Sorry if this is in the wrong forum, but this is my first post here, so I am not quite so accustomed yet. I am interested in (just to see if I can) making windows programs in pure hexadecimal. However, all of the PE resources I have found have been severely incomplete. I have not found one which contains any sorts of information on how the .res file is changed when placed in the .exe file. I know that the .ico files change a little bit from the format in .ico files and the format of what the bytes are like once those bytes are in the .exe file itself. I also have information on the 32-bit .res file format, however I am fairly certain that the .res file is not copied byte-for-byte into the executable at some point, but that the in-exe format is slightly different.

Another thing I would like to know is the format of all of the VS_VERSION_INFO stuff such as CompanyName, FileDescription, FileVersion, etc... in the .exe file itself and where that goes.

I would also like to know where the icon goes that ends up becoming the icon which Windows displays for that program. (I'm thinking all of this would be answered if someone answered the resources question, actually)

I know roughly that the header information is at the very top of the file, with an MZ DOS exe header stub preceeding the PE header, and that the dlls used are near the top of the file, and the VS_VERSION_INFO is near the bottom of the file, but knowing "roughly" won't help anyone do anything.

I have tried using a PE exe tutorial I found somewhere, and I followed the instructions of how to make the PE exe in hex, but the resulting executable was so bad that WindowsXP said it was not a valid executable and then terminated the application. Obviously that tutorial was lacking some quite significant things---and it just zeroed out everything which the author didn't know about (apparantly something very important in there zeroed out too, that shouldn't be)

I am a fiddler and I like making things with using only a hex editor, and it puggles me when I cannot make windows executables in pure hex. DOS .com files are nice because they are the raw machine code in hex, and the DOS MZ exe file format is documented well enough that that is not a problem making DOS MZ exe files in hex either.

If anyone here has any experience in writing his/her own programs in pure, raw hexadecimal, please do fill me in on where I am weak here. A working tutorial on step-by-step creation of a windows PE program from hex would work nicely! (along with explanations of which each byte is/does/etc...and why it is there)

I have browsed around these forums for a few days now and they seem to be pretty darn good forums.

BTW, feel free to post the answers in hex, assembly, C, C++, Pascal, whatever as it doesn't really matter to me as long as I get the information.

PS, I must apologize for not producing very much in the form of programs because I have mainly just been trying to look at and read the sheer incredibly large mass volumes of Win32 API functions for quite a while now, and I am not that comfortable with it yet. I always like to know things in as low of a level as possible, so having a tutorial on making a PE file from pure hex would certainly be ideal, but proper documentation on the file format is also appreciated.

I feel right at home with DOS, and when windows takes away that sort of raw power from the programmer, I want to somehow get it back. That's when I looked into Windows assembly language. Much to my disappointment, however, instead of finding the raw assembly language coding like I was expecting, I find a majority of code using higher-level constructs, not all of which are familiar to me, and which all seem to be a certain-assembler specific and don't work on any other assemblers. Also, it disappointed me greatly to see that I would still have to create .def and .rc files and have the resource compiler compile the .rc files and the linker take the .def and .res files along with the .obj files generated from the assembler in order to make executables. To me, this is a level of abstraction at which I don't want to be. I wish to know how to code the .def and .res files AS they would actually appear in the real generated PE file, and how to manually place them in there, instead of having this information masked from me (and hence becoming dependent on someone else's tools).

As I've said before, I don't produce all that much code myself (and what I do produce I take my time at it), and I'll probably not be able to answer too many questions from others or help out too much until I am myself confident in my own abilities to do this. Right now, you may think of me as a student, a pupil, a deciple, waiting to be taught how things really work (rather than the spoonfed higher-level things which are cluttering up everywhere else) because I want to be certain that my programs are the very absolute best that they can possibly be and that I have complete and ultimate control over the exact contents in my programs I make (which, right now, I don't as I still have to rely on resource compilers and linkers to make windows PE executables).

I apologize if this is posted in the wrong section, but I don't see a section on these forums for hex coding, so general asm coding seemed a "best fit" to me.
Posted on 2003-11-16 15:27:45 by ShortCoder

Go to Tutorial at top of page then go to PE tutorials.
Posted on 2003-11-16 15:38:42 by mrgone
You should also check the downloads section,
there is a zipfile about the PE file format.
Posted on 2003-11-16 17:34:38 by Jurgen

I was just going to suggest that you check out the flat assembler (fasm) but I remembered you want to write your code with a hex editor. :grin: Anyway if you don't mind using an assembler I think you'll like fasm. It's a pure low level assembler without built in high level control structures. You can also build PE files from the source. You can manually contruct your PE files with it. If you want to check it out at About the PE documentation, I found a detailed document some time ago but I can't remember where. I think it was probably on the microsoft website though. Happy coding :grin:
Posted on 2003-11-16 17:36:48 by Odyssey This document states that WINNT.H is the final word on what PE files look like.

