PaulDotCom mailing list archives

Metadata in EXEs

From: dimitrios at gmail.com (Dimitrios Kapsalis)
Date: Thu, 19 Mar 2009 08:34:28 -0500

Not sure about the version info that you have above, but I can say with some
certainty, anything that is created using the .net framework will have an
xml file with some information describing it.

2009/3/19 Adrian Crenshaw <irongeek at irongeek.com>

Hi all. As I stated in some earlier posts, I'm doing a class on Recon. One
of the things I plan to cover is Metadata (With links off to Larry's stuff
of course :) ). I was looking at the Metadata in EXEs with a hex editor and
reshacker. Some have a section like:


1 VERSIONINFO
FILEVERSION 0,75,0,0
PRODUCTVERSION 3,3,0,0
FILEOS 0x4
FILETYPE 0x0
{
BLOCK "StringFileInfo"
{
    BLOCK "080904b0"
    {
        VALUE "FileVersion", "0.75.0.0"
        VALUE "Comments", "http://Irongeek.com";
        VALUE "FileDescription", "A little app I wrote"
        VALUE "LegalCopyright", "All your code are belong to Adrian!"
    }
}

BLOCK "VarFileInfo"
{
    VALUE "Translation", 0x0809 0x04B0
}
}

And some have:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity
        type="win32"
        processorArchitecture="*"
        version="3.0.0.0"
        name="AutoIt3"
    />
    <description>AutoIt v3</description>

    <!-- Identify the application security requirements. -->
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges>
                <requestedExecutionLevel
                    level="asInvoker"
                    uiAccess="false"/>
            </requestedPrivileges>
        </security>
    </trustInfo>

    <!-- Identify the application dependencies. -->
    <dependency>
        <dependentAssembly>
            <assemblyIdentity
                type="win32"
                name="Microsoft.Windows.Common-Controls"
                version="6.0.0.0"
                language="*"
                processorArchitecture="*"
                publicKeyToken="6595b64144ccf1df"
            />
        </dependentAssembly>
    </dependency>
</assembly>

Or both. Or none. My question is, in what cases does the compiler put in an
XML manifest (just .net stuff?), a VersionInfo section, or none at all?

Thanks,
Adrian

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090319/ed37042c/attachment.htm

Current thread:

Metadata in EXEs Adrian Crenshaw (Mar 19)
- Metadata in EXEs Dimitrios Kapsalis (Mar 19)
  - Metadata in EXEs Pat Moloney (Mar 20)
    - Message not available
    - Metadata in EXEs Pat Moloney (Mar 20)