How to read PE HEADER Information?

Question

2.00/5 (1 vote)

See more:

Back again with some complex questions!..

My objective: Is to identify Corrupted PE File Headers and to also be able to read into the code for malicious actions.

Thus far I have obtained a small program that identifies the information of the questioned *exe and display's something similar to this:

Magic 23117
Size of last page 144
number of pages 3
relocation 0
Size of header 4
PE Header offset 128

ect ect...

What is considered ok and what should be determined not normal?....

I have also ran into webpages on my look about and some are saying there are generic rules or modules that detect different families of viruses.
is it possible to get these rules or modules if you will?

http://computervirus.uw.hu/ch11lev1sec6.html#ch11list14[^]

This site is what im working on and any insight into this or how to complete steps 11.6.1 to 11.6.16 would help my issue 100%

Posted 31-Mar-12 21:57pm

Dale 2012

Add a Solution

Comments

Richard MacCutchan 1-Apr-12 7:26am

You are asking for someone to explain how to write a virus analyser; I think that is rather ambitious for a Q&A forum.

Dale 2012 1-Apr-12 15:22pm

I understand the complexities of the problem and only wish for someone to write a brief explanation or checklist for something to start from. anything right down to how to emulate a file system and how to open the file inside the virtual environment.

Richard MacCutchan 2-Apr-12 4:12am

You are asking for more than can be provided in a forum like this. Since you already have a link to the required documentation there is not really anything more that we can add. I would suggest one of two options: i) use Google to find further documentation to help you understand file systems, file formats etc. or ii) choose a project more in keeping with your knowledge and experience.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)