Announcement

Collapse
No announcement yet.

PE file format

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    PE file format


    I'm looking to find the offset of the Code Section of any given EXE file.

    An article called 'The Portable Executable File Format from Top to Bottom'
    by Randy Kath mentions a PEFILE.h. (http://www.eccentrica.org/Mammon/Text/pefile.html)

    I believe before i can get started i'll need this..

    Hands?


    Thanks!!
    - Nathan
    Tags: None
  • #2
    take a look here:
    http://www.powerbasic.com/support/pb...ead.php?t=3763

    ------------------
    e-mail (home): mailto:[email protected][email protected]</a>
    e-mail (work): mailto:[email protected][email protected]</a>

    Comment

    • #3
      Thank you Sven!

      I modified some code written by Kevin Voell, and ended up with the following
      PB/DLL app.

      The app finds the location of the 'Code Section' and 'Base of Data'.

      Many thanks,

      - Nathan.

      Code:
      #COMPILE EXE
#INCLUDE "WIN32API.INC"
#INCLUDE "COMDLG32.INC"

FUNCTION PBMAIN()
   LOCAL ExeHdrInfo AS IMAGE_NT_HEADERS
   LOCAL DOSHdr AS Image_DOS_Header
   LOCAL hDLG  AS LONG
   Path$ = CURDIR$
   Style%    = %OFN_FILEMUSTEXIST OR %OFN_HIDEREADONLY OR %OFN_LONGNAMES
   RESULT% = OpenFileDialog(%HWND_DESKTOP, "Open File", f$, Path$, "Executable Files|*.EXE|All Files|*.*", "EXE",%OFN_FILEMUSTEXIST OR %OFN_HIDEREADONLY OR %OFN_LONGNAMES)
   X% = FREEFILE
   OPEN f$ FOR BINARY AS X%
   GET X%,, DosHdr
   SEEK X%, 0
   SEEK X%, DosHdr.e_lfanew + 1
   se% = SEEK(x%)
   GET X%,, ExeHdrInfo
   CLOSE X%

   DIALOG NEW %HWND_DESKTOP, "EXE FILE INFO", ,,200,80,%WS_SYSMENU, TO hDLG

     BaseOfCode$ = FORMAT$(ExeHdrInfo.OptionalHeader.BaseOfCode)
     CONTROL ADD LABEL, hDLG, 101, "Base of Code:" + BaseOfCode$, 10, 4, 200, 10
   
     BaseOfData$ = FORMAT$(ExeHdrInfo.OptionalHeader.BaseOfData)
     CONTROL ADD LABEL, hDLG, 101, "Base of Data: " + BaseOfData$, 10, 14, 200, 10
     
          CONTROL ADD LABEL, hDLG, 101, "Filename: " + "..." & RIGHT$(f$, 20), 10, 28, 200, 50
   
   DIALOG SHOW MODAL hDLG

END FUNCTION

      Comment

      • #4
        Why not go to the source.

        Here is the Spec...
        http://www.microsoft.com/hwdev/hardware/downPECOFF.htm?

        ------------------
        Paul Dwyer
        Network Engineer
        Aussie in Tokyo

        Comment

        Previous template Next
        Working...
        X

        We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

        By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

        I Agree