API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 26th, 2019
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.81 KB | None | 0 0
raw download clone embed print report
  1. // PE
  2. // All tree nodes below use the hex editor to modify the PE file
  3. //
  4. // 00000000 - 0000003F DOS Header
  5. //
  6. // IMAGE_DOS_HEADER:
  7. // 00000000 - 00000001 5A4D = e_magic
  8. // 00000002 - 00000003 0090 = e_cblp
  9. // 00000004 - 00000005 0003 = e_cp
  10. // 00000006 - 00000007 0000 = e_crlc
  11. // 00000008 - 00000009 0004 = e_cparhdr
  12. // 0000000A - 0000000B 0000 = e_minalloc
  13. // 0000000C - 0000000D FFFF = e_maxalloc
  14. // 0000000E - 0000000F 0000 = e_ss
  15. // 00000010 - 00000011 00B8 = e_sp
  16. // 00000012 - 00000013 0000 = e_csum
  17. // 00000014 - 00000015 0000 = e_ip
  18. // 00000016 - 00000017 0000 = e_cs
  19. // 00000018 - 00000019 0040 = e_lfarlc
  20. // 0000001A - 0000001B 0000 = e_ovno
  21. // 0000001C - 0000001D 0000 = e_res[0]
  22. // 0000001E - 0000001F 0000 = e_res[1]
  23. // 00000020 - 00000021 0000 = e_res[2]
  24. // 00000022 - 00000023 0000 = e_res[3]
  25. // 00000024 - 00000025 0000 = e_oemid
  26. // 00000026 - 00000027 0000 = e_oeminfo
  27. // 00000028 - 00000029 0000 = e_res2[0]
  28. // 0000002A - 0000002B 0000 = e_res2[1]
  29. // 0000002C - 0000002D 0000 = e_res2[2]
  30. // 0000002E - 0000002F 0000 = e_res2[3]
  31. // 00000030 - 00000031 0000 = e_res2[4]
  32. // 00000032 - 00000033 0000 = e_res2[5]
  33. // 00000034 - 00000035 0000 = e_res2[6]
  34. // 00000036 - 00000037 0000 = e_res2[7]
  35. // 00000038 - 00000039 0000 = e_res2[8]
  36. // 0000003A - 0000003B 0000 = e_res2[9]
  37. // 0000003C - 0000003F 00000108 = e_lfanew
  38. //
  39. // 0000010C - 0000011F File Header
  40. //
  41. // IMAGE_FILE_HEADER:
  42. // 0000010C - 0000010D 014C = Machine
  43. // 0000010E - 0000010F 0005 = NumberOfSections
  44. // 00000110 - 00000113 5D13BA95 = TimeDateStamp
  45. // 00000114 - 00000117 00000000 = PointerToSymbolTable
  46. // 00000118 - 0000011B 00000000 = NumberOfSymbols
  47. // 0000011C - 0000011D 00E0 = SizeOfOptionalHeader
  48. // 0000011E - 0000011F 2102 = Characteristics
  49. //
  50. // 00000120 - 000001FF Optional Header (32-bit)
  51. //
  52. // IMAGE_OPTIONAL_HEADER32:
  53. // 00000120 - 00000121 010B = Magic
  54. // 00000122 - 00000122 0E = MajorLinkerVersion
  55. // 00000123 - 00000123 15 = MinorLinkerVersion
  56. // 00000124 - 00000127 0006E200 = SizeOfCode
  57. // 00000128 - 0000012B 00029000 = SizeOfInitializedData
  58. // 0000012C - 0000012F 00000000 = SizeOfUninitializedData
  59. // 00000130 - 00000133 0003F36F = AddressOfEntryPoint
  60. // 00000134 - 00000137 00001000 = BaseOfCode
  61. // 00000138 - 0000013B 00070000 = BaseOfData
  62. // 0000013C - 0000013F 10000000 = ImageBase
  63. // 00000140 - 00000143 00001000 = SectionAlignment
  64. // 00000144 - 00000147 00000200 = FileAlignment
  65. // 00000148 - 00000149 0006 = MajorOperatingSystemVersion
  66. // 0000014A - 0000014B 0000 = MinorOperatingSystemVersion
