Tag: executable

Forensics, Malware Analysis, Microsoft Windows, Windows Internals

Dump PE file in C

The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files,[1] and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. – Wikipedia Other …


Extract executable assembly/version information

Methods we are going to use: GetFileVersionInfo Retrieves version information for the specified file. GetFileVersionInfoSize Determines whether the operating system can retrieve version information for a specified file. If version information is available, GetFileVersionInfoSize returns the size, in bytes, of that information. VerQueryValue Retrieves specified version information from the specified version-information resource. To retrieve the …