I\'m trying to find what section the PE entrypoint points to. I have two questions: Is it correct to say that this section is the one such that section.PointerToRawData <开发者_运维百科; AddressOf
I want to know how detectors like Peid exe tools or protectid detect the packer/protection of pe files. I thought maybe some constant values when a program is packed, but i dont know well. Can someone
Let me explain what I\'m trying to accomplish. I want to know from inside my Windows executable file if it was tampered with after i开发者_运维知识库t was built. For that I decided to calculate the CR
http://www.security.org.sg/code/loadexe.html http://pastebin.com/QFHASx75 I\'ve compiled this but can\'t get it to work properly, It runs fine and shows no errors in the console
Is there an open source program for Windows that offers th开发者_开发知识库e same functionality as Linux\' /lib/ld‑linux.so.2?You might want to look at the ReactOS project.
It seems to me it\'s always goin开发者_运维知识库g to be 4GB, because it uses the same size datatype (A DWORD)? Isn\'t a DWORD for the SizeOfImage always going to be 32-bits? Or am I mistaken about th
i\'m working on program that will analyze object files in ELF and PE formats (kind of school/research project). Right now i\'m about to process dynamic import symbols in executable files. I would like
I was just wondering if this was possible before I start working on it. I can inject and run C#开发者_C百科 code into a running process, as well as enumerate all the loaded .NET modules. Separately, I
Once Windows has loade开发者_运维百科d an executable in memory and transfert execution to the entry point, do values in registers and stack are meaningful? If so, where can I find more informations ab
I just used objdump -x ... to check the sections of a PE file. There\'s about 90,000 lines of reloc entries: