home products solutions news downloads order support about us
- Feature Tour
- PE Explorer
- PE Header Viewer
- Data Directories Viewer
- Section Header Editor
- File Repair
- DLL Export Viewer
- EXE Import Viewer
- Delay-Load Import Viewer
- Syntax Lookup
- Mangled Names Unmangling
- Digital Signature Viewer
- Resource Editor
- Resource Types Supported
- XP Manifest Wizard
- Win32 Disassembler
- Dependency Scanner
- UPX Unpacker
- Upack Unpacker
- Remove Debug Information
- View and Strip Relocations
- TimeDate Stamp Adjuster
- Back
- Resource Tuner
- Resource Tuner Console
- FlexHex
- Awicons PRO
- Icon Sets
- Related Links:
Tech Support- Buy Online
- Trial Downloads
- Product FAQ
HEADERS INFORMATION VIEWER
Viewing The File Headers (File Header and Optional Header) Information
The PE file header consists of an MS-DOS stub, the PE signature, the COFF File Header, and an Optional Header. PE Explorer shows the header information sources of PE files in a more convenient viewing format.
The file header tells on which machine the binary is supposed to run, how many sections are in it, the time it was linked, whether it is an executable or a DLL and
so on. (The difference between executable and DLL in this context is: a DLL can not be started but only be used by another binary, and a binary cannot link to an executable).
The optional header is optional in the sense that some files (specifically, object files) do not have it. For image files, this header is required. It tells us more about how the binary should be loaded: the starting address, the amount of stack to reserve, the size of the data segment etc. In addition, it is important to validate the Optional Header’s Magic number for PE32 format compatibility.
[Download
PE Explorer 3.2Mb] 
[Order
online] [Syntax
Lookup]
Entry Point Modification
The Entry Point value can be modified using automatic range checking. PE Explorer will notify you if the new value falls outside of the permissable range disabling the button.
Warning! Changing the Entry Point value may render the executable completely inoperable and unrepairable.
PE File Checksum
You can compare the real checksum to the value reported by the PE header. If necessary it is possible to update the value of the checksum in the header. Usually compilers do not fill this field, with the exception of NT-drivers. We recommend you use it in writing your own program to verify its own integrity at load time. It will allow you to be relatively sure in the integrity of the code and detect intentional, and even crafty modifications to a file.
The file checksum is computed at opening. It is used in Windows NT for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that ends up in the server are checked. The checksum is supposed to prevent loading of damaged binaries that would crash anyway (a crashing driver would result in a BSOD, so it is better not to load it at all). That is, a checksum is intended to detect simple memory failures leading to corruption (whether or not a block of memory on disk has gone bad and the values stored there have become corrupted).
Some Microsoft System DLLs also use the linker checksum to count how many instances of a particular file is loaded. When the limit is reached Windows NT will not under any circumstances load such marked files regardless of admin status etc. Usually no error is reported either just nothing happens after executing a program dependent on one of these libraries. Example is common control library with limit of 32 instances.
See also DLL Export Viewer: Review of the information on entry points, numbers, names and calling syntax of exported functions.
Take a look at PE Explorer Screen Shots.
Personal License ... US$129.00
Business License ... US$229.95
