Where can I find a comprehensive specification of the latest Windows executable file format?
Printable View
Where can I find a comprehensive specification of the latest Windows executable file format?
Visit
www.wotsit.org
It has almost all file format.
Hope it helps.
I have already visited that site and read all the exe specifications they had. All of them are very outdated ranging from MS-DOS to Win9x.
Hi Alexey,
here:
http://www.microsoft.com/hwdev/hardware/PECOFF.asp
You can download spec for portable executable.
here:
http://www.windowsitlibrary.com/Docu...DocumentID=356
You find nice expanation about the format
Good luck with RVAs :)
If you are going to be munging around on exe's directly, try to get some Borland exe's to test your code with. The Borland linker does things a little differently in some areas of the exe, import tables for example.
Latest EXE?? ;))
well than, read about the PE header
here:
http://www1.lunarpages.com/codeinside/PETut.html
Thank you very much Alexis. The two links provided me with all the information I needed. My luck with RVAs has held as well. :)
To help myself learn the format well, I have created a small application that parses header, import, export and resource information in an executable or a DLL and displays it in form of a tree, in a readable format. The application is attached to this message in case anyone is interested.
What, no source code??? :) :) :) :) :)
Very nice app! Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA in your tree) attached to the import lib descriptor, that way you can tell what functions are used out of each library.
If you have access to any Borland apps, try one of those, the Borland linker plays fast and loose with the PE spec.
I'll post the source too, but first I want to write my own RVA to VA conversion function to loose the dependency on imagehlp.dll. By the way, double-clicking an item that is a reference will automatically select the item that the reference points to. An example would be the OriginalFirstThunk member of an IMAGE_IMPORT_DESCRIPTOR structure.
Hi Alexey,
You are always wellcome.
Order, Pay, Have :D :D :DQuote:
Originally posted by wayside
Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA
Hello everyone,
I downloaded FileView application. The app asked me double lick to view a file, and I followed it,then there was a alert appered : "FileViewer.exe has generated errors and will be closed by Windows.You will need to restart the application.".
Does anyone can know why?
By the way, please send me source code if you can. I need it urgently.
thank you.
Hello everyone,
Is there anyone can post the source code of FileViewer?
Thanks.
vanta.
I don't have FileViewer, though I have a resource that might help :)
HexEdit Pro 4.0 - 4Shared Backup Download (Andrew seems to have lost his site)
WARNING: Don't use 4Priority Downloader! (Create an account to download with no adware)
HexEdit Pro comes with a template to view the structure of EXE (including CLI supported) files.
it only goes as far as outlining the sections (it doesn't operate on the data)
I'm not sure if this works properly with recent EXEs, but it can be tested. :)
well... the format hasn't really changed since Windows95.Quote:
Originally Posted by Alexey B
If you're talking about how the compiler/linker actually make things work, that's an entirely different.
In that case you're asking "can someone give me the latest cooking book", but every cook will give you a different recipe for how to make certain dishes.
there's no "new" in this case, every compiler/linker does it their own way, and it even changes with compiler/linker versions within the same brand.
That thread was 12 years old.
The account was created specifically for that single post... Which contains a link to a .exe on a file sharing website...
Speaking of which, isn't giving links to pirate software a violation of TOS?
I don't know if it's an honest post (as it *is* on subject), or a very elaborate try at getting you to download malware.
I DON'T distribute malware!
I'm a relatively known programmer and have a reputation to up-hold there.
(I ONLY use SAFE freeware, and try to remove the adware where possible)
^ if there's an adware wrapper, what I back up is the actual unwrapped installer.
it's not pirated, one of my links to http://hexeditpro.com got reported for being broken on another forum.
and I back up my installers normally, so when it did, I forwarded that link.
and I have this forum bookmarked for future use, don't worry about me only posting once, more will come. ;)
odd though, I wasn't emailed until a 2nd post was made here... >.>
or if I'm misunderstanding and that's what pirating is, then I'd prefer not to use that term as it's extremely dirty for what it is.Quote:
Originally Posted by Tcll
it's a backup of the original installer, no modifications made to it.
I've already notified Andrew (the developer) here:
http://hexedit.com/cgi-bin/ikonboard...;st=0;&#entry1
of course though he's hardly ever on, so he most likely hasn't seen it yet.
PS: sorry for a D-post, I'd edit my last post with this if I could