Talk:X86 Disassembly/Windows Executable Files

This page has some good coverage so far, but i dont think we can give it a higher completion percentage until we get good coverage of the Import/Export tables, and at least some discussion about resources. --Whiteknight 14:45, 20 September 2005 (UTC)

Found some errors in the structs. Here are the corrections that work for me: struct DOS_Header {    char signature[2]; short lastsize; short nblocks; short nreloc; short hdrsize; short minalloc; short maxalloc; void *sp; short checksum; void *ip; short relocpos; short noverlay; char extra[28]; DWORD relocs; }; struct COFFHeader {   char dwSIG[4]; short Machine; short NumberOfSections; long TimeDateStamp; //  long a, b, c; //   short d;    long a;    long PointerToSymbolTable; short SizeOfOptionalHeader; short Characteristics; }; struct PEOptHeader {   short signature; //decimal number 267. char MajorLinkerVersion; char MinorLinkerVersion; long SizeOfCode; long SizeOfInitializedData; long SizeOfUninitializedData; long AddressOfEntryPoint; //The RVA of the code entry point long BaseOfCode; long BaseOfData; long ImageBase; long SectionAlignment; long FileAlignment; short MajorOSVersion; short MinorOSVersion; short MajorImageVersion; short MinorImageVersion; short MajorSubsystemVersion; short MinorSubsystemVersion; long Reserved; long SizeOfImage; long SizeOfHeaders; long Checksum; short Subsystem; short DLLCharacteristics; long SizeOfStackReserve; long SizeOfStackCommit; long SizeOfHeapReserve; long SizeOfHeapCommit; long LoaderFlags; long NumberOfRvaAndSizes; }; struct RVA { 	long VirtualAddress; long Size; }; --84.182.207.19 21:56, 14 October 2005 (UTC)

That really should not be using "long". For many of us, "long" can be 64-bit and a "WORD" is 32-bit. You can use the proper types from inttypes.h or, since Windows 3.1 and Xenix are dead, you can assume that an int is 32-bit. AlbertCahalan 02:00, 15 October 2005 (UTC)

I'm aware that certain types are platform dependent, but why has no one bothered correcting the actual page? It would be great if it was accurate; I was unable to find a lot of information on this topic elsewhere. --84.182.240.46 08:27, 15 October 2005 (UTC)

This should also explain how to convert RVAs to file offsets. I'm trying to create a program that extracts resources from an EXE file. I've managed to find the ".rsrc" section of the EXE file, and parsed the directory structure. However the IMAGE_RESOURCE_DATA_ENTRY structure is giving me problems, as the "long *Data;" entry in this structure is given as RVA (an offset in virtual memory, relative to the start of the program's virtual memory space, once the EXE file is already running and loaded in memory), and NOT as an offset in the EXE file itself, nor as an offset relative to the start of the ".rsrc" section. How do I convert RVA to file-offset, so I can extract the resources from the EXE file, without running the EXE file? 76.104.147.215 (discuss) 06:14, 16 December 2014 (UTC)