If you are going to be munging around on exe's directly, try to get some Borland exe's to test your code with. The Borland linker does things a little differently in some areas of the exe, import tables for example.
Thank you very much Alexis. The two links provided me with all the information I needed. My luck with RVAs has held as well.
To help myself learn the format well, I have created a small application that parses header, import, export and resource information in an executable or a DLL and displays it in form of a tree, in a readable format. The application is attached to this message in case anyone is interested.
Last edited by Alexey B; August 1st, 2002 at 05:59 PM.
Very nice app! Generally, though, I find it much more useful to have the imported functions (the PIMAGE_THUNK_DATA in your tree) attached to the import lib descriptor, that way you can tell what functions are used out of each library.
If you have access to any Borland apps, try one of those, the Borland linker plays fast and loose with the PE spec.
I'll post the source too, but first I want to write my own RVA to VA conversion function to loose the dependency on imagehlp.dll. By the way, double-clicking an item that is a reference will automatically select the item that the reference points to. An example would be the OriginalFirstThunk member of an IMAGE_IMPORT_DESCRIPTOR structure.
Hello everyone,
I downloaded FileView application. The app asked me double lick to view a file, and I followed it,then there was a alert appered : "FileViewer.exe has generated errors and will be closed by Windows.You will need to restart the application.".
Does anyone can know why?
By the way, please send me source code if you can. I need it urgently.
I don't have FileViewer, though I have a resource that might help
HexEdit Pro 4.0 - 4Shared Backup Download (Andrew seems to have lost his site)
WARNING: Don't use 4Priority Downloader! (Create an account to download with no adware)
HexEdit Pro comes with a template to view the structure of EXE (including CLI supported) files.
it only goes as far as outlining the sections (it doesn't operate on the data)
I'm not sure if this works properly with recent EXEs, but it can be tested.
I have already visited that site and read all the exe specifications they had. All of them are very outdated ranging from MS-DOS to Win9x.
well... the format hasn't really changed since Windows95.
If you're talking about how the compiler/linker actually make things work, that's an entirely different.
In that case you're asking "can someone give me the latest cooking book", but every cook will give you a different recipe for how to make certain dishes.
there's no "new" in this case, every compiler/linker does it their own way, and it even changes with compiler/linker versions within the same brand.
The account was created specifically for that single post... Which contains a link to a .exe on a file sharing website...
Speaking of which, isn't giving links to pirate software a violation of TOS?
I don't know if it's an honest post (as it *is* on subject), or a very elaborate try at getting you to download malware.
Is your question related to IO?
Read this C++ FAQ article at parashift by Marshall Cline. In particular points 1-6.
It will explain how to correctly deal with IO, how to validate input, and why you shouldn't count on "while(!in.eof())". And it always makes for excellent reading.
* The Best Reasons to Target Windows 8
Learn some of the best reasons why you should seriously consider bringing your Android mobile development expertise to bear on the Windows 8 platform.
Reply With Quote
)
Originally Posted by Alexey B
