Hello,
I've seen some questions about how to remove private information from a PE file. Many people do not know this, but even files that have been compiled in "Release" mode will often include the path to a PDB file. This path may have information that the author does not wish to become public. For example:
Note the file path, even though this was compiled, using the Windows DDK, in release mode.
In addition, the Microsoft linker includes a block that contains information about the libraries used to link your program (more information here), which many people may not want included in their released binaries.
As such, I am releasing a tool that I wrote to remove this information. Given a PE file, it will open the file, remove the debug information (zeroing it out), remove the "Rich" header, and clear the major/minor linker information in the PE header. Then, it will update the PE checksum of the file (necessary for kernel drivers).
I have not tested this extensively, and it may fail to work on malformed PE files.
Included in this archive is the source code to the tool - it's very simple, comes with no warranty or guarantee, and the only licence is that, if you include it in another project, please include an acknowledgement of the original source for the code (a simple "this project uses code released into the public domain by A_D_13" will suffice). It'd be nice if you let me know, too.
If you have problems, please let me know and I will try to fix them.
Thanks,
--AD
I've seen some questions about how to remove private information from a PE file. Many people do not know this, but even files that have been compiled in "Release" mode will often include the path to a PDB file. This path may have information that the author does not wish to become public. For example:
Note the file path, even though this was compiled, using the Windows DDK, in release mode.
In addition, the Microsoft linker includes a block that contains information about the libraries used to link your program (more information here), which many people may not want included in their released binaries.
As such, I am releasing a tool that I wrote to remove this information. Given a PE file, it will open the file, remove the debug information (zeroing it out), remove the "Rich" header, and clear the major/minor linker information in the PE header. Then, it will update the PE checksum of the file (necessary for kernel drivers).
I have not tested this extensively, and it may fail to work on malformed PE files.
Included in this archive is the source code to the tool - it's very simple, comes with no warranty or guarantee, and the only licence is that, if you include it in another project, please include an acknowledgement of the original source for the code (a simple "this project uses code released into the public domain by A_D_13" will suffice). It'd be nice if you let me know, too.
If you have problems, please let me know and I will try to fix them.
Thanks,
--AD
Attachments
No password, contains the compiled EXE and the source code in one CPP file.
(28.95 KiB) Downloaded 72 times
(28.95 KiB) Downloaded 72 times
