News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Questions about the PE file format

Started by AeroASM, May 11, 2005, 06:17:32 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

AeroASM

May 11, 2005, 06:17:32 AM
1. Where can I find proper documented information on all the elements of IMAGE_DOS_HEADER?
2. In particular, where is the offset of the DOS stub stored?
3. Must the section table immediately follow the IMAGE_NT_HEADERS?

Thanks to all.

hutch--

#1
May 11, 2005, 06:25:23 AM
Aero,

Microsoft Portable Executable and Common Object File Format Specification.

Do a google search for a WORD doc format file PECOFF.DOC. Its on the Microsoft site somewhere.

The DOS or MZ header is at the beginning of a PE file and the last element of the structure has the offset of the PE header that follows.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

thomasantony

#2
May 11, 2005, 07:32:02 AM
Hi Aero,
    The PE file has a DOS stub that is basically a small DOS proggy that displays the message "This program needs MS Windows" etc. The offset of the PE Header is stored at offset 3Ch. THat DOS header  should be atleast 64 bytes long.(40h)

Thomas :U
There are 10 types of people in the world. Those who understand binary and those who don't.


Programmer's Directory. Submit for free

Vortex

#3
May 11, 2005, 07:41:00 AM
Hi Aero,

Did you check Iczelion's PE tutorials?

Quote
Overview of PE File Format
Detecting a Valid PE File
File Header
Optional Header
Section Table
Import Table
Export TableĀ 

http://spiff.tripnet.se/~iczelion/pe-tut1.html

pbrennick

#4
May 11, 2005, 10:55:25 AM
Hi Aero,
Take a look at the MSDN online database.  I found http://msdn.microsoft.com/msdnmag/issues/02/02/pe/default.aspx and some other interesting stuff.

hth:
Paul

Tedd

#5
May 11, 2005, 11:00:32 AM
No snowflake in an avalanche feels responsible.

AeroASM

#7
May 12, 2005, 05:38:55 PM
Thanks everybody, but I had already found similar information myself. I was looking for answers to my specific questions.

Jibz

#8
May 12, 2005, 05:54:18 PM
1. You'd need to dig up some DOS exe format specification to get those, if you have any specific questions, try asking
2. The DOS stub is the first thing in a PE executable, so it always starts at offset 0.
3. Yes. You find the section table by adding SizeOfOptionalHeaders to the offset of the optional header in IMAGE_NT_HEADERS.

AeroASM

#9
May 12, 2005, 08:33:41 PM
Quote from: Jibz on May 12, 2005, 05:54:18 PM
2. The DOS stub is the first thing in a PE executable, so it always starts at offset 0.

I meant, the executable code. I couldn't find anywhere in the DOS header where the offset of the DOS code is stored.

Jibz

#10
May 12, 2005, 08:58:28 PM
The image comes right after the header, so that's at e_cparhdr*16, where e_cparhdr is the 'header size in paragraphs' member of the DOS exe header.

thomasantony

#11
May 14, 2005, 05:42:36 AM
*Usually* the DOS stub code starts at offset 20h and continues till 3Ch for the smallest stub. But MS's stub continues after that till 60h or something.

Thomas
There are 10 types of people in the world. Those who understand binary and those who don't.


Programmer's Directory. Submit for free
Print
Go Up Pages1
User actions