GamerH2
Reputation: 55
What's this extra bytes?
I'm studying the PE (Portable Executable) format, but I saw a difference between C++ programs compiled with MinGW and MSVC:
It's some extra bytes after 'This program cannot be run in DOS mode' and before the 'PE' magic signature. Anyone know what this is and why there's the 'Rich' word?
Upvotes: 4
Views: 345
Answers (1)
Megabeets
Reputation: 1408
This is the "Rich header". It was added by Microsoft's link.exe (notice the text "Rich" at the end of the block). It's a structure in PE files between the DOS Header and the NT Header (between DOS stub and PE Header). It contains version information of linked libraries and the linkers versions.
Further reading:
Upvotes: 5
Related Questions
- Portable executable structure explanation
- Strange Value in EXE header
- Portable executable file analysing using c#
- How can a windows executable be of only 128 bytes
- How can an executable be this small in file size?
- Interesting binary dump of executable file
- loading Windows executable - unexpected data appended to sections after loading in memory
- So most of the binary is composed of reloc table?
- executable sections flag
- What's the difference between objdump and Dumpbin in windows?