Hey guys, I'm learning about the PE file format by coding a pe dumper which dumps information about the internal structures of PE. I was reading a tutorial about the format and it explained that some structures are defined in windows.inc(guessing that comes from masm) and winnt.h(old article i guess). Anyways i was just wondering if such structures are defined in FASM includes. Though I believe that they are not as i've looked through them and could only find equates and macros. So in conclusion would that mean that I would have to define those structures myself. Just need some confirmation. Thanks in advance.

PE is complicated, you can take a look at the manual PE method -- except for sections which have complicated macros, everything else is easy to understand I hope. Hope it helps.

Thanks for the link. I've got the PE Specification and have been making notes, and writing structures out in an include file...i'm not looking to produce pe files, just simply dump information about them. With the specification PE doesn't look all too complicated, but i guess i shall see if that statement holds once i start coding.

By complicated I mean that it has a lot of redundant data or data that is in 2 places but points to the same thing or is dependent on other data etc.., Good luck.

Just copy the information into the PE headers and then dump all the information to file. It wont be hard for you to map the file and do this.

Yep this was what i was planning on doing...i've almost completed my PE include file containing the constants and structures.

I was just wondering what the difference between


and



From the fasm manual

Does that mean that if say variable 'example dd ?' isn't used throughout the program then it wouldn't be included in the final compiled executable.

dd ? is UNINITIALIZED data, it is not stored in the executable but put in memory when it is loaded (presumably with random data, so don't depend on initialization).

e.g: it's like allocating memory, only that the .exe loader does it for you. You can allocate as much as you want, but it won't take up much space in your executable (apart from the data used to tell it how much to allocate ).

if you do something like the following though, it WILL take up space.



you need to put uninitialized data at the end of a section for it to not take up space in the final exe.