[Last Call] Learn how to a build a cloud-first strategyRegister Now


How to Remove "Headers" and "Footers" from Executable Files

Posted on 2011-10-23
Medium Priority
Last Modified: 2012-05-12
I am attempting to remove the header and the footer from an executable file so that I can compare one executable file to another, and I was wondering if there was a way in order to remove the information that Windows adds to compiled programs within Visual Studio or C++ (or any other Microsoft Programming language). I am have been told to use PEExplorer, but I was also wondering if there was any other w ay to remove the "time stamp" from inside of the executable along with any other information stored in the header that is set each time the application is compiled and does not have anything to do with the actual executable binary code that is compiled when the user builds a new project within Microsoft compilers.

If anyone could provide any suggestions to how to remove the header information and just have the "guts" of the executable that is being used would  be greatly appreciated.
Question by:thenthorn1010
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 668 total points
ID: 37015857
if you change anything within an executable you have to rebuild the checksum or the .exe will fail (invalid checksum), you also may damage the structure so that you have to adjust the entry points and other internal tables. Easier to decompile/disassemble and then recompile/remake the file.

The .exe follows a very strict sequence http://support.microsoft.com/kb/121460
LVL 35

Assisted Solution

sarabande earned 664 total points
ID: 37016879
you better compare the .obj (release configuration) files before linking. those are more likely to be comparable than an executable.

LVL 37

Accepted Solution

TommySzalapski earned 668 total points
ID: 37018808
It is my understanding that the checksum is only computed over the image, not the header. (.exe files are in the category of "image files" in the documentation, by the way). So if you change only the header, there shouldn't be any checksum errors.

There are no options to not include this header info in any compiler. This information is required for any file that is in the PE format (which all your DOS/Windows exe files will be).

The only option is to hack the required changes after you compile the exe files. Since you already have the format of the PE files and know where the pieces you want to manipulate are, you just need to write a program that changes those fields to what you want.

For a complete write-up of the format see http://msdn.microsoft.com/en-us/windows/hardware/gg463125

This is not the best way to do it though. The best way would be to have your program that compares the files just ignore the headers. If you don't currently have a program for comparing the exe files, you should write one. It will be pretty simple to just tell it to skip all the header bytes and only look at the image bytes.

Another snag you may run up against is that the order in which the linker links the different pieces together can change the actual image. I can see no way around this issue unless you have the individual .obj files to compare against (which I doubt).


Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
The SignAloud Glove is capable of translating American Sign Language signs into text and audio.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question