Alexey B
July 13th, 2002, 10:45 AM
Where can I find a comprehensive specification of the latest Windows executable file format?
Click to See Complete Forum and Search --> : Windows exe Format Specification
Zeeshan
July 13th, 2002, 03:29 PM
Visit
www.wotsit.org
It has almost all file format.
Hope it helps.
www.wotsit.org
It has almost all file format.
Hope it helps.
Alexey B
July 13th, 2002, 04:03 PM
I have already visited that site and read all the exe specifications they had. All of them are very outdated ranging from MS-DOS to Win9x.
Alexis Moshinsky
July 14th, 2002, 12:17 AM
Hi Alexey,
here:
http://www.microsoft.com/hwdev/hardware/PECOFF.asp
You can download spec for portable executable.
here:
http://www.windowsitlibrary.com/Documents/Book.cfm?DocumentID=356
You find nice expanation about the format
Good luck with RVAs :)
here:
http://www.microsoft.com/hwdev/hardware/PECOFF.asp
You can download spec for portable executable.
here:
http://www.windowsitlibrary.com/Documents/Book.cfm?DocumentID=356
You find nice expanation about the format
Good luck with RVAs :)
wayside
July 15th, 2002, 07:42 AM
If you are going to be munging around on exe's directly, try to get some Borland exe's to test your code with. The Borland linker does things a little differently in some areas of the exe, import tables for example.
Bengi
July 16th, 2002, 12:24 PM
Latest EXE?? ;))
well than, read about the PE header
here:
http://www1.lunarpages.com/codeinside/PETut.html
well than, read about the PE header
here:
http://www1.lunarpages.com/codeinside/PETut.html
Alexey B
August 1st, 2002, 04:46 PM
Thank you very much Alexis. The two links provided me with all the information I needed. My luck with RVAs has held as well. :)
To help myself learn the format well, I have created a small application that parses header, import, export and resource information in an executable or a DLL and displays it in form of a tree, in a readable format. The application is attached to this message in case anyone is interested.
To help myself learn the format well, I have created a small application that parses header, import, export and resource information in an executable or a DLL and displays it in form of a tree, in a readable format. The application is attached to this message in case anyone is interested.
wayside
August 1st, 2002, 07:44 PM
What, no source code??? :) :) :) :) :)
Very nice app! Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA in your tree) attached to the import lib descriptor, that way you can tell what functions are used out of each library.
If you have access to any Borland apps, try one of those, the Borland linker plays fast and loose with the PE spec.
Very nice app! Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA in your tree) attached to the import lib descriptor, that way you can tell what functions are used out of each library.
If you have access to any Borland apps, try one of those, the Borland linker plays fast and loose with the PE spec.
Alexey B
August 1st, 2002, 08:10 PM
I'll post the source too, but first I want to write my own RVA to VA conversion function to loose the dependency on imagehlp.dll. By the way, double-clicking an item that is a reference will automatically select the item that the reference points to. An example would be the OriginalFirstThunk member of an IMAGE_IMPORT_DESCRIPTOR structure.
Alexis Moshinsky
August 2nd, 2002, 01:39 AM
Hi Alexey,
You are always wellcome.
Originally posted by wayside
Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA
Order, Pay, Have :D :D :D
You are always wellcome.
Originally posted by wayside
Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA
Order, Pay, Have :D :D :D
vanta
November 18th, 2002, 04:26 AM
Hello everyone,
I downloaded FileView application. The app asked me double lick to view a file, and I followed it,then there was a alert appered : "FileViewer.exe has generated errors and will be closed by Windows.You will need to restart the application.".
Does anyone can know why?
By the way, please send me source code if you can. I need it urgently.
thank you.
I downloaded FileView application. The app asked me double lick to view a file, and I followed it,then there was a alert appered : "FileViewer.exe has generated errors and will be closed by Windows.You will need to restart the application.".
Does anyone can know why?
By the way, please send me source code if you can. I need it urgently.
thank you.
vanta
November 21st, 2002, 03:28 AM
Hello everyone,
Is there anyone can post the source code of FileViewer?
Thanks.
vanta.
Is there anyone can post the source code of FileViewer?
Thanks.
vanta.
codeguru.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.