portable-executable

问题 Given some Random.exe on Windows, how can I determine its CPU architecture eg Intel/ARM, and its bitness eg 32 or 64. Is there a property in File Explorer, some other tool, or programatic method I can use? 回答1: The architecture of the executable is written in the Machine field of the COFF header. You can retrieve it programatically or manually with a hex editor: Go to offset 0x3C in the file. The four bytes there hold the offset of the COFF header (from the beginning of the file). Go to the

问题 I'm studying the PE (Portable Executable) format, but I saw a difference between C++ programs compiled with MinGW and MSVC: It's some extra bytes after 'This program cannot be run in DOS mode' and before the 'PE' magic signature. Anyone know what this is and why there's the 'Rich' word? 回答1: This is the "Rich header". It was added by Microsoft's link.exe (notice the text "Rich" at the end of the block). It's a structure in PE files between the DOS Header and the NT Header (between DOS stub

来源： https://stackoverflow.com/questions/63136443/linking-with-pe-i386-object-file-and-a-pe-x86-64-object-file

问题 This question already has answers here : Attempted to read or write protected memory. This is often an indication that other memory is corrupt (26 answers) Proper IntPtr use in C# (4 answers) Closed 18 days ago . I declare it as: [System.Runtime.InteropServices.DllImport("imagehlp.dll")] public static extern UInt32 MapFileAndCheckSumA(string fileName, IntPtr HeaderSum, IntPtr CheckSum); Then I try to call MapFileAndCheckSumA IntPtr HeaderSum = new IntPtr(0); IntPtr CheckSum = new IntPtr(0);

问题 I am developing on a Windows machine for which I don't have administrative privileges. I would like to use CMake to compile, and I cannot simply download and install this due to administrative restrictions. I would also like to avoid compiling CMake from source (if possible). Are there portable binaries available for Windows that would allow one to simply use CMake? 回答1: You can download a ZIP file of CMake. You can just uncompress it somewhere you are allowed to copy files and use it from

问题 I am trying to print the bitness and dll's that needs to be loaded for a given dll. My code looks like this (simplified version;without error checking): fh = CreateFile("my_dll_file.dll", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); fm = CreateFileMapping(fh, NULL, PAGE_READONLY, 0, 0, NULL); base_pointer = (char *)MapViewOfFile(fm, FILE_MAP_READ, 0, 0, 0); pe = ImageNtHeader(base_pointer); oh = pe->OptionalHeader; mi = oh.Magic; switch (mi) { case IMAGE

问题 I am trying to print the bitness and dll's that needs to be loaded for a given dll. My code looks like this (simplified version;without error checking): fh = CreateFile("my_dll_file.dll", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); fm = CreateFileMapping(fh, NULL, PAGE_READONLY, 0, 0, NULL); base_pointer = (char *)MapViewOfFile(fm, FILE_MAP_READ, 0, 0, 0); pe = ImageNtHeader(base_pointer); oh = pe->OptionalHeader; mi = oh.Magic; switch (mi) { case IMAGE

问题 All texts on how to create a compiler stop after explaining lexers and parsers. They don't explain how to create the machine code. I want to understand the end-to-end process. Currently what I understand is that, the Windows exe file formats are called Portable Executable. I read about the headers it has and am yet to find a resource which explains this easily. My next issue is, I don't see any resource which explains how machine code is stored in the file. Is it like 32-bit fixed length

问题 I'm trying to build a PE viewer in C++ and it seems to crash if i try to output the names of the libraries in the Import Directory Table. It seems that I am not getting the correct pointers for the DLLs that are used by the program. HANDLE handle = CreateFile("messagebox.exe",GENERIC_READ,0,0,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,0); DWORD size = GetFileSize(handle,NULL); PVOID virtualpointer = VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_READWRITE); state = ReadFile(handle,virtualpointer,size,

问题 I'm trying to build a PE viewer in C++ and it seems to crash if i try to output the names of the libraries in the Import Directory Table. It seems that I am not getting the correct pointers for the DLLs that are used by the program. HANDLE handle = CreateFile("messagebox.exe",GENERIC_READ,0,0,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,0); DWORD size = GetFileSize(handle,NULL); PVOID virtualpointer = VirtualAlloc(NULL,size,MEM_COMMIT,PAGE_READWRITE); state = ReadFile(handle,virtualpointer,size,