PaulDotCom mailing list archives
Metadata in EXEs
From: dimitrios at gmail.com (Dimitrios Kapsalis)
Date: Thu, 19 Mar 2009 08:34:28 -0500
Not sure about the version info that you have above, but I can say with some certainty, anything that is created using the .net framework will have an xml file with some information describing it. 2009/3/19 Adrian Crenshaw <irongeek at irongeek.com>
Hi all. As I stated in some earlier posts, I'm doing a class on Recon. One of the things I plan to cover is Metadata (With links off to Larry's stuff of course :) ). I was looking at the Metadata in EXEs with a hex editor and reshacker. Some have a section like: 1 VERSIONINFO FILEVERSION 0,75,0,0 PRODUCTVERSION 3,3,0,0 FILEOS 0x4 FILETYPE 0x0 { BLOCK "StringFileInfo" { BLOCK "080904b0" { VALUE "FileVersion", "0.75.0.0" VALUE "Comments", "http://Irongeek.com" VALUE "FileDescription", "A little app I wrote" VALUE "LegalCopyright", "All your code are belong to Adrian!" } } BLOCK "VarFileInfo" { VALUE "Translation", 0x0809 0x04B0 } } And some have: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" processorArchitecture="*" version="3.0.0.0" name="AutoIt3" /> <description>AutoIt v3</description> <!-- Identify the application security requirements. --> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <!-- Identify the application dependencies. --> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" /> </dependentAssembly> </dependency> </assembly> Or both. Or none. My question is, in what cases does the compiler put in an XML manifest (just .net stuff?), a VersionInfo section, or none at all? Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090319/ed37042c/attachment.htm
Current thread:
- Metadata in EXEs Adrian Crenshaw (Mar 19)
- Metadata in EXEs Dimitrios Kapsalis (Mar 19)
- Metadata in EXEs Pat Moloney (Mar 20)
- Message not available
- Metadata in EXEs Pat Moloney (Mar 20)
- Metadata in EXEs Pat Moloney (Mar 20)
- Metadata in EXEs Dimitrios Kapsalis (Mar 19)