(Working on Windows 8) I'm trying to get the size of section headers in an exe file (PE32 Format) with c. From what I read, the offset from this field is 60 so I tried reading from there.
This is the code I used:
unsigned char offset;
fseek(file, 60, SEEK_SET);
fread(&offset, sizeof(offset), 1, file);
printf("%hu", offset);
My Question is how can i get the size of the section headers? if its not on offset 60, how can i find this?
This should work:
void main()
{
FILE *file = fopen("your_exe_file.exe", "rb") ;
long peheaderoffset ;
// read the offset of the PE header which is located at offset 0x3c
fseek(file, 0x3c, SEEK_SET) ;
fread(&peheaderoffset, sizeof(long), 1, file) ;
char PEHeader[4] ; // PE header: contains normally 'P','E',0,0
fseek(file, peheaderoffset, SEEK_SET) ;
fread(&PEHeader, 4, 1, file) ;
short machine ;
short NumberofSections ;
fread(&machine, sizeof(short), 1, file) ; // read machine identifier
fread(&NumberofSections, sizeof(short), 1, file) ; // read Number of sections
printf ("PE Header = %s\n", PEHeader) ; // should always print "PE"
// we should check if PEHEeader actually
// contains "PE". If not it's not a PE file
printf ("machine = %x\n", machine) ; // 14c for Intel x86
printf ("Number of sections = %d\n", NumberofSections) ;
// skip to size of optional header
fseek(file, 12, SEEK_CUR) ;
short SizeOfOptionalHeader ;
fread (&SizeOfOptionalHeader, sizeof(short), 1, file) ;
printf ("Sizeof optional PE header = %d\n", SizeOfOptionalHeader) ;
short characteristics ;
fread (&characteristics, sizeof(short), 1, file) ;
printf ("Characteristics = %x\n", characteristics) ;
// now we are at the PE optional header
short signature ;
fread (&signature, sizeof(short), 1, file) ;
printf ("Signature of optioan PE Header = %d (should be 267)\n", signature) ;
// skip to image Base at offset 0x1c
// (the -2 is because we have already read the signature just above)
fseek(file, 0x1c - 2, SEEK_CUR) ;
long imageBase ;
fread (&imageBase, sizeof(long), 1, file) ;
printf ("Image base = %x\n", imageBase) ;
}