Read PE file

Miniloserchamp · May 07, 2021, 08:58:38 PM

Hello, I've been stuck trying to get the value of e_Ifanew within an PE file so that I can get to the optional header. The problem is that when I try do

Code Select

mov ebx,[eax + 03Ch]ebx becomes 0x0? I've started to think the way I am going about this is completely wrong, any help would be appreciated! And also sorry if I explained this poorly. Thanks.

Code Select

include	\masm32\include\masm32rt.inc

.data
FileName db "C:\Users\64211\Desktop\test\worker.exe"

.code
start:
    mov eax, [offset FileName]
    mov ebx, [eax+03ch] ;e_Ifanew
    
    exit
end start

hutch-- · May 07, 2021, 09:07:05 PM

Hi champ, you normally use the structures to access parts of a PE header.

jj2007 · May 07, 2021, 09:15:27 PM

Welcome to the Forum

Code Select

include \masm32\MasmBasic\MasmBasic.inc
  Init
  Let esi=FileRead$("MyFavouriteGame.exe")
  Inkey Str$("The value is %i", [esi.IMAGE_DOS_HEADER.e_lfanew])
EndOfCode

Output: The value is 128

Miniloserchamp · May 07, 2021, 10:18:03 PM

Alright thanks, I'll give it another crack when my laptop charges

TouEnMasm · May 07, 2021, 10:25:41 PM

https://docs.microsoft.com/en-us/windows/win32/debug/pe-format

The MASM Forum

News:

Read PE file

Miniloserchamp

hutch--

jj2007

Miniloserchamp

TouEnMasm