Re: filever.exe sub?

Fri, 01 Feb 2019 18:25:24 -0800 

On 2/1/19 4:26 PM, ToddAndMargo via perl6-users wrote:

On 2/1/19 10:02 AM, Timo Paulssen wrote:

On 01/02/2019 01:33, Bruce Gray wrote:

To call those Windows APIs in Perl 6, you would use NativeCall.



Don't forget that Todd wanted to use this on non-windows with not-wine.
NativeCall on linux won't run windows code all by itself.

That said, wine is still a good source for info on how windows things
work internally (though of course they only reverse-engineered how
windows things work, so there's often still differences in the exact
behaviour).

Here's their implementation of the version info code:
https://source.winehq.org/git/wine.git/blob/908903b7f105c62061d62959fd8d8c866095dcdc:/dlls/version/info.c 

and the corresponding header file (i think?)
https://source.winehq.org/git/wine.git/blob/c84b7d33dd18651057a80f609e11f809cc7f4bd0:/include/winver.h 


Normally I'd just say "good luck and have fun!", but that whole file is
very big and doesn't seem very self-explanatory at all.

I don't have time right now to go through it, but if you want to give
understanding it a try, here's a link to wine's "cross-referenced source
browser" thingie where most keywords are clickable so you can directly
find other header files, or where and how symbols/types that are used in
the code are defined:

https://source.winehq.org/source/dlls/version/version.c

Sorry for not giving a super simple solution. Perhaps there's something
on the net for "PE metadata parser" or "PE file parser" or whatever.

Hope that gets you closer to your goal!
   - Timo




I am hopeless when it comes to C.

I am still trying to figure out where the information is
located in the exe





Figured out one of my problems.  Oe of the test exe I was
using did not have a revision.

If it has a revision, it will have the following:
001500E0 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 6.....F.i.l.e.V.
001500F0 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 e.r.s.i.o.n.....
00150100 37 00 2E 00 30 00 2E 00 38 00 30 00 30 00 2E 00 7...0...8.0.0...
00150110 31 00 35 00 00 00 00 00 3A 00 0D 00 01 00 46 00 1.5.....:.....F. 
00





The revision is 7.0.800.15

Question: What is the best way to test for a series of bytes
is a Buf?  I want to find

46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00  6F 00 6E

Reply via email to