Wipe DOS Stub - Remove DOS Header from PE

posted 16 Mar 2010, 06:57 by Delphi Basics
Win32 files do not require a complete DOS header [ IMAGE_DOS_HEADER ]. Only two values are necessary for execution on a Win32 system:
  1. e_magic which contains the string "MZ". We use the value in e_magic to check if the file has a valid DOS header by comparing it to the value IMAGE_DOS_SIGNATURE. If both values match, we can assume that the file has a valid DOS header.
  2. e_lfanew which contains the file offset of the PE header. In order to go to the PE header, we must move the file pointer to the offset specified by the value in e_lfanew.
This program shows you code to reduce the DOS header to these two values.

  Program: WipeDOSStub
  Author: steve10120
  Description: Wipe the DOS stub from a PE
  Website: http://hackhound.org

Only Delphi source code is included in the archive.
Delphi Basics,
16 Mar 2010, 07:07