Questions tagged [pe]
a file format for Windows executables, object code, DLLs, and more. Commonly found extensions of PE files include .exe, .dll, .ocx, .sys, and .scr.
253
questions
8
votes
1
answer
1k
views
Can I set entry point at code in PE headers?
If I set something like 0x00000040 (my code is located at this address), then the program crashes with this error:
The application was unable to start correctly (0xc000007b)
But if I jmp from the ...
- 81
7
votes
3
answers
4k
views
Reverse engineering a VC++ video game
So I know x86 machine language and C++/C language. In the last weeks I've dedicated to learn Windows internals and especially PE format. My target is retrieving the Tomb Raider The Angel of Darkness ...
- 421
2
votes
5
answers
1k
views
Question regarding sections in PE image
I have a file that among other sections has:
code
.text
.bss
And this file was not crafted manually, so I suspect.
The question is what could be the meaning of code and .text sections? As far as I ...
- 3,062
7
votes
2
answers
2k
views
Ollydbg target runs automatically
I have a target that automatically runs after I load it in to Ollydbg. This form, doesn't stop at the entry point (but continues to execute and at a point it pauses, I have to press shift+f9.)
Is ...
- 71
9
votes
3
answers
10k
views
How can one extract the appended data of a Portable Executable?
How do you reliably extract appended data in a Portable Executable?
- 6,694
14
votes
2
answers
609
views
Any way to represent the file-memory relation in a Portable Executable (PE) file?
I am looking for a way to automatically represent the relation between the content of a PE file and how it would be loaded in memory - either an IDA plugin, a combination of pefile script+R/SVG...
...
- 6,694
8
votes
3
answers
2k
views
Ripping/pasting code into an executable using Olly
I'm working with some x86 assembly code and I need to rip from one executable and paste that code into another.
Originally, I had an executable that was meant to accept two command line parameters and ...
- 1,022
5
votes
2
answers
488
views
Why does an executable give an error when opened in $tool?
I have an executable that runs in the operating system, but when when I open it in $tool I get an error. What is going on?
- 325
20
votes
10
answers
8k
views
Determining if a file is managed code or not
How can I quickly tell if a EXE or DLL I have is managed code or not?
I spent some time recently trying to disassemble a file and then later learned through some traces in the code that I could have ...
- 373
40
votes
5
answers
136k
views
How do you reverse engineer an EXE "compiled" with PyInstaller
Having recently watched/read a presentation given by Dave Kennedy at DEF CON 20 [PDF], I'd like to know how to decompile a Python script compiled with PyInstaller.
In his presentation, he is creating ...
- 7,582
42
votes
8
answers
82k
views
Is there any way to decompile a .NET assembly or program?
Are there any tools available to take an already compiled .dll or .exe file that you know was compiled from C# or Visual Basic and obtain the original source code from it?
- 927
43
votes
3
answers
28k
views
Unpacking binaries in a generic way
I find that more and more often binaries are being packed with exe protectors such as upx, aspack etc. I tried to follow a few tutorials on how to unpack them but the examples are often quite easy ...
- 3,283
19
votes
4
answers
15k
views
Checking if an .exe is actually a .jar wrapped in an .exe
Let's say I have a .jar file and wrap it into a .exe using any number of free utilities out there, like JSmooth.
Would it be possible to tell, given just the .exe, if it was generated using one such ...
- 927