Results 1 to 2 of 2

Thread: PE Header in C Language. Please Help!!!

  1. #1
    cdiaz0712
    Guest

    PE Header in C Language. Please Help!!!

    Write a program in C that do the following. ----------------------------------------------------------------------------------------------------------------------------------------------------
    1. Accepts 1 parameter. The parameter is the filename to be processed.
    If there are no parameters, or if there are more than 1 parameters, show an error message.
    2. Opens the file and verify if it’s a PE file.
    A PE File has the following characteristics:
    MZ signature at offset 00h..01h
    A value > 0x40 at offset 18h
    PE signature at offset pointed to by value in offset 3Ch
    ** You can use either fread/ReadFile/ReadFileEx/CreateFileMapping to read the contents of the file.
    3. Loads the PE header, PE Optional Header and Data directory into a structure and display the values inside this table.
    Please refer to the attached excel sheet for the PE Header documentation.
    You can start your structure for the PE Header as follows:

    struct _PE_HEADER
    {
    char szPeSignature[4];
    WORD wMachine;
    WORD wNumberOfSections;
    DWORD dwTimeDateStamp;
    DWORD dwPointerToSymbolTable;



    } PE_HEADER;
    Sample Output:
    PE-Dump of "calc.exe"
    ============================================================================
    PE-Header at offset 000000F
    ============================================================================
    Machine (014C) Intel 386
    Number of sections 3
    TimeDate stamp (3B7D8410) Fri Aug 17 13:52:32 2001
    Pointer to symbol table 00000000
    Number of symbols (00000000) 0
    Size of optional header (00E0) 224
    Characteristics 010F
    bit 0: relocations stripped Yes
    bit 1: executable image Yes
    bit 2: line numbers stripped Yes
    bit 3: local symbols stripped Yes
    bit 4: agressively trim working set No
    bit 5: (reserved) No
    ...
    Magic optional header 010B
    Linker version 7.00
    Size of code (00012800) 75776
    Size of initialized data (00009C00) 39936
    Size of uninitialized data (00000000) 0
    Address of entry point 00012475
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    cdiaz0712, I have deleted your Blog and blog entry you created to post this. The Blog function is NOT meant to post random help requests but is reserved for meaningful reversing related contributions.

    You can still create a blog at a future time if you so wish and understand what it's meant for.

    As for your post.. we're here to help, even if it's homework I guess, BUT you need to do your own work and at least show you're trying here.

    Where are you stuck? You can write a basic C program presumably. Do you know how to open a file with fread/ReadFile/ReadFileEx/CreateFileMapping? Have you even found the prototypes for these API's from the Microsoft site or PSDK? Find them at least and let us know if you even know how to use the information. You *should* at least be able to make sense of what they are saying or you will be able to go no further.

    As for interpreting the PE format.. Besides there being a lot of code examples around to do what is asked for, understanding how to make use of the PE header fields will come later.

    Start with creating a basic C program to open (any) file. Don't even worry about mapping it yet (CreateFileMapping), show us that you have at least attempted a skeleton program to open a file and we can go from there.

    Kayaker

Similar Threads

  1. [ New Tool ] IDA Plugin for Chinese Language Translation
    By Gunther in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: May 16th, 2014, 12:00
  2. VB Header Info
    By JoePub in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 25th, 2010, 20:55
  3. Replies: 4
    Last Post: May 8th, 2010, 20:01
  4. default Process Heap Header
    By ronnie291983 in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: December 29th, 2009, 08:57
  5. PE Header Issue
    By Tom_Smith in forum OllyDbg Support Forums
    Replies: 5
    Last Post: August 4th, 2007, 17:50

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •