portable-executable

问题 So I'm trying to figure out how to get my exe to have the same hash code/checksum when it's recompiled. I'm using FastSum to generate the checksum. Currently, no code changes are made, I'm just rebuilding the project in VS and the checksum comes out different. The code is written in c++. I'm not familiar with using hash codes and/or checksums in this manner, but I did some research and read something about needing a consistent GUID. But I have no idea how that would tie into the checksum

问题 I'm trying to get the RVA of specific functions in kernel32.dll so I can use the RVA as an offset from the base address of kernel32.dll in a specified process to get the VA of the functions I need to inject my dll. I already wasn't able to find LoadLibrary but I did find LoadLibraryExA and used that instead for my dll injector however I now can't find GetProcAddress which I was going to use to locate the VA of functions in my ThreadProc function. So if I can't find it that means I'm going to

问题 We have a .NET application that will be distributed through USB drive. End users will connect the drive and double click on the EXE (a .NET exe) to run it WITHOUT installing it. Now the problem is, if .NET is not installed we would like to trigger the .NET installer instead of showing the default download message that MS has put there. The installer will be distributed with the application through the USB. One way to do it might be by replacing the PE stub file in the .NET executable. But I

问题 In a Portable-Executable ,we can change the imported dll name ,by editing PE file , here , i had changed in one imported dll name of application exe,that time it changed normally ....e.g advapi32.dll to ^dvapi32.dll ,so here system32 or any other PATH location doesnt have ^dvapi32.dll ..this time simply i changed the real advapi32.dll into ^dvapi32.dll and put in the application directory ,this time its work fine ....but when i am trying with ntdll & gdi32.dll ,it doesnt supported ,i cant

问题 I have an application, programmed in vb6 that needs some dll-files and ocx-files installed in windows 7. I already have an installer created with innosetup that includes all needed files and also installs the mysql Connector-ODBC for Windows (x86, 64-bit) If I just put all files into one folder the installation doesent work, I get the error Component MSDATGRD.OCX or one of its dependencies not correctly registered: a file is missing or invalid I tried a search for msdatgrd.ocx portableapp but

问题 I would like to open a PE file (which i know is a .Net assembly) and find where the .Net bytecode is (ideally starting at the entrypoint). I know that the PE header data (entrypoint RVA) take me just to a stub which calls CorExeMain from mscoree.dll . This is not what i'm looking for though. I would like to find the bytecode that gets run by mscorlib. How can i do that using C++ and no external tools like ildasm, dumpbin etc. ? I can already parse the PE header and know what image base/RVA

问题 How to know if the exported symbol from a dll is actually variable or a function ? One way may be to look whether the destination address of the symbol resides in the .code section or not. Another method could be to check the memory protection attributes of the selected section. But all these methods seem to be unreliable. What is the best way ? 来源： https://stackoverflow.com/questions/22651581/exported-variable-vs-exported-function-in-a-dll

问题 If my understanding of the Windows Portable Executable specification is correct, relocation tables are only needed when libraries cannot be loaded at their prefered addresses. Why do some applications (e.g. chrome.exe) contain a relocation table? Are applications not always loaded at their preferred addresses? 回答1: It's for ASLR AFAIK, current system loader don't relocate .exe files, maybe because it will increase loading time. However, in next versions of OS, loader will relocate EXEs. (When

问题 Can someone suggest how using python i can get Import address table and Export address table form PE? I currently using pefile module, but not sure i can get IAT and EAT using it. Many thanks for help. 回答1: The documentation describes how to do it: Listing the imported symbols Each directory, if it exists in the PE file being processed, has an entry as DIRECTORY_ENTRY_directoryname in the PE instance. The imported symbols can be listed as follows: # If the PE file was loaded using the fast

问题 Are any sections at all not loaded by the PE loader? Or are every section specified in the section headers loaded? In ELF programs, it's section headers (Called program headers, or segments) that are supposed to be loaded are those that are flagged with PT_LOAD . Is there anything similar to that in PE programs? PS. I found the flag IMAGE_SCN_MEM_DISCARDABLE . Are sections flagged with that not loaded? 回答1: When a relocation section is available, but the PE image does not need to be relocated