问题
The above is the complete list of MS-DOS header fields, but I don't know which of them are mandatory and which are optional, does anyone know?
回答1:
If you're trying to create PE Image, e_magic(Magic number) and elfanew(File address of new exe header) are the only mandatory fields that you have to fill in. elfanew should point to the PE IMAGE_NT_HEADER structure.
回答2:
Well back in 2006 someone wanted to create the world most tiny PE. For this he wrote a small PE Fuzzer. With the smallest codebase posible.
return 42;
He managed to get the following sizes of PE's you are too busy to read the entire page, here is a summary of the results:
- Smallest possible PE file: 97 bytes
- Smallest possible PE file on Windows 2000: 133 bytes
- Smallest PE file that downloads a file over WebDAV and executes it: 133 bytes
You can check his work here: http://www.phreedom.org/research/tinype/
He also states the required header values. These are:
- e_magic
- e_lfanew
- Machine
- NumberOfSections
- SizeOfOptionalHeader
- Characteristics
OptionalHeader:
- Magic
- AddressOfEntryPoint
- ImageBase
- SectionAlignment
- FileAlignment
- MajorSubsystemVersion
- SizeOfImage
- SizeOfHeaders
- Subsystem
- SizeOfStackCommit
- SizeOfHeapReserve
回答3:
For MS-DOS, all of the headers are mandatory.
For Win9x and above, e_lfanew must be the offset from the start of the image to the start of the IMAGE_NT_HEADERS, and e_magic must be IMAGE_DOS_SIGNATURE ('MZ').
来源:https://stackoverflow.com/questions/3771638/which-of-the-ms-dos-header-fields-are-mandatory-optional