Mridul Sachan
Reputation: 93
how to extract and remove the header of a windows PE (portable executable) file?
I am working on an assignment in packed malware analysis, in which I have to extract i.e. remove the header file of a PE malware and then I have to fragment the data. But I am unable to find out how to read and extract the header of a PE file.
Upvotes: 0
Views: 992
Answers (1)
Pyjong
Reputation: 3197
Sorry for not taking better effort but well.. it is your assignment right? :)
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_NT_HEADERS pNtHeaders;
CreateFile("file.exe",...);
ReadFile(..,ptrBuf,...);
pDosHeader = ptrBuf;
pNtHeaders = (PIMAGE_NT_HEADERS)(((PUCHAR)pDosHeader) + pDosHeader->e_lfanew);
Duh.. did you not pay attention during the class?
Upvotes: 1
Related Questions
- How to determine the size of an PE executable file from headers and or footers
- Loading PE Headers
- How to locate PE header of MSI files
- Do I need to modify any headers if I change .text of PE?
- Remove DOS stub from a PE file
- PE File Optional Header Magic Number
- PE file section names
- The size of a PE Header
- how to remove some data from pe (exe) file in C
- Find out where PE file ends through PE header?