comments powered byDisqus

MZ Header

DOS stub

00000000: 4d 5a 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |MZ..............|
00000010: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000030: 00 00 00 00 00 00 00 00  00 00 00 00 80 0f 00 00  |................|
00000040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200: e0 10 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000210: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000280: 00 10 00 00 00 10 00 00  00 02 00 00 00 02 00 00  |................|
00000290: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 a0  |................|
000002a0: 68 b8 10 40 00 ff 15 68  11 40 00 83 c4 04 90 6a  |h..@...h.@.....j|
000002b0: 00 ff 15 60 11 40 00 cc  20 2a 20 50 45 20 68 65  |...`.@.. * PE he|
000002c0: 61 64 65 72 20 6f 76 65  72 77 72 69 74 74 65 6e  |ader overwritten|
000002d0: 20 6f 6e 20 6c 6f 61 64  69 6e 67 0a 00 00 00 00  | on loading.....|
000002e0: 20 11 00 00 00 00 00 00  00 00 00 00 80 11 00 00  | ...............|
000002f0: 60 11 00 00 28 11 00 00  00 00 00 00 00 00 00 00  |`...(...........|
00000300: 8d 11 00 00 68 11 00 00  00 00 00 00 00 00 00 00  |....h...........|
00000310: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000320: 40 11 00 00 00 00 00 00  4e 11 00 00 00 00 00 00  |@.......N.......|
00000330: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000340: 00 00 45 78 69 74 50 72  6f 63 65 73 73 00 00 00  |..ExitProcess...|
00000350: 70 72 69 6e 74 66 00 00  00 00 00 00 00 00 00 00  |printf..........|
00000360: 40 11 00 00 00 00 00 00  4e 11 00 00 00 00 00 00  |@.......N.......|
00000370: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000380: 6b 65 72 6e 65 6c 33 32  2e 64 6c 6c 00 6d 73 76  |kernel32.dll.msv|
00000390: 63 72 74 2e 64 6c 6c 00  00 00 00 00 00 00 00 00  |crt.dll.........|
000003a0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000f80:

PE Header

Sections

Data Directory

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

[!] section with va=0x1000 overwrites PE header! trying to rebuild...

[?] can't find file_offset of VA 0x88660001