  67. // 0000014C - 0000014D 0000 = MajorImageVersion
  68. // 0000014E - 0000014F 0000 = MinorImageVersion
  69. // 00000150 - 00000151 0006 = MajorSubsystemVersion
  70. // 00000152 - 00000153 0000 = MinorSubsystemVersion
  71. // 00000154 - 00000157 00000000 = Win32VersionValue
  72. // 00000158 - 0000015B 0009B000 = SizeOfImage
  73. // 0000015C - 0000015F 00000400 = SizeOfHeaders
  74. // 00000160 - 00000163 00000000 = CheckSum
  75. // 00000164 - 00000165 0003 = Subsystem
  76. // 00000166 - 00000167 0140 = DllCharacteristics
  77. // 00000168 - 0000016B 00100000 = SizeOfStackReserve
  78. // 0000016C - 0000016F 00001000 = SizeOfStackCommit
  79. // 00000170 - 00000173 00100000 = SizeOfHeapReserve
  80. // 00000174 - 00000177 00001000 = SizeOfHeapCommit
  81. // 00000178 - 0000017B 00000000 = LoaderFlags
  82. // 0000017C - 0000017F 00000010 = NumberOfRvaAndSizes
  83. // 00000180 - 00000183 00000000 = Export.VirtualAddress
  84. // 00000184 - 00000187 00000000 = Export.Size
  85. // 00000188 - 0000018B 0008FE60 = Import.VirtualAddress
  86. // 0000018C - 0000018F 00000078 = Import.Size
  87. // 00000190 - 00000193 00094000 = Resource.VirtualAddress
  88. // 00000194 - 00000197 000001E0 = Resource.Size
  89. // 00000198 - 0000019B 00000000 = Exception.VirtualAddress
  90. // 0000019C - 0000019F 00000000 = Exception.Size
  91. // 000001A0 - 000001A3 00000000 = Security.VirtualAddress
  92. // 000001A4 - 000001A7 00000000 = Security.Size
  93. // 000001A8 - 000001AB 00095000 = Base Reloc.VirtualAddress
  94. // 000001AC - 000001AF 0000572C = Base Reloc.Size
  95. // 000001B0 - 000001B3 0008D0C0 = Debug.VirtualAddress
  96. // 000001B4 - 000001B7 00000070 = Debug.Size
  97. // 000001B8 - 000001BB 00000000 = Architecture.VirtualAddress
  98. // 000001BC - 000001BF 00000000 = Architecture.Size
  99. // 000001C0 - 000001C3 00000000 = Global Ptr.VirtualAddress
  100. // 000001C4 - 000001C7 00000000 = Global Ptr.Size
  101. // 000001C8 - 000001CB 0008D1D4 = TLS.VirtualAddress
  102. // 000001CC - 000001CF 00000018 = TLS.Size
  103. // 000001D0 - 000001D3 0008D130 = Load Config.VirtualAddress
  104. // 000001D4 - 000001D7 00000040 = Load Config.Size
  105. // 000001D8 - 000001DB 00000000 = Bound Import.VirtualAddress
  106. // 000001DC - 000001DF 00000000 = Bound Import.Size
  107. // 000001E0 - 000001E3 00070000 = IAT.VirtualAddress
  108. // 000001E4 - 000001E7 0000029C = IAT.Size
  109. // 000001E8 - 000001EB 00000000 = Delay Import.VirtualAddress
  110. // 000001EC - 000001EF 00000000 = Delay Import.Size
  111. // 000001F0 - 000001F3 00000000 = .NET.VirtualAddress
  112. // 000001F4 - 000001F7 00000000 = .NET.Size
  113. // 000001F8 - 000001FB 00000000 = Reserved15.VirtualAddress
  114. // 000001FC - 000001FF 00000000 = Reserved15.Size
  115. //
  116. // 00000200 - 00000227 Section #0: .text
  117. //
  118. // IMAGE_SECTION_HEADER:
  119. // 00000200 - 00000207 .text = Name
  120. // 00000208 - 0000020B 0006E083 = VirtualSize
  121. // 0000020C - 0000020F 00001000 = VirtualAddress
  122. // 00000210 - 00000213 0006E200 = SizeOfRawData
