portable-executable

How to programatically find the bytecode (CIL) in a .Net executable/dll?

I would like to open a PE file (which i know is a .Net assembly) and find where the .Net bytecode is (ideally starting at the entrypoint). I know that the PE header data (entrypoint RVA) take me just to a stub which calls CorExeMain from mscoree.dll. This is not what i'm looking for though. I would like to find the bytecode that gets ru...

why do some executables and libraries reference PDB files and some not.

During the development of my own PE analysing tool, I noticed that some exe and libraries (e.g. Adobe Reader) reference a Debug PDB file. Some do not reference any PDB file at all. Some with the full path showing the directory on the build machine, some with the relative path, some just with the PDB file name. What is the best solution?...

how to remove some data from pe (exe) file in C

hi, in first exe i have defined array of char with some special bytes as label, i mapping it to memory from another exe, finding needed label and putting in it new data, but this data could be shorter then defined array, so i want to cut this array to needed size! how can i do it? ...

executable sections flag

The sections of Portable Executable files are tagged with differents flags. Can someone explain the difference between IMAGE_SCN_MEM_EXECUTE (the section can be executed as code) and IMAGE_SCN_CNT_CODE (the section contains executable code)? Thanks. ...

dump pe file from memory to disk

I want to dump a process image on the disk and then execute it i listed the process modules i used readprocessmemory to read the memory range of the exe but when i try to execute it fails.how can i solve this? thanks ...

Sandbox Virtual Machine for an Application (concept)

I'd like to write a sandbox virtual machine for executing a compiled program. My goal is to isolate that program from the rest of operating system and control its execution so that it can't do anything harmful to a host computer. I assume that: executed program is compiled to Portable Executable format and it's in machine code, not i...