I am working on an assignment in packed malware analysis, in which I have to extract i.e. remove the header file of a PE malware and then I have to fragment the data. But I am unable to find out how to read and extract the header of a PE file.
Asked
Active
Viewed 896 times
1 Answers
1
Sorry for not taking better effort but well.. it is your assignment right? :)
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_NT_HEADERS pNtHeaders;
CreateFile("file.exe",...);
ReadFile(..,ptrBuf,...);
pDosHeader = ptrBuf;
pNtHeaders = (PIMAGE_NT_HEADERS)(((PUCHAR)pDosHeader) + pDosHeader->e_lfanew);
Duh.. did you not pay attention during the class?
Pyjong
- 3,095
- 4
- 32
- 50