How to find DOS Header and PE Header with an entry point in Radare2?
Reverse Engineering Asked by Gavin Wong on September 30, 2021
I am currently doing byte extraction from PE files using Radare2. I know how to find the byte sequence for DOS Header and PE Header when there is no entry point and the start is defaulted to 0x0. But some of them have an entry point at 0x4#####.
I can retrieve the vaddr (virtual address), paddr (physical address), and haddr (e_entryAddressOfEntryPoint in the binary header) of a certain file with an entry point.
How do I use that to find the byte sequence for the DOS Header and PE Header?
One Answer
You can load the file as raw, using -n or -nn option and then you will have those structures available at 0x0.
r2 -n ./open-wsl.exe
It also contains some function to operate and print on those structures in a nicer form. Check the pf? group for more info.
Answered by Paweł Łukasik on September 30, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- Joshua Engel on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Peter Machado on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?