Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Assembly Language Programming (ALP) Forum (http://www.go4expert.com/forumdisplay.php?f=23)
-   -   Pe Header In C Language. (http://www.go4expert.com/showthread.php?t=9773)

CD0712 5Apr2008 12:33
Pe Header In C Language.
 
I am new in assambly, i have a project and need to write in c language. Please help

----------------------------------------------------------------------------------------------------------------------------------------------------

1. Accepts 1 parameter. The parameter is the filename to be processed.
If there are no parameters, or if there are more than 1 parameters, show an error message.

2. Opens the file and verify if it’s a PE file. A PE File has the following characteristics:

MZ signature at offset 00h..01h
A value > 0x40 at offset 18h
PE signature at offset pointed to by value in offset 3Ch

** You can use either fread/ReadFile/ReadFileEx/CreateFileMapping to read the contents of the file.


3. Loads the PE header, PE Optional Header and Data directory into a structure and display the values inside this table.





Please refer to the attached excel sheet for the PE Header documentation.
You can start your structure for the PE Header as follows:

Code:

struct _PE_HEADER

{

      char    szPeSignature[4];

WORD    wMachine;
WORD    wNumberOfSections;
DWORD  dwTimeDateStamp;
DWORD  dwPointerToSymbolTable;

…

…

…

} PE_HEADER;


Sample Output:

PE-Dump of "calc.exe"



Code:

============================================================================

 PE-Header                                                at offset 000000F

============================================================================

 Machine                            (014C) Intel 386
 Number of sections                        3
 TimeDate stamp                (3B7D8410) Fri Aug 17 13:52:32 2001
 Pointer to symbol table                  00000000
 Number of symbols              (00000000) 0
 Size of optional header            (00E0) 224
 Characteristics                          010F

  bit  0: relocations stripped              Yes
  bit  1: executable image                  Yes
  bit  2: line numbers stripped            Yes
  bit  3: local symbols stripped            Yes
  bit  4: agressively trim working set      No
  bit  5: (reserved)                        No

  ...

 Magic optional header                    010B
 Linker version                            7.00
 Size of code                  (00012800) 75776
 Size of initialized data      (00009C00) 39936
 Size of uninitialized data    (00000000) 0
 Address of entry point                    00012475


All times are GMT +5.5. The time now is 18:27.