portable-executable

It is said that sometimes the loader loads the exe at an address which is different than the one assumed by the linker. What all could be the cases when loader does so?? mox Basically, this takes place in the following situations: The address at which the image prefers to be loaded is already occupied. For example, there may be another image already loaded there. The image to be loaded has been compiled with ASLR enabled. The FLG_LDR_TOP_DOWN global flag has been set, which forces modules to be loaded at the highest possible address. 来源： https://stackoverflow.com/questions/9698496/why-wont-the

I want to run a auto modify .dll service, users submit a specific .dll, I modify it on the server, then user can download modified version of the .dll. Are there any native Linux app that provide common Win32 PE modification capabilities like Icons, Strings, Accelerators, Dialogues, etc. which at least provide a commandline or scripting API ? i586-mingw32msvc-windres as a part of the mingw package. NAME windres - manipulate Windows resources. Command line only, but you can check the source as binutils are free (as in speech). 来源： https://stackoverflow.com/questions/1291570/native-linux-app-to

I am trying to write a code which is supposed to print out the names of all the imported dll's in the exe by using the 'name' field of the IMAGE_IMPORT_DESCRIPTOR structure in the .idata section of the exe, but the program seems to be getting stuck in an infinite loop. Can someone please tell me how to get the names printed out correctly... #include<iostream> #include<Windows.h> #include<stdio.h> #include<WinNT.h> int main() { FILE *fp; int i; if((fp = fopen("c:\\Linked List.exe","rb"))==NULL) std::cout<<"unable to open"; IMAGE_DOS_HEADER imdh; fread(&imdh,sizeof(imdh),1,fp); fseek(fp,imdh.e

I trying in export directory ,i got the exported function name(export by name) by browsing the directory with help of addressoffnnames property ....Here ,Example in comctl32.dll (api) total fn names 420 ,but no of fnnames 118(export by name) ,other 302 fns are exported by ordinal only...i also trying dumpbin it does not show anything(fn name with respect to ordinal) from ordinal...help me ,how to relate api with ordinal to retrieve exported functions name...thanks in advance. Get the "Dependency Walker" utility which is available in Visaul Studio package. It can list both the ordinal and

I need to write a stub module which, when given a PE (DLL/EXE) as input, will determine whether it is a normal Win32 DLL/EXE or COM DLL/EXE. I need to determine this programatically. Are there any Windows APIs for this purpose? I suspect that this is something that would be very hard to do with near 100% accuracy. Some thoughts though: A COM DLL will export functions like DllRegisterServer and DllUnregisterServer. You could use LoadLibrary() to load the Dll, and then GetProcAddress() to check for the presence of these functions. If they're there then its highly likely that its a COM dll. A

The sections of Portable Executable files are tagged with differents flags. Can someone explain the difference between IMAGE_SCN_MEM_EXECUTE (the section can be executed as code) and IMAGE_SCN_CNT_CODE (the section contains executable code)? Thanks. IMAGE_SCN_MEM_EXECUTE is the one that is actually used by the PE loader to set up page permissions. IMAGE_SCN_CNT_CODE is not used, I guess it's just a descriptive flag. 来源： https://stackoverflow.com/questions/3912129/executable-sections-flag