Stack Overflow
Stack Overflow

Questions tagged [portable-executable]

The Portable Executable (PE) format, a modification of COFF, is the file format for executable binaries under the Windows operating system. The PE format is easily recognized by its "MZ DOS header" (0x4d 0x5a, "MZ" for "Mark Zbikowski").

The Portable Executable (PE) format is a file format for executable files (EXE and DLL), used in 32-bit and 64-bit versions of Windows operating systems. It is derived from the earlier format.

Documentation

Wikipedia article

A 2-part feature in ran in MSDN Magazine in February and March 2002 that describes the format.

1062 questions
68
votes
2 answers

VA (Virtual Address) & RVA (Relative Virtual Address)

A file that is given as input to the linker is called Object File. The linker produces an Image file, which in turn is used as input by the loader. A blurb from "Microsoft Portable Executable and Common Object File Format Specification" RVA…
claws
  • 52,236
  • 58
  • 146
  • 195
47
votes
3 answers

What's the difference between PE32+ and PE32?

When running CorFlags on some DLL file, some show as PE32 and some show as PE32+. What's the difference?
user496949
  • 83,087
  • 147
  • 309
  • 426
40
votes
2 answers

What is the smallest possible Windows (PE) executable?

As a precursor to writing a compiler I'm trying to understand the Windows (32-bit) Portable Executable format. In particular I'd like to see an example of a bare-bones executable which does nothing except load correctly, run and exit. I've tried…
Matthew Murdoch
  • 30,874
  • 30
  • 96
  • 127
34
votes
8 answers

Windows: Command line to read version info of an executable file?

Does Windows have an executable that I can run in the command shell which returns the version number of an executable (.exe) file? I see a lot of questions that show how to do it from different languages, and references to third party software to…
neves
  • 33,186
  • 27
  • 159
  • 192
32
votes
5 answers

Deterministic builds under Windows

The ultimate goal is comparing 2 binaries built from exact same source in exact same environment and being able to tell that they indeed are functionally equivalent. One application for this would be focusing QA time on things that were actually…
Eugene
  • 7,180
  • 1
  • 29
  • 36
28
votes
7 answers

How can I create an executable .exe PE file manually?

All texts on how to create a compiler stop after explaining lexers and parsers. They don't explain how to create the machine code. I want to understand the end-to-end process. Currently what I understand is that, the Windows exe file formats are…
AppleGrew
  • 9,302
  • 24
  • 80
  • 124
26
votes
2 answers

What's the difference between .rdata and .idata segments?

I noticed in IDA that the PE file which I analyze has not only the .rdata section but also .idata. What's the difference?
Adam Sznajder
  • 9,108
  • 4
  • 39
  • 60
24
votes
4 answers

Remove PDB references from released file

I use to take always a look at the final binary executable or DLL after debugging and creating a file with any IDE. Now I am trying Visual C++ 2010, in the search for the best release, without trash or unnecessary references. So, I created a new…
ali
  • 10,927
  • 20
  • 89
  • 138
22
votes
2 answers

Why should we set a timestamp when we do a codesigning?

If I set a timestamp with signing, what happens? What if I don't set? Is it essential? Why is it recommended?
Benjamin
  • 10,085
  • 19
  • 80
  • 130
21
votes
3 answers

Publish .NET Core App As Portable Executable

I have a simple .net core app and publish it by following command: dotnet publish -c Release -r win10-x64 SqlLocalDbStarter.csproj Exe
Soheil Alizadeh
  • 2,936
  • 11
  • 29
  • 56
21
votes
5 answers

How to check if an executable or DLL is build in Release or Debug mode (C++)

I need to find the mode EXE/DLL was build looking at its headers. (Using C++ only without any external tools) There is an old discussion on how to determine if DLL was built in Release or Debug…
ChatCloud
  • 1,152
  • 2
  • 8
  • 22
20
votes
1 answer

DotPeek PDB generation for assemblies without debug directory

I'm attempting to use JetBrains dotPeek 1.4 symbol server however I've encountered some 3rd party assemblies that fail, with dotPeek status of: Pdb has not been generated because assembly does not contain debug directory Using CFF Explorer I've…
Jason Morse
  • 6,204
  • 5
  • 29
  • 29
19
votes
2 answers

How to force GDB to disassemble code when it says "No function contains program counter for selected frame"?

How to force GDB to disassemble code when it says "No function contains program counter for selected frame"? Debugging a program, starting at the absolute address 0x00402200, I get the following output when trying to disassemble the code at this…
Shuzheng
  • 11,288
  • 20
  • 88
  • 186
19
votes
5 answers

Clarification on Binary file (PE/COFF & ELF) formats & terminology

I'm confusing little in terminology. A file that is given as input to the linker is called Object File. The linker produces an Image file, which in turn is used as input by the loader. I got this from "MS PE & COFF Specification" Q1. Image file is…
claws
  • 52,236
  • 58
  • 146
  • 195
18
votes
4 answers

How can I validate digital signatures for Microsoft's Portable Executable format in portable code?

I am looking for sample code (or libraries) that can help me validate digital signatures for Windows PE files (.exe, .dll, .cab, .etc) on non-Windows platforms using C++. I am looking for a platform-independent approach. Thanks!
Jamaal Smith
  • 193
  • 1
  • 6
1
2 3
70 71