Menu
Is it possible to remove the DOS stub and the DOS header from a PE file??
348
The PE file must begin with an IMAGE_DOS_HEADER followed at some point by an IMAGE_NT_HEADERS struct that defines the modern PE fields.
The IMAGE_DOS_HEADER has two mandatory fields - e_magic must hold the value IMAGE_DOS_SIGNATURE (which looks like 'MZ' in ASCII) and e_lfanew must be the offset from the start of the file up to the start of the IMAGE_NT_HEADERS.
Apart from these two fields, the rest of the IMAGE_DOS_HEADER is optional for Windows past 16-bit Windows and can be zero, and the DOS stub is optional and can be omitted.
The minimal conformant PE file begins with an IMAGE_DOS_HEADER where e_magic is set to IMAGE_DOS_SIGNATURE and e_lfanew is set to sizeof(IMAGE_DOS_HEADER), followed immediately by the IMAGE_NT_HEADERS.
200
Removing the Dos Stub has nothing to do with the Dos header. Yes it is possible to remove the Dos Stub (since it is not used anymore). You can even reduce the size of the Dos header to its minimum (MZ + jump to the PE Header). But you cannot remove the Dos header completely. Otherwise, the Windows loader will refuse to start your image if MZ and the jump to the PE header are missing.
33
There's no easy way to remove it without breaking the file format.
But ehm, found this.
4
You can't reduce the size of the Dos header to its "minimum". Unfortunately the length field is the last field in IMAGE_DOS_HEADER. Thus it has a fixed size of 64 bytes.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
