Virtual Developer Workshop: Containerized Development with Docker

Download Source Code and Example

The WINPE project is basically a conversion of Matt Pietreks PEDUMP Program from a DOS based application to an Windows MFC based app. It demonstrates Parsing PE files and displaying each section in a seperate view.

A WIN32 PE file or better know as a .EXE or .DLL file is broken up into sections. WINPE handles these sections in its own separate view. The views are Dynamically switched depending on the View option selected. WINPE also Provides Printing and Print Preview and since the font selection has a lot to do With how the print will look the app also provides for font selection on both the Display and printout. Print Preview was required in order to allow the user to Find and select the page range for printing so that the entire EXE or DLL does Not have to be printed.

WINPE is implemented as a SDI app. The Document class however does not use The serialize function since the actual file is not read, it is loaded as a memory mapped File by the document class and a pointer to the memory mapped file can be returned To the view on request. Each View contains the code to process the PE section data that is to be displayed. WINPE by default provides a HEXDUMP of the file upon opening. The HEXDUMP will work on any file type, however if the file is not a EXE or DLL all other view options are disabled via CmdUI interface.


Handles most of menu messages. The OnViewChange function Determines which view was requested and dynamically switches The Documents current View. The OnFrameView function is A message handler that allows the document class to ensure That the CDumpXView is always the default View.


Memory maps the PE file (or any other file). The OnOpenDocument Function determines what kind of file is being processed and then Either enables or disables the View options.


Displays the data associated with the PE files Debug Directory.




Displays the data associated with the PE files Export section.The Export section contains the names of the Functions that This DLL or EXE exports. For example, to see the names of the Functions exported by ICMP.DLL.


Displays the data associated with the PE files Import section.The Import section contains the names of the DLLs and their Correspnding functions that are used or Imported into this DLL or EXE.


Displays the PE file Header.


Displays the Names and resource IDs and their types. Example. The names and IDs of all the Bitmaps that Were compiled into this EXE or DLL.


Displays the PE Section Table.

The WINPE program was written to make life a little easier. When writing The Nettools program I found myself having to constantly go back into DOS and run DUMPBIN or PEDUMP to see what functions were available In the ICMP and INETMIB1 DLL and to see what DLLs were being used By PING,TRACERT and NETSTAT. In order to print the data I had to Redirect the output to a file then use WordPad to print the pages I was interested In studying. This is how I gathered some of the info required to write Nettools.

Of Course WINPE does not support ALL of the PEDUMP and DUMPBIN Options but it does support the ones I use most.

Known Problems

  • The CscrolView does not work on Win95.
  • Due to CScrollView limits on WIN95 only 32k of data will display in the hexdump. (all other views will work correctly I was too lazy to write the scrolling code in a CView.

Tested on NT4.0 with MS/VC++ 4.2.

Reference Materials Used.

See Microsoft Systems Journal at http://www.microsoft.com/msj for more info on the following. I believe the source code to HEXDUMP and PEDUMP can also be obtained there.

Programming Windows 95 with MFC by Prosise.
    The HEXDUMP example was used to create the DumpXView.

WIN95 Systems Programming Secrets by Matt Pietrek. 
	The best book ever written on WIN95 and WIN32 internals. 
	Contains the source to PEDUMP.

Developing Pro apps for NT and 95 using MFC 
	The Print and Preview sections were very helpful.

Microsoft also provides some samples and documentation.

The Portable Executable File Format from Top to Bottom

Managing Memory-Mapped Files in Win32 http://www.microsoft.com/win32dev/base/mmfile.htm

Last updated: 14 April 1998


  • Compiled successfully in VC++.NET under XP

    Posted by Legacy on 10/07/2002 07:00am

    Originally posted by: Abhijit B

    Thanks, nice work.


  • winpe vc 6 compile problem

    Posted by Legacy on 09/09/2002 07:00am

    Originally posted by: ranjith v k

    compiling winpe with makefile included i get error -->

    whileImportView.cpp(313) : error C2440: '=' : cannot convert
    'struct _IMAGE_IMPORT_BY_NAME *'
    Conversion from integral type to pointer type r
    C-style cast or function-style cast
    NMAKE : fatal error U1077: 'cl.exe' : return code '0x2'

    why so??

  • Good job

    Posted by Legacy on 08/14/2002 07:00am

    Originally posted by: Ilya

    Very useful code.
    Very clean and easy to understand.

    Thanks a lot.

    PS: the program just has one small limitation - it doesn't want to load information from ActiveX controls (.ocx)

  • wonderful work

    Posted by Legacy on 01/21/2002 08:00am

    Originally posted by: Larry zhang

    wonderful work

  • works on Win2K (vc++6)

    Posted by Legacy on 10/09/2001 07:00am

    Originally posted by: Larry

    Just did a quick test on Win2K with VC++6.0 compiler, the program worked very well.

    there is a little thing: the scroll bar seems not work when I opened a big EXE (>6mb).

    very good job,

  • Great Work! -nt

    Posted by Legacy on 04/22/1999 07:00am

    Originally posted by: Chris

    Great Work!

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date