Wipe DOS Stub - Remove DOS Header from PE

Post date: Mar 16, 2010 1:57:27 PM

Win32 files do not require a complete DOS header [ IMAGE_DOS_HEADER ]. Only two values are necessary for execution on a Win32 system:

1. e_magic which contains the string "MZ". We use the value in e_magic to check if the file has a valid DOS header by comparing it to the value IMAGE_DOS_SIGNATURE. If both values match, we can assume that the file has a valid DOS header.
2. e_lfanew which contains the file offset of the PE header. In order to go to the PE header, we must move the file pointer to the offset specified by the value in e_lfanew.

This program shows you code to reduce the DOS header to these two values.

{

Program: WipeDOSStub

Author: steve10120

Description: Wipe the DOS stub from a PE

Website: http://hackhound.org

}

Only Delphi source code is included in the archive.