开发者

Which of the MS-DOS header fields are mandatory/optional?

开发者 https://www.devze.com 2023-01-17 08:31 出处:网络
The above is the complete list of MS开发者_运维百科-DOS header fields, but I don\'t know which of them are mandatory and which are optional, does anyone know?If you\'re trying to create PE Image, e_

Which of the MS-DOS header fields are mandatory/optional?

The above is the complete list of MS开发者_运维百科-DOS header fields, but I don't know which of them are mandatory and which are optional, does anyone know?


If you're trying to create PE Image, e_magic(Magic number) and elfanew(File address of new exe header) are the only mandatory fields that you have to fill in. elfanew should point to the PE IMAGE_NT_HEADER structure.


Well back in 2006 someone wanted to create the world most tiny PE. For this he wrote a small PE Fuzzer. With the smallest codebase posible.

return 42;

He managed to get the following sizes of PE's you are too busy to read the entire page, here is a summary of the results:

  • Smallest possible PE file: 97 bytes
  • Smallest possible PE file on Windows 2000: 133 bytes
  • Smallest PE file that downloads a file over WebDAV and executes it: 133 bytes

You can check his work here: http://www.phreedom.org/research/tinype/

He also states the required header values. These are:

  • e_magic
  • e_lfanew
  • Machine
  • NumberOfSections
  • SizeOfOptionalHeader
  • Characteristics

OptionalHeader:

  • Magic
  • AddressOfEntryPoint
  • ImageBase
  • SectionAlignment
  • FileAlignment
  • MajorSubsystemVersion
  • SizeOfImage
  • SizeOfHeaders
  • Subsystem
  • SizeOfStackCommit
  • SizeOfHeapReserve


For MS-DOS, all of the headers are mandatory.

For Win9x and above, e_lfanew must be the offset from the start of the image to the start of the IMAGE_NT_HEADERS, and e_magic must be IMAGE_DOS_SIGNATURE ('MZ').

0

精彩评论

暂无评论...
验证码 换一张
取 消