Alexandre
Reputation: 2025
Portable Executable file format
I'm doing some research on the PE format, but I'm having trouble understanding some things ... for example, in various documentations found the signature "PE\0\0' must be in position 0x80 of file, so, I generated a 2 exes using the Digital Mars C/C++ compiler and MVC++ compiler...
In DMC compiler, the PE signature is in 0x60 position, and in MSC++ the PE signature is in 0xE8 postions...
What would be the correct way to calculate this?
In the executable generated by MSC++ I found this ( look the picture ), what is this???
Upvotes: 0
Views: 636
Answers (1)
GuidedHacking
Reputation: 3923
Inside the _IMAGE_DOS_HEADER structure, the last variable is the e_lfanew variable, this indicates where the PE file header is located
Upvotes: 2
Related Questions
- Portable executable structure explanation
- What's the format of .lib in windows?
- what is portable executable format and why we need it?
- x64 Portable executable not working
- PE file section names
- PE File Format Section Add On
- Portable .net applications
- Portable Executable Export File Name field
- is binary executable file portable
- About the code section of PE format