|
- What are some nice command line ways to inspect DLL EXE details?
You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs) binwalk - search the specified file (s) for executable opcodes common to a variety of CPU architectures
- How to check if a binary is 32- or 64-bit on Windows?
Is there an easy way to check if a binary is 32- or 64-bit on Windows? I need to check before I move the program to a 32-bit machine and experience a spectacular failure
- Understanding disassembly information from Visual Studios dumpbin and . . .
dumpbin is using what is known as Intel (dis)assembly syntax By default, objdump, being a GNU utility is using what is known as AT T (dis)assembly syntax If you want objdump to display output in Intel syntax, add -Mintel to your objdump command line
- Batch disassembling DLL and EXE files? - Reverse Engineering Stack Exchange
If you have any version of Visual Studio or Visual Studio Build Tools installed, you have a powerful command line tool called dumpbin, which includes a disassembler option, available to you
- Dumpbin: Correlating thunk jumps in . reloc to disassembly
So i ran dumpbin RAWDATA:4 myDll dll and checked the dumpbin raw data dump and I think I understand So each contiguous series of bytes not separated by 0's (e g 2082, 2090, 20A2, 2074) represents imports from another DLL, and I would have to note the order of contiguous bytes to tell which specific DLL and import its' referring to? Last, in your example, the 2082 can be used to calculate
- windows - Obtain . exe . dll . sys for a given . pdb file - Reverse . . .
binaries are fetched from symsrv using thier timestamp and size which afaik is not present in pdb so you may have to grep the dumpbin output of similar named binaries in your local drives and hope for a match dumpbin headers c:\Windows\System32\calc exe | grep -i rsds 4CE7979D cv 21 00053C80 53080 Format: RSDS, {971D2945-E998- 438C-8476-43A9DB39C88E}, 2, calc pdb dbh srvind \calc pdb \calc
- How to find the correct GUID in DLL to match its Pdb
From this question: Is it possible to download program database (PDB) files of Microsoft Windows binaries without installing any software? and the answer from @chentiangemalc: You can also look for
- How to find start of . text section? - Reverse Engineering Stack Exchange
i made a random console application and loaded into IDA The start of text section shown is 00BA1000 Then i loaded the application into CFF explorer The address of entry point was 000110AA Is i
|
|
|