problem about pe-Collection of common programming errors

11 years ago
admin
6 minutes

  • Omnifarious
    c++ windows visual-studio-2010 windows-7 pe
    I am writing my own little user mode debugger for fun. I know that the entry point specified in the PE header is not the programs defined main() (as far as microsoft c++ runtime is concerned anyway)Where can I find some documentation on the calls that take place between this entry point, up until the actual main() function, and why they are called, and what they do?

  • Cody Gray
    .net com winapi pe typelibrary
    Is there any attribute, property, or method available which tells whether a given type library is an in-proc COM server or an out-of-proc COM server?

  • Hulud
    c++ loadlibrary dll pe
    I want to load at runtime a third party binary plug-in (P.dll) in my application (A.exe). This plug-in has been built for another application (B.exe).The plug-in has implicit dll import on the B.exe module, like :Module Name : B.exe func1 func2 func3I have exported the functions func1, func2 and func3 from A.exe but I can’t load the dll with LoadLibrary because there is no module named “B.exe”.Is there something better to do than renaming my application “B.exe” or patching P.dll’s PE ?Thanks,C

  • thegravian
    visual-studio visual-c++ reverse-engineering pe
    I’ve been compiling simple Hello World applications in Visual Studio 2010 with the C++ compiler (Win32 is the target) to see what the product looks like under the microscope when I run it with the Immunity debugger. What I’ve noticed, however, is that there is some code (quite a bit of code, actually) that gets run before my main function is reached. A lot of this stuff looks security related or maybe prepping the system to manage processes or what not, but there’s just a TON of it there. Mor

  • Cody Gray

  • Idov
    c++ import pe
    I’m reading the import table of a PE file and I’m able to get the names of the DLLs it imports from the IMAGE_IMPORT_DESCRIPTOR structures but I can’t find where the DLLs paths are. How can I read them?

  • lamia
    c++ c pe
    I am trying ti make my own packer, and my packer works fine with executable compiled VC++ 6, but when I try to pack executable compiled with VC++ 8, the executable will crash. So I wanted to know if there is any change in the PE structure in the new versions of C++?

  • user1514631
    exe pe
    First of all is it possible to have multiple .bss and .data sections in the same PE EXE?When yes, is there an “easy” way to instruct the linker which variables should be allocated to which section? With #pragma’s or alike?When all of the above is possible, ist it possible to change the section characteristics of these .bss and .data section during runtime? The only thing I’m interested in ist the setting and clearing of the writable 0x80000000 flag.Creating multiple EXE’s with different headers

  • Giortmants Romskij
    c++ process executable pe inject
    I have been trying to make a executable injector into process for WINDOWS, the program compiles without any errors, but when I run the program (via Microsoft Visual Studio’s Debug mode) I get a runtime error. Visual studio highlights a line (i have marked it with comments)#include <windows.h> #include “resource.h”int main() {PIMAGE_DOS_HEADER IDH;PIMAGE_NT_HEADERS INTH;PIMAGE_SECTION_HEADER ISH;//Lets load the resourceHRSRC hResource=FindResourceA(NULL,(LPCSTR)MAKEINTRESOURCE(IDR_EXE1),”EX

  • jweyrich
    c windows pe
    I created a child process from within my process with CreateProcess() and suspend the child process. I can get the main entry point in the memory of child process, but how should I get function entry point of child process?This is how I get the main entry point of child processDWORD FindEntryPointAddress( TCHAR *exeFile ) {BY_HANDLE_FILE_INFORMATION bhfi;HANDLE hMapping;char *lpBase;HANDLE hFile = CreateFile(exeFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);if (hFile == INVAL

  • user2714624
    pe entry-point
    If I set something like 0x00000040 (my code is located at this address), then the program crashes with this error:The application was unable to start correctly (0xc000007b)But if I jmp from the code section to 0x00400040 then it works.Why did I get error with that strange address (0xc000007b)? Is it possible to start the execution of program from code which is located outside sections?I use Windows 8.

  • zxcat
    dll windows-mobile pe pda windows-mobile-6.1
    Hi!I have an old plugin (as binary, dll), used by my application. It was build for WM2003. And now it crashes the app, if loaded on Windows Mobile 6.1 (WM5 works fine, WM6 too).The source code is not available and it’s no more supported by developer. So I can’t rebuild it for WM6.1.Is it possible to patch or convert the binary to allow it to work on WM6.1 ? If so, how can I do this ?Thank you.Edit: I’ve found, that the problem is in PE loader, which acts not the same on WM6.1 (comparing with WM6

  • peter matula
    import symbols elf pe
    i’m working on program that will analyze object files in ELF and PE formats (kind of school/research project). Right now i’m about to process dynamic import symbols in executable files. I would like to find as much info about symbol as possible.In PE format, imports are stored in .idata section. There are several tables with different information but what is interesting for me is, that there is no problem to find out in which library is symbol defined. There is always name of shared library and

  • replicant
    c++ exe pe
    http://www.security.org.sg/code/loadexe.htmlhttp://pastebin.com/QFHASx75I’ve compiled this but can’t get it to work properly, It runs fine and shows no errors in the consoleconsole output:C:\~\~\Documents\Visual Studio 2010\Projects\loadEXE\Debug>loadEXE.exe AcceleratedC++Exe_2-0.exe Original EXE loaded (PID = 4068). Original Base Addr = 110000, Size = 29000 Unmapped and Allocated Mem for New EXE at 400000 EIP = 772501C4 EAX = 12141F EBX = 7EFDE000 ECX = 0 EDX = 0 New EXE Image Size = 25000 N

  • skaffman
    kernel elf msys pe multiboot
    I am using Msys to build a home brew kernel that I wrote under Linux. Linux used ELF for its binary format and Msys uses PE. I have the source setup to allow it to be booted by Grub using the Multiboot spec. At the end of the build, I get some undefined symbols:init.o:init.S:(.text+0x14): undefined reference to `edata’main.o:main.c:(.text+0x121): undefined reference to `_alloca’main.o:main.c:(.text+0x126): undefined reference to `__main’../../lib\libkern.a(mem.o):mem.c:(.text+0x242): undefine

Web site is in building