Prev: Combo Box special style
Next: Need to extract Non Exported functions of dll
From: glitteringsounds on 11 Feb 2010 06:05
Hello,

I need to look up the exact addresses where .text, .data and other
sections starts in the PE Image. What Image base address and how much
should be added to get the inner sections(i.e objects)
e.g .edata,.idata and all other.

What tracer or debugger would give the exact picture which I needed.

Regards
Muhammad Usman Khalil
From: [Jongware] on 11 Feb 2010 06:31
glitteringsounds wrote:
> I need to look up the exact addresses where .text, .data and other
> sections starts in the PE Image. What Image base address and how much
> should be added to get the inner sections(i.e objects)
> e.g .edata,.idata and all other.
>
> What tracer or debugger would give the exact picture which I needed.

That one free linux based debugger is thought the best no money can buy
(name?? I never used it).

But it's not necessary to "run" the program. Any decent disassembler
will show you the base load address of the image and the relative
offsets of the main sections. IDA Pro (paid) is one of these, but there
are loads and loads of "PE Info" programs that can show the relevant info.

Since the PE file format is extremely well documented, it's not even
that hard to just open the file, read in the EXE MZ header (to find out
if it *is* a PE file, and where its header is), read the PE Header
(finding ImageBase and number of sections), and read all of the section
headers (finding each one's relative offset).

Just last week, I wrote a disassembler for one specific program, which
happened to be a PE one. Took just a couple of hours.

[Jw]
From: Auric__ on 11 Feb 2010 09:34
On Thu, 11 Feb 2010 11:31:03 GMT, [Jongware] wrote:

> glitteringsounds wrote:
>> I need to look up the exact addresses where .text, .data and other
>> sections starts in the PE Image. What Image base address and how much
>> should be added to get the inner sections(i.e objects)
>> e.g .edata,.idata and all other.
>>
>> What tracer or debugger would give the exact picture which I needed.
>
> That one free linux based debugger is thought the best no money can buy
> (name?? I never used it).

gdb. You can get it for Windows from MinGW:
http://sf.net/projects/mingw/files/GNU%20Source-Level%20Debugger/

--
Pacman promotes consumption of undead.
 | 
Pages: 1
Prev: Combo Box special style
Next: Need to extract Non Exported functions of dll