portable-executable

问题 What exactly does "fixups" do when applied on a section? In a fasm sample i found the following section delcaration and i'm really not sure what the fixups attribute does, i couldn't find much information on that in the fasm documentation. section '.reloc' fixups data readable discardable if $=$$ dd 0,8 ; if there are no fixups, generate dummy entry end if 回答1: This appears to be a workaround for a bug in how FASM generates PECOFF DLLs. The .reloc section only applies to PECOFF images (EXEs

问题 I'm looking for a way to reserve some extra space at the begining/end of the .text section from C/C++ using Visual Studio compiler. I've only found one solution on how to reserve some extra space in code section in Visual Studio: PE File .text Section Size #pragma optimize( "", off ) #define NOP __asm { NOP } ; #define NOP8 NOP NOP NOP NOP NOP NOP NOP NOP #define NOP64 NOP8 NOP8 NOP8 NOP8 NOP8 NOP8 NOP8 NOP8 #define NOP512 NOP64 NOP64 NOP64 NOP64 NOP64 NOP64 NOP64 NOP64 #define NOP4096 NOP512

问题 How can I determine if an .EXE file (not my application, not another running application, not a .NET application) is 32-bit or 64-bit in C#? The best I found is this and I'm guessing there's a native .NET call. 来源： https://stackoverflow.com/questions/59911610/how-can-i-identify-if-a-exe-file-is-32-bit-or-64-bit-from-c-sharp

问题 Is there some sort of Windows API or other reasonably straightforward way to determine whether or not the currently running program has IMAGE_FILE_LARGE_ADDRESS_AWARE enabled? I know that I can open up the process's exe as a file, read its header information, and parse it somewhere out of there, but if there's some cleaner way to do it, I'd like to know. To be clear: I am talking about the currently executing process - i.e. I want to write code that detects this flag (or lack thereof) for its

问题 I wrote code and compiled it to exe, now the .text section need to be larger , If I have the code and I want to allocate more space in the .text section from code before compiling it , how to do so ? Allocate some buffers ? I'm trying to alter the code or compiling option to result with a binary file with LARGER .TEXT section my compiler VisualStudio2010 or cl.exe Patching the binary file is more complicated 回答1: Assuming it's really what you want, you may use inline assembly. E.g. for gcc

问题 I have made (in assembler, without a linker) an EXE for x86-64 that runs perfectly well in Wine under Linux. It's a basic HelloWorld that calls MessageBoxA and ExitProcess. Windows 10 won't recognize it, saying 'This program cannot be executed on your computer, talk to your vendor for a version that will suit your computer'. I have used PE format readers (PE Tools and CFF Explorer) to analyze my PE EXE. All numbers in the PE Optional header are the same as in other working EXEs (like os

问题 I want to build Custom Portable executable using NASM. After getting executable using command nasm -f bin program.asm -o program.exe it crashes and gives error similar to this Below you can see the code. bits 64 %define BASE 400000h ALIGNMENT equ 512 %define SECTALIGN 8192 STD_OUTPUT_HANDLE equ -11 NULL equ 0 %define ROUND(v, a) (((v + a - 1) / a) * a) %define ALIGNED(v) (ROUND(v, ALIGNMENT)) %define RVA(obj) (obj - BASE) section header progbits start=0 vstart=BASE mz_hdr: dw "MZ" ; DOS magic

问题 I want to build Custom Portable executable using NASM. After getting executable using command nasm -f bin program.asm -o program.exe it crashes and gives error similar to this Below you can see the code. bits 64 %define BASE 400000h ALIGNMENT equ 512 %define SECTALIGN 8192 STD_OUTPUT_HANDLE equ -11 NULL equ 0 %define ROUND(v, a) (((v + a - 1) / a) * a) %define ALIGNED(v) (ROUND(v, ALIGNMENT)) %define RVA(obj) (obj - BASE) section header progbits start=0 vstart=BASE mz_hdr: dw "MZ" ; DOS magic

问题 Given some Random.exe on Windows, how can I determine its CPU architecture eg Intel/ARM, and its bitness eg 32 or 64. Is there a property in File Explorer, some other tool, or programatic method I can use? 回答1: The architecture of the executable is written in the Machine field of the COFF header. You can retrieve it programatically or manually with a hex editor: Go to offset 0x3C in the file. The four bytes there hold the offset of the COFF header (from the beginning of the file). Go to the

问题 Given some Random.exe on Windows, how can I determine its CPU architecture eg Intel/ARM, and its bitness eg 32 or 64. Is there a property in File Explorer, some other tool, or programatic method I can use? 回答1: The architecture of the executable is written in the Machine field of the COFF header. You can retrieve it programatically or manually with a hex editor: Go to offset 0x3C in the file. The four bytes there hold the offset of the COFF header (from the beginning of the file). Go to the