portable-executable

How to convert PE(Portable Executable) format to ELF in linux

Hi What's the best tool for converting PE binaries to ELF binaries? Following is a brief motivation for this question: Suppose I have a simple C program. I compiled it using gcc for linux(this gives ELF), and using 'i586-mingw32msvc-gcc' for Windows(this gives a PE binary). I want to analyze these two binaries for similarities, using...

Change imported Dll name ?

hi to all , In a Portable-Executable ,we can change the imported dll name ,by editing PE file , here , i had changed in one imported dll name of application exe,that time it changed normally ....e.g advapi32.dll to ^dvapi32.dll ,so here system32 or any other PATH location doesnt have ^dvapi32.dll ..this time simply i changed the real ...

Question about COFF Externs

The Microsoft PE / COFF SPEC (v8, section 5.4.4) says that when a symbol has: A storage class of IMAGE_SYM_CLASS_EXTERNAL And a section number of 0 (IMAGE_SYM_UNDEFINED) It's "value" field (in the symbol table) "indicates the size". This confuses me. In particular, I'm wondering "indicates the size of what?". Generally, IMAGE_SYM_C...

Portable executable structure explanation

I am learning the structure of a portable executable. I went through the MSDN article but I am a bit confused about it. I have some confusion with their precise stucture and its functionality. Can anybody help me or please refer me to a nice article for this? ...

Is .NET support for Win32 Code Interop?

Hello, I need to InterOp Win32 code (unmanaged Win32 DLL's and Exe) completely with .NET. I need to call Win32 unmanaged code(DLL exported functions) at runtime i.e (knowing the types of data types in Win32 signatures and need to pass data according to that type at runtime). This is 100% possible in case of COM. You can convert COM unm...

Parsing plain Win32 PE File (Exe/DLL) in .NET

I need to parse plain Win32 DLL/Exe and need to get all imports and exports from it and to show it on console or GUI(say Win Forms). Is it possible to parse Win32 DLL/Exe in C#.NET, read its export table,import table and get managed types from it. As its unmanaged PE(.NET doesn't allows you to convert unmanaged PE files to managed .NET a...

How to take all types from PE file after parsing it in Managed C++(CLI)?

Hello, I need to extract the types from PE files. e.g if whole class exported , I should have all exported methods(whole signature including return type) and their types(i.e class as Type) OR IF whole class not exported but just functions exported, I should be able to get class as Type of those methods and all exported methods of that c...

Getting Types in Win32 Dll

Hello, I want to know the types and details in a plain Win32DLL just like we can get in case of COM.In COM every thing embed inside idl and results in TLB, here we get every thing , MSFT exposes APIS by which we can extract types. In case of Win32 I strongly needed types defined in it and all details of that type(e.g what are members i...

Any libraries of reading & writing binary file formats (PE & ELF)?

HellO, I want to write a binary file format viewer for windows which can operate on both PE & ELF files. Similar to the ones already there: PE Explorer http://www.pe-explorer.com/ PE VIew: http://www.magma.ca/~wjr/ PEBrowse Professional http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html I've reasons why I want to ...

Why loading Ntdll from local folder produces exception?

Hi, My exe depends on ntdll, user32 and kernel32. I save these dlls as a local copy and change the first letter as "V". I then edit the exe's Import dll name as Vernel32.dll from kernel32. The application works fine by loading vernel32.dll in local space. Next i edit the exe's import dll spec as vtdll as ntdll, the process loads vtdll...

What are the files from the 'make' of git that I actually need to run git?

I'm trying to "portablize" git, so I want to send the required executables from the make process of git to my hosted web server. Can I do that? Do you think the executables will work? ...

What field of PE Headers tells that whether a valid PE file or not?

Hello, i need to validate whether given binary is a PE file or not. e.g if I rename jS/HTML or .class files to .exe or .dll , it won't be PE files still then. Parsing PE these files would give me info about this problem. What field indicates that given binary is a valid PE file or not..? Note : I have checked about "e_magic" field of ...

In resources of a executable file, how does one find the default icon?

Hi all, i need to find the default icon of a windows executable (PE file = dll, exe, com..) programatically. I do know how to walk throught the resources and identify what is an icon, what a cursor etc, but as far as i know none of the icons is in any way marked as the default one. So, does somebody know, how to find the default icon? M...

How to replace allocators of stl with actual source code

Hello, I need to replace allocators with their original source code. I am extracting exported methods from PE export table and facing strange lengthy allocators where STL containers were used in original source code . for example if source code was typedef std::list<std::basic_string<_TCHAR> > TokenList; EXPORTS_API const TokenL...

How to map a file offset in an EXE to its PE section

I've opened up a program I wrote with ImageHlp.dll to play around with it a little, and I noticed that there seem to be large gaps in the file. As I understand it, for each PE section, the section header gives its offset in the file as PhysicalAddress, and its size as SizeOfRawData, and thus everything from PhysicalAddress to PhysicalAd...

Windows portable executable resources - looking for embedded manifests structure description

Hello all, i'm looking for a description of the manifest embedded in PE files. I know it's an XML file, what i'm looking for is a description of its structure and/or fields. ...

Difference between application manifest and assembly manifest

What is the difference between application manifest and assembly manifest? Where is each one used? Which one of the two is found in .dll or .exe resources? (or both can be there? ). Sorry if its too many questions at once, but if anyone can explain this to me it would be really helpful. The reason i'm asking this is that i want to be ab...

Do exported functions have hint?

Dependency walker (depends.exe) shows a 'Hint' column for exported functions. As far as I understand the Portable Executable format, exported functions do not have hint. Can someone tell me whether or not exported functions have hint? Actually, only imported functions should have hint.. thanks. ...

Microsoft's ASLR is weird.

I watched a ASLRed dll images's based address for 32bit Process. It's not a fully randomization. It just randomizated 1/2 probability. For example, once I load a dll then the image is loaded on 0x12345678. And I load the image again, the image is loaded on 0x23456789.(Base address is chagned!) But I load the image again 0x12345678 0x234...

Save data in executable

I have a portable executable that saves data to a file in the same folder as the executable. Is there any way that I can save data into the executable itself when I close the app? This maybe weird, but taking the data with me and only have one file for the exe and data would be great. Would prefer if this was made with C#, but is not...