none
What points to VS _VERSION_INFO? RRS feed

  • Question

  • Hi All,

    I am writing a program in Linux to extract an .EXE's file's version.  In a Windows EXE file, what points to the header

    VS _VERSION_INFO

    I am able to find this header with a brute force search, but I really want to know the pointers so as to speed things up.

    Many thanks,
    -T

    Thursday, February 28, 2019 12:52 PM

All replies

  • Hi All,

    I am writing a program in Linux to extract an .EXE's file's version.  In a Windows EXE file, what points to the header

    VS _VERSION_INFO

    I am able to find this header with a brute force search, but I really want to know the pointers so as to speed things up.

    Many thanks,
    -T

    You are asking about a version resource that is in the resource section of the Windows executable.  For an understanding of the Portable Executable (PE) format used by Windows see https://docs.microsoft.com/en-us/windows/win32/debug/pe-format

    Basically, you can use the information in the format document to quickly find the resource (.rsrc) section that contains all of the resources (including the version resource) that are embedded in the executable.

    Monday, September 30, 2019 5:33 PM
  • Thank you for the response.  Unfortunately I can not find what points to the .rsrc section.  Where did you find it?
    Monday, September 30, 2019 9:24 PM
  • You have to parse the information in the structures described in the PE format documentation.
    Monday, September 30, 2019 9:31 PM
  • You have to parse the information in the structures described in the PE format documentation.

    Sorry.  That is not helpful.  I am unable to locate it.  Where in that document did you find the pointer to the .rsrc section?

    Monday, September 30, 2019 9:40 PM
  • You have to parse the information in the structures described in the PE format documentation.

    Sorry.  That is not helpful.  I am unable to locate it.  Where in that document did you find the pointer to the .rsrc section?

    As an example, see the code in PE format section table.  It should be a good starting point for you.

    Tuesday, October 1, 2019 12:15 AM
  • Hi RLWA32,

    I can barely read C.  I write in Perl 6.

    The value I can find is 0x3C.  In the example you sent me, where is "0x3C " called out?

    "Offset at 0x3C of stub + Size of PE signature + Size of COFF HEADER + SizeOfOptionalHeader"

    Where is the address of the "Size of PE signature"?
    Where is the address of the "Size of COFF HEADER"?
    Where is the address of the "SizeOfOptionalHeader"?

    Here is a better "C" example.
       https://wiki.tcl-lang.org/page/Reading+version+information+from+Win32+executables
    But since I am severely lacking in "C", I can't understand most of it.

    -T

    Tuesday, October 1, 2019 1:28 AM