Questions tagged [pe]
a file format for Windows executables, object code, DLLs, and more. Commonly found extensions of PE files include .exe, .dll, .ocx, .sys, and .scr.
253
questions
0
votes
0
answers
37
views
Why mov empty block to register?
Why MOV a bunch of 00s to register?
I have seen these empty blocks a lot of times being referenced this way.
- 1
0
votes
0
answers
21
views
Dumping all import symbols from x64dbg
I want to export the symbol addresses from all loaded modules in x64dbg. I know I can do this DLL-by-DLL from the Symbols tab (click on one module > right click in table > Copy > Export Table)...
0
votes
2
answers
81
views
Does a Windows MSI/installer function similarly to a portable file in PE format?
I'm trying to determine whether a Windows MSI or installer .exe is considered the same as a portable file .exe in the Portable Executable (PE) format, or if it's considered a dropper. What are the ...
- 113
2
votes
2
answers
105
views
Tracing all functions in executable conditionally, to find function of interest
I would like to alter the behavior of some executable (in my case, a videogame). One way of doing this is to hook function calls (e.g., a function like Player::ReceiveDamage) and adjust parameters/...
- 125
0
votes
0
answers
43
views
How do I force IDA to reload PE Header and/or segments?
Introduction
I started analyzing an exe, added many comments, structs, byte patches, etc.
After 2 months of working on this file I used CFF Explorer to add a new section at the end of it called "....
- 1
1
vote
1
answer
85
views
Ghidra not displaying member function call
On lines 67, 70 and 77 ghidra makes a call to what I assume is a member function, but it does not show me which member function. Why is that?
Example from line 70:
(**(code **)(*(longlong *)metaStream ...
- 13
0
votes
0
answers
39
views
How to embed PE files to another PE files
So what I want to do basically is what BDFproxy does on the go, I want to modify a file (on the disk) to embed another PE in it and have both working, it does not matter if they work concurrently or ...
0
votes
0
answers
54
views
Executable Opcodes of Windows Image File Seem Offset from My Calculations
Background:
I'm trying to manually disassemble a practice executable file for practice.
https://github.com/stryker2k2/dbg-demo/blob/master/assem/assem_0x00.asm
Issue:
When I take a look at what I ...
3
votes
2
answers
297
views
Inspect executable binary similarity
I've found a company in China selling a software that is clearly a copy of my own work. For context, this is actually a physical product that comes with a Ubuntu computer and the software pre-...
- 131
0
votes
1
answer
147
views
How to convert variable to struct member in IDA?
I'm working on a windows program which is walking PEB Ldr list. the related types are as follows:
struct LDR_DATA_TABLE_ENTRY {
LIST_ENTRY InLoadOrderLinks; // offset = 0, size = 0x10
...
- 3
0
votes
0
answers
42
views
Exe self-modifies strings searched in debugger
I'm studying a Windows binary file and while searching for some string I noticed the EXE modifies the searched string, e.g., if I search "This is a string", it's modified to "his is a ...
- 1
2
votes
2
answers
202
views
How can I extract *.c file hidden in an executable file (SkiFree)
I am a person interested of old games (MS DOS and 16 bit Windows only) and programming. In 2020, I saw an article about hacking SkiFree somewhere on the internet and soon as I followed the ...
- 31
0
votes
0
answers
78
views
Pe file import binding
I'm learning a bit about PE files. The thing I've struggling a bit now it the First Thunk and Original First Thunk fields. To understand the difference between them I've read this post and that ...
- 115
1
vote
0
answers
154
views
Inject a MessageBox to the PE file
I'd like to patch some Windows PE file to show just simple MessageBox. Taking into account that the PE in question doesn't import the MessageBoxA function if I'm right that all i need to do is to add ...
- 115
0
votes
0
answers
40
views
How to change playing music behavior in a game from playing music through cd-player to playing music through mp3 files?
I have an old game from the 2000s, and as we know the old games were playing the background music through the CD which means the music files were tracks in the game CD instead of MP3 files as usual ...
- 269