1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pe Header In C Language.

Discussion in 'Assembly Language Programming (ALP) Forum' started by CD0712, Apr 5, 2008.

  1. CD0712

    CD0712 New Member

    Apr 5, 2008
    Likes Received:
    Trophy Points:
    I am new in assambly, i have a project and need to write in c language. Please help


    1. Accepts 1 parameter. The parameter is the filename to be processed.
    If there are no parameters, or if there are more than 1 parameters, show an error message.

    2. Opens the file and verify if it’s a PE file. A PE File has the following characteristics:

    MZ signature at offset 00h..01h
    A value > 0x40 at offset 18h
    PE signature at offset pointed to by value in offset 3Ch

    ** You can use either fread/ReadFile/ReadFileEx/CreateFileMapping to read the contents of the file.

    3. Loads the PE header, PE Optional Header and Data directory into a structure and display the values inside this table.

    Please refer to the attached excel sheet for the PE Header documentation.
    You can start your structure for the PE Header as follows:

    struct _PE_HEADER
           char    szPeSignature[4];
    WORD    wMachine;
    WORD    wNumberOfSections;
    DWORD   dwTimeDateStamp;
    DWORD   dwPointerToSymbolTable;
    } PE_HEADER;

    Sample Output:

    PE-Dump of "calc.exe"

     PE-Header                                                 at offset 000000F
     Machine                            (014C) Intel 386
     Number of sections                        3
     TimeDate stamp                 (3B7D8410) Fri Aug 17 13:52:32 2001
     Pointer to symbol table                   00000000
     Number of symbols              (00000000) 0
     Size of optional header            (00E0) 224
     Characteristics                           010F
       bit  0: relocations stripped              Yes
       bit  1: executable image                  Yes
       bit  2: line numbers stripped             Yes
       bit  3: local symbols stripped            Yes
       bit  4: agressively trim working set      No
       bit  5: (reserved)                        No
     Magic optional header                     010B
     Linker version                            7.00
     Size of code                   (00012800) 75776
     Size of initialized data       (00009C00) 39936
     Size of uninitialized data     (00000000) 0
     Address of entry point                    00012475
    Last edited by a moderator: Apr 7, 2008

Share This Page