE header?

I want to append some binary data to the end of my executable. This is just to make my program into a single file. I tried using UpdateResource but I hit some bug inside it with my specific data, so I have to use another solution. So I need to know the original file size to determine if there is actually any data appended to it. Is it po...

Clarification on Binary file (PE/COFF & ELF) formats & terminology

I'm confusing little in terminology. A file that is given as input to the linker is called Object File. The linker produces an Image file, which in turn is used as input by the loader. I got this from "MS PE & COFF Specification" Q1. Image file is also referred to as Binary Image, Binary File or just Binary. Right? Q2. So, a...

VA (Virutual Adress) & RVA (relative virtual address)

A file that is given as input to the linker is called Object File. The linker produces an Image file, which in turn is used as input by the loader. A blurb from Microsoft Portable Executable "and Common Object File Format Specification" RVA (relative virtual address). In an image file, the address of an item after it is lo...

A single executable for 32 and 64 bit (Without WOW64)

I'm writing a small utility that should run on both 16\32\64 bit systems. My old utility ran both on 32 and 16 bit by compressing the 16bit version to the 32 bit and applying the /stub switch in visual studio 2008 (/STUB -MS-DOS Stub File Name ). I'm looking for a way to do the same with my 64 bit executable. The target 64bit system is ...

Strange Value in EXE header!

I've seen a strange value placed in EXE header 00000000 :4D 5A 90 00 03 00 00 00 - 04 00 00 00 FF FF 00 00 00000010 :B8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 00000020 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 00000030 :00 00 00 00 00 00 00 00 - 00 00 00 00 A8 00 00 00 00000030 :00 00 00 00 00 00 00 00 - 00 00 00 00 A...

How can Find all dependencies of an application?

In a Portable-Exe ,there is possibilities to find the imported section ,and also all imported dll names (using import descriptor).Here Ex, One application Exe has many imported dlls(kernel32,advapi,user,comctl32....etc),Now i want to find all dependencies in that app exe(imported dlls)..give me the logic using recursive function calling....

how to change the default exe icon in C/C++?

Hello friends,I want to change the default exe icon to someother icon in c/c++ do anybody know how to do that?Please help guys... ...

What is "Alignment" field in binary formats? Why is it needed?

In ELF file format we have an Alignment field in Segment Header Table aka Program Header Table. In case of Windows PE file format they take it to next level the Sections have two alignment values, one within the disk file and the other in memory. The PE file header specifies both of these values. I didn't understand a thing about this...