# Understanding and Editing an .EXE



## BobbyGoks (Jun 10, 2009)

hi dudes.
i'm interested in understanding the *HEX code in an .exe file*.
i used *Hex Workshop* software.










i took a sample .exe, generated from Borland C. with just a printf statement.

i know little *assembly *and know there are *header, relocation table and code section* in any .exe.
but i dunno how to read it separately.

can u gimme the chart about *the address where these sections will be* present?
it'll be greatly appreciated if u give further details about understand the content in an .exe.

i googled for 2 days and can't find proper details. pls help


----------



## JohnWill (Oct 19, 2002)

Here's a bunch of information about EXE and COM formats: http://www.faqs.org/faqs/msdos-programmer-faq/part1/

I have a number of older programming books that go into considerable detail about the EXE file format, it seems most folks don't have much use for that information nowadays.


----------



## Elvandil (Aug 1, 2003)

Filalyzer is free but the best analytical tool you can probably find is HeavenTools PE-Explorer. But even with that, you'll find that most are compressed, and many methods are used to prevent decompiling and the theft of coding ideas. There are nevertheless many "unpackers" available on the net if you can determine the type of packing used. Some exe's can be extracted with UniExtract into simpler components.

Others are Mitec File Analyzer and PE Detective.


----------



## JohnWill (Oct 19, 2002)

Probably a better forum for this.


----------



## Lilian33 (Dec 13, 2008)

Everything is in MSDN
(and on Win32 group http://tinyurl.com/cmhb5g to display the PE details in C/Win32 api)


----------



## pvc_ (Feb 18, 2008)

Hex editors don't really show you the asm code. You have to use OLLYDBG to see the asm code and like Elvandil mentioned, you have to unpack some executables that are compressed or obfuscated by developers.


----------