  123. // 00000214 - 00000217 00000400 = PointerToRawData
  124. // 00000218 - 0000021B 00000000 = PointerToRelocations
  125. // 0000021C - 0000021F 00000000 = PointerToLinenumbers
  126. // 00000220 - 00000221 0000 = NumberOfRelocations
  127. // 00000222 - 00000223 0000 = NumberOfLinenumbers
  128. // 00000224 - 00000227 60000020 = Characteristics
  129. //
  130. // 00000228 - 0000024F Section #1: .rdata
  131. //
  132. // IMAGE_SECTION_HEADER:
  133. // 00000228 - 0000022F .rdata = Name
  134. // 00000230 - 00000233 00020D30 = VirtualSize
  135. // 00000234 - 00000237 00070000 = VirtualAddress
  136. // 00000238 - 0000023B 00020E00 = SizeOfRawData
  137. // 0000023C - 0000023F 0006E600 = PointerToRawData
  138. // 00000240 - 00000243 00000000 = PointerToRelocations
  139. // 00000244 - 00000247 00000000 = PointerToLinenumbers
  140. // 00000248 - 00000249 0000 = NumberOfRelocations
  141. // 0000024A - 0000024B 0000 = NumberOfLinenumbers
  142. // 0000024C - 0000024F 40000040 = Characteristics
  143. //
  144. // 00000250 - 00000277 Section #2: .data
  145. //
  146. // IMAGE_SECTION_HEADER:
  147. // 00000250 - 00000257 .data = Name
  148. // 00000258 - 0000025B 0000268C = VirtualSize
  149. // 0000025C - 0000025F 00091000 = VirtualAddress
  150. // 00000260 - 00000263 00001400 = SizeOfRawData
  151. // 00000264 - 00000267 0008F400 = PointerToRawData
  152. // 00000268 - 0000026B 00000000 = PointerToRelocations
  153. // 0000026C - 0000026F 00000000 = PointerToLinenumbers
  154. // 00000270 - 00000271 0000 = NumberOfRelocations
  155. // 00000272 - 00000273 0000 = NumberOfLinenumbers
  156. // 00000274 - 00000277 C0000040 = Characteristics
  157. //
  158. // 00000278 - 0000029F Section #3: .rsrc
  159. //
  160. // IMAGE_SECTION_HEADER:
  161. // 00000278 - 0000027F .rsrc = Name
  162. // 00000280 - 00000283 000001E0 = VirtualSize
  163. // 00000284 - 00000287 00094000 = VirtualAddress
  164. // 00000288 - 0000028B 00000200 = SizeOfRawData
  165. // 0000028C - 0000028F 00090800 = PointerToRawData
  166. // 00000290 - 00000293 00000000 = PointerToRelocations
  167. // 00000294 - 00000297 00000000 = PointerToLinenumbers
  168. // 00000298 - 00000299 0000 = NumberOfRelocations
  169. // 0000029A - 0000029B 0000 = NumberOfLinenumbers
  170. // 0000029C - 0000029F 40000040 = Characteristics
  171. //
  172. // 000002A0 - 000002C7 Section #4: .reloc
  173. //
  174. // IMAGE_SECTION_HEADER:
  175. // 000002A0 - 000002A7 .reloc = Name
  176. // 000002A8 - 000002AB 0000572C = VirtualSize
  177. // 000002AC - 000002AF 00095000 = VirtualAddress
  178. // 000002B0 - 000002B3 00005800 = SizeOfRawData
  179. // 000002B4 - 000002B7 00090A00 = PointerToRawData
  180. // 000002B8 - 000002BB 00000000 = PointerToRelocations
  181. // 000002BC - 000002BF 00000000 = PointerToLinenumbers
  182. // 000002C0 - 000002C1 0000 = NumberOfRelocations
  183. // 000002C2 - 000002C3 0000 = NumberOfLinenumbers
  184. // 000002C4 - 000002C7 42000040 = Characteristics
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!