You may want to look at fasm. Two of the output formats it provides is PE's and raw binaries.

Fasm understands what PE sections are, but not how to fill them. That's not a problem as: The data section contains your data, byte for byte. The code section contains your assembled code, byte for byte. The resource and import sections are the same way, but there are macros that you can use to do all of the dirty work.

Another reason to use fasm is that the source code is available.

You can download fasm at

The macros for imports and resources are only in the Win32 GUI distribution; but they can be used with any flavor of fasm, including linux, to create Win32 PE's.

I don't think it matters what order the sections are in, since the PE header provides information on the various section within the file.
Posted on 2003-11-16 17:41:12 by eet_1024
Resources in PE format are poorly documentated. The best is probably to look at fasm's marco for resources or ewayne's code.

By the way, is your code aligned? Is your section aligned? Is your baseofcode correct? Is your Sizeofimage correct? So many things to check if you are coding in hex. I would definitely rather use an assembler than using a hex editior.

There is an document by m$ entitled pecoff that might be of use to you.
Posted on 2003-11-16 17:51:13 by roticv
hehe, i think pe.txt can help you. you can get it here
Posted on 2003-11-16 18:45:12 by benny
This should be the definite reference
If it is not "extremely detailed", then I don't know what else could be. :)
Posted on 2003-11-17 02:58:04 by Starless
Thank you to everyone who replied and tried to help.:)

Actually, I do believe that Luevelsmeyer's tutorial on it (which was the one listed in the tutorials page in more complete detail and again in the PE.txt file submitted later) is what I had already tried. Except, before, I didn't have the real .exe file generated from it, so I had manually entered each hex byte into a hex editor and generated the executable that way, but, when I ran it, WindowsXP gave me the message that it was not a valid executable file and abruptly terminated the application. Well, apparently, I didn't mess up in my typing/entering of the hex data either, because included with the tutorial was more than simply that one file, but, among other things, the executable which would have been generated from those hex bytes. Well, when I ran that one, I got the message that it was not a vlid executable file, and then WindowsXP abruptly terminated the app.;) This led me to believe that that information given, though easy enough to follow, must not have been very good if the resulting executable made using that information didn't even work on WindowsXP (because it says at the bottom that it does work on NT, and XP is a version of NT). I even ran it under emulation mode for Windows2000 and for WindowsNT4.0 Service Pack 5, but I still got the same message that it was not a valid executable file, and then it abruptly terminated execution.

Assuming his information is mostly correct, however, then there are a number of reasons I can think of for his example program actually not being a valid PE exe file. One is that the MZ header has to actually be a legit MS-DOS executable. Two is that the particular byte alignment values he chose for that program are not legit values under anything other than whatever special version of WindowsNT he tried it under. Three is that he is missing some sort of critical information in there somewhere.

I will look at the guide supplied from Microsoft as well, although I somehow doubt it will be extremely helpful because I find their documentation is usually very incomplete with horridly incorrect information in it at points, but maybe this will be different.

About flat assembler, yes, I think that looks highly promising and I will look into it. So far, I like what I see.

I even downloaded the source code to the mingw binutils (which includes a linker), and was going to look at the code in the linker for clues, but there were just so many source files there just for the linker alone, I didn't know where to start, and, plus, most of them were written in yacc, which is very hard for me to read.

Flat assembler is looking very promising, as it seems to be a valid assembler for DOS MZ executables, Windows PE executables, and Linux ELF executables. Plus, the source is included, AND is assemblable under the fasm assembler itself. ...that's pretty impressive to me!

Well, hopefully I will figure out this PE executable format over some time (correctly, that is;)).

If I ever do get it correctly figured out, maybe I'll write my own tutorial on it, referencing the other tutorials as useful information. ---not gonna do that until I, myself, get this stuff to work and am extremely confident and competent with it, however;)

Any further information is still appreciated, although it seems that most of the information on this on the Internet has already been given in this thread.
Posted on 2003-11-18 13:15:41 by ShortCoder