portable-executable
finding the section of a PE's entrypoint
I\'m trying to find what section the PE entrypoint points to. I have two questions: Is it correct to say that this section is the one such that section.PointerToRawData <开发者_运维百科; AddressOf[详细]
2023-04-08 21:19 分类:问答Packer detection of PE files
I want to know how detectors like Peid exe tools or protectid detect the packer/protection of pe files. I thought maybe some constant values when a program is packed, but i dont know well. Can someone[详细]
2023-04-02 17:01 分类:问答Windows PE executable file CRC calculation issue
Let me explain what I\'m trying to accomplish. I want to know from inside my Windows executable file if it was tampered with after i开发者_运维知识库t was built. For that I decided to calculate the CR[详细]
2023-03-31 00:46 分类:问答Dynamic Forking of Win32 EXE
http://www.security.org.sg/code/loadexe.html http://pastebin.com/QFHASx75 I\'ve compiled this but can\'t get it to work properly, It runs fine and shows no errors in the console[详细]
2023-03-30 14:09 分类:问答Is there an open source equivalent of Linux' /lib/ld-linux.so for Windows?
Is there an open source program for Windows that offers th开发者_开发知识库e same functionality as Linux\' /lib/ld‑linux.so.2?You might want to look at the ReactOS project.[详细]
2023-03-28 22:52 分类:问答what is the maximum size of a PE file on 64-bit Windows?
It seems to me it\'s always goin开发者_运维知识库g to be 4GB, because it uses the same size datatype (A DWORD)? Isn\'t a DWORD for the SizeOfImage always going to be 32-bits? Or am I mistaken about th[详细]
2023-03-26 07:28 分类:问答Names of source shared libraries for imported symbols in ELF format
i\'m working on program that will analyze object files in ELF and PE formats (kind of school/research project). Right now i\'m about to process dynamic import symbols in executable files. I would like[详细]
2023-03-20 06:24 分类:问答Possible? Modify loaded C# DLL?
I was just wondering if this was possible before I start working on it. I can inject and run C#开发者_C百科 code into a running process, as well as enumerate all the loaded .NET modules. Separately, I[详细]
2023-03-19 15:29 分类:问答Windows initial execution context
Once Windows has loade开发者_运维百科d an executable in memory and transfert execution to the entry point, do values in registers and stack are meaningful? If so, where can I find more informations ab[详细]
2023-03-06 22:24 分类:问答So most of the binary is composed of reloc table?
I just used objdump -x ... to check the sections of a PE file. There\'s about 90,000 lines of reloc entries:[详细]
2023-03-05 17:03 分类:问答
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......