Search the Community
Showing results for tags 'pe file'.
PE File Overlay Extraction (and Certificate info) Executable and other PE files can contain "overlays", which is data that is appended to the end of the file. This data can be important, such as setup packages, Authenticode signatures*, and overlays for AutoIt scripts. Or it could just be extra unneeded cruft (sometimes). Whatever the case is, I wanted to find a way to detect if this data was present. This project is actually a result of dealing with so-called 'File Optimizer' programs that would strip Overlay information from Executables (leaving compiled AutoIt scripts crippled!). An
A3X Script Extract With newer versions of AutoIT (v188.8.131.52+), the compiled script is no longer appended to files as an overlay, and instead is embedded as a binary resource. This leads my previous AutoIt-script detection UDF lacking. However, since that UDF (>PE File Overlay Extraction) was targeted towards overlays in general, its still a worthwhile tool to have. This UDF on the other hand is pretty specific - it lets you detect and optionally extract A3X scripts from a compiled executable. The method is rather straightforward - it looks for a resource type of RT_RCDATA with a res