Hello, I've been stuck trying to get the value of e_Ifanew within an PE file so that I can get to the optional header. The problem is that when I try do mov ebx,[eax + 03Ch]ebx becomes 0x0? I've started to think the way I am going about this is completely wrong, any help would be appreciated! And also sorry if I explained this poorly. Thanks.
include \masm32\include\masm32rt.inc
.data
FileName db "C:\Users\64211\Desktop\test\worker.exe"
.code
start:
mov eax, [offset FileName]
mov ebx, [eax+03ch] ;e_Ifanew
exit
end start
Hi champ, you normally use the structures to access parts of a PE header.
Welcome to the Forum :thup:
include \masm32\MasmBasic\MasmBasic.inc
Init
Let esi=FileRead$("MyFavouriteGame.exe")
Inkey Str$("The value is %i", [esi.IMAGE_DOS_HEADER.e_lfanew])
EndOfCode
Output: The value is 128
Alright thanks, I'll give it another crack when my laptop charges
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format (https://docs.microsoft.com/en-us/windows/win32/debug/pe-format)