Eureka!

I think I’ve found the solution to a problem I’ve had at work for ages: Win32::Exe.

I would love to examine the PE version information of a Windows file that’s been uploaded to a Linux server. For a long time, I’ve punted on this problem, and waited until I had the file back on a Windows machine before examining this information, mostly because it’s much easier to get this info using Windows’ API calls to get the data than manually parsing the PE header info.  However, just tonight just stumbled across this perl module mentioned in a stackoverflow post, and it doesn’t depend on modules that we don’t already use.

Now this problem will stop bugging me, and I can go to sleep!

Update: Unfortunately, the files I need to examine are large (> 200MB), and Win32::Exe (via Parse::Binary) seems to load the entire file into memory.  This causes an out of memory error.  But maybe I can use this code as a launching point for a different solution.

2 thoughts on “Eureka!

  1. Oh man I wish I’d seen this post when you first found the module. I found this one ~4 years ago trying to solve the same problem, and we turned it down for the same reason. Been there, done that, got the out of memory error.

    • Once I discovered the memory problem, I remember discussing the module with you ages ago. I’m wondering if Parse::Binary can be fixed so it doesn’t load the entire executable into memory.

Leave a Reply