windowsexereverse-engineeringportable-executableintegrity

Is there integrity check in PE files?


I am trying to edit some portable executable file with text editor. In the top of the file a backward compatibility string is supposed to display messages on DOS systems.

This program cannot be run in DOS mode.(click the link to see screenshot)

I first tried to edit this string by replacing a char (not removing or adding : just replacing to not change the file size). Then when I try to execute the file windows return an error saying I can't run this app on my computer.

I also tried to edit the padding at the very end of the file and the error is the same.

I suppose an integrity check is performed. Did someone already read about this? If you did, do you know if/where the file hash is stored in it?


Solution

  • A text editor is not appropriate for editing binary files. Use a hex editor instead.