Remove DOS stub from a PE file
Question
是否可以从PE文件中删除DOS存根和DOS标头?
4 answers
solution1
13 2012-03-11 22:31:12
The PE file must begin with an IMAGE_DOS_HEADER followed at some point by an IMAGE_NT_HEADERS struct that defines the modern PE fields.
The IMAGE_DOS_HEADER has two mandatory fields - e_magic must hold the value IMAGE_DOS_SIGNATURE (which looks like 'MZ' in ASCII) and e_lfanew must be the offset from the start of the file up to the start of the IMAGE_NT_HEADERS.
Apart from these two fields, the rest of the IMAGE_DOS_HEADER is optional for Windows past 16-bit Windows and can be zero, and the DOS stub is optional and can be omitted.
The minimal conformant PE file begins with an IMAGE_DOS_HEADER where e_magic is set to IMAGE_DOS_SIGNATURE and e_lfanew is set to sizeof(IMAGE_DOS_HEADER), followed immediately by the IMAGE_NT_HEADERS.
solution2
7 2012-03-11 20:21:13
Removing the Dos Stub has nothing to do with the Dos header. Yes it is possible to remove the Dos Stub (since it is not used anymore). You can even reduce the size of the Dos header to its minimum (MZ + jump to the PE Header). But you cannot remove the Dos header completely. Otherwise, the Windows loader will refuse to start your image if MZ and the jump to the PE header are missing.
solution3
4 ACCPTED 2012-03-11 13:40:00
There's no easy way to remove it without breaking the file format.
But ehm, found this .
solution4
0 2016-05-31 16:32:25
You can't reduce the size of the Dos header to its "minimum". Unfortunately the length field is the last field in IMAGE_DOS_HEADER. Thus it has a fixed size of 64 bytes.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.