Fix PE-executable file

Question

Fix PE-executable file

will say that I loaded the PE executable into memory and picked it up with dos, nt header structures, and now I want to know its offset .text / code segement (not VA) offset + size, how to do this? is there a win32 api to search for the start offset .text or maybe a pointer from sturcture which indicates the offset of the beginning of this segment

thanks.

+4

c assembly portable-executable

Xeo Feb 11 '10 at 16:29

source share

3 answers

Vanessa macdougal · Answer 1 · 2010-02-11T17:02:42+0000

IMAGE_FILE_HEADER and IMAGE_OPTIONAL_HEADER have some of this information. You can get them using the GetNTHeaders () function. From there you can get the title of the first section with IMAGE_FIRST_SECTION (pNtHeaders). Section headings are consistent and contain all the information you are interested in. The file header contains the number of sections.

ephemient · Answer 2 · 2010-02-11T16:49:09+0000

Yes, see Peering Inside PE: Win32 Portable Executable Overview .

Stephen kellett · Answer 3 · 2010-05-12T17:12:27+0000

Try using the PE File Format DLL to get the information. The full source code with a non-GPL cover, so you can use it in your commercial project just fine.

A PE File Explorer is also available (with source) to show you how to use the DLL. about

Fix PE-executable file

More articles: