read exe file information .

Question

4.00/5 (1 vote)

See more:

From the beginning i am hearing that exe consists of 3 main parts,
.rcsc
.text
.data
-some time these too
(.reloc)
(.ndata)
(.rdata)

exe file starts with magic sig "MZ".
exe file has an entry point called (EP).It has export table , import table, check-sums..

hummm strange...

My question is How do i open exe file to get this information,
packer , unpackers, pe scanner's and AV's are use this concept to examine a particular file.

code, documents any thing is welcome.

thanks for reading this gibberish.

_UPDATE_

For example :
Consider file.exe ,
i want to open this file and search for particular byte pattern.

For ex : ?? ?? ?? 5B 24 55 50 44 FB 32 2E 31 5D
this is byte pattern for packer called "$pirit v1.5"
?? are wildcard bytes.

Posted 11-May-11 21:15pm

Archit9373284448

Updated 11-May-11 21:34pm

v3

Add a Solution

Comments

Joan M 12-May-11 3:22am

Do you want us to explain you how to open a file to read its contents and then how to parse them or do you want us to give some kind of structure that can be read in all exe's?

Could you clarify it a little?

Archit9373284448 12-May-11 3:25am

yes sir :)

2 solutions

Solution 2

You may find introductory material and above all, useful links to the PE format specifications here: "PE page at Wikipedia"[^].

Posted 11-May-11 21:32pm

CPallini

v2

Comments

Archit9373284448 12-May-11 3:38am

that was an introduction about PE , i read that before posting here, but tanks a lot for you effort
:)

CPallini 12-May-11 3:58am

The links to the format specifications are the valuable material, there. You should study it befeore attempting to parse.

Archit9373284448 13-May-11 8:49am

yes i did, i have some docs from underground community which i read + this wiki

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-05-11T21:19:00

Solution 1

In c#:

byte[] data = File.ReadAllBytes(@"F:\Temp\XXX.exe");

You can then parse the data as you will.
MSDN[^]

Posted 11-May-11 21:19pm

OriginalGriff

Comments

Joan M 12-May-11 3:50am

5ed... exactly what he needs...