StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
8822522
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-01-11T16:07:16.903
FavoriteCount
0
LastActivityDate
2012-01-11T16:07:16.903
LastEditDate
LastEditorUserId
0
OwnerUserId
1106523
ParentId
8782771
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
<p>You just do it the wrong way. I wrote some code for you, hope it helps.It can show the data of the last section of a PE file.</p> <pre><code>#include <stdio.h> #include <malloc.h> #include <windows.h> void ShowHexData(BYTE *ptr,DWORD len) { int index = 0; int i = 0; const int width = 16; while(index + width < len) { int i; for(i = 0; i < width; ++i) { printf(" %02X",ptr[index + i]); } printf(" \t"); for(i = 0; i < width; ++i) { if(ptr[index + i] >= 0x20 && ptr[index + i] <= 0x7F) { putchar(ptr[index + i]); }else{ putchar('.'); } } index += width; putchar('\n'); } for(i = 0; index + i < len; ++ i) { printf(" %02X",ptr[index + i]); } while(i < width) { printf(" "); i += 1; } printf(" \t"); for(i = 0; index + i < len; ++ i) { if(ptr[index + i] >= 0x20 && ptr[index + i] <= 0x7F) { putchar(ptr[index + i]); }else{ putchar('.'); } } putchar('\n'); } int main(int argc, char *argv[]) { if(argc != 2) { printf("Usage : %s filename\n",argv[0]); return -1; }else{ FILE *fp = fopen(argv[1],"rb"); IMAGE_DOS_HEADER DosHeader = {0}; IMAGE_FILE_HEADER FileHeader = {0}; IMAGE_SECTION_HEADER SectionHeader = {0}; DWORD Signature = 0; DWORD RawPointerToPeHeader = 0, SizeOfFile = 0; DWORD SectionCount = 0; DWORD ByteCount = 0; BYTE *pData = NULL; if(!fp) { perror(""); return -1; } fseek(fp,0,SEEK_END); SizeOfFile = ftell(fp); if(SizeOfFile < sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS)) goto not_pe_file; fseek(fp,0,SEEK_SET); fread(&DosHeader,1,sizeof DosHeader,fp); if(DosHeader.e_magic != 'M' + 'Z' * 256) goto not_pe_file; RawPointerToPeHeader = DosHeader.e_lfanew; if(SizeOfFile <= RawPointerToPeHeader + sizeof(IMAGE_NT_HEADERS)) goto not_pe_file; fseek(fp,RawPointerToPeHeader,SEEK_SET); fread(&Signature,1,sizeof(DWORD),fp); if(Signature != 'P' + 'E' * 256) goto not_pe_file; fread(&FileHeader,1,sizeof FileHeader,fp); if(FileHeader.SizeOfOptionalHeader != sizeof(IMAGE_OPTIONAL_HEADER)) goto not_pe_file; SectionCount = FileHeader.NumberOfSections; if(SectionCount == 0) { printf("No section for this file.\n"); fclose(fp); return -1; } if(SizeOfFile <= RawPointerToPeHeader + sizeof(IMAGE_NT_HEADERS) + SectionCount * sizeof(IMAGE_SECTION_HEADER)) goto not_pe_file; fseek(fp, RawPointerToPeHeader + sizeof(IMAGE_NT_HEADERS) + (SectionCount - 1) * sizeof(IMAGE_SECTION_HEADER), SEEK_SET); fread(&SectionHeader,1,sizeof SectionHeader,fp); ByteCount = SectionHeader.Misc.VirtualSize < SectionHeader.PointerToRawData ? SectionHeader.Misc.VirtualSize : SectionHeader.PointerToRawData; if(ByteCount == 0) { printf("No data to read for target section.\n"); fclose(fp); return -1; }else if(ByteCount + SectionHeader.PointerToRawData > SizeOfFile) { printf("Bad section data.\n"); fclose(fp); return -1; } fseek(fp,SectionHeader.PointerToRawData,SEEK_SET); pData = (BYTE*)malloc(ByteCount); fread(pData,1,ByteCount,fp); ShowHexData(pData,ByteCount); free(pData); fclose(fp); return 0; not_pe_file: printf("Not a PE file.\n"); fclose(fp); return -1; } return 0; } </code></pre> <p>In short, you do not know where the data is, until you analyze the data according to the file header.</p>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POLoading PE Headers
  singulars
  PostTypePostTypeId
  PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USfor1096
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.