Hi,

I'm new to PE File analysis and I am trying to understand why my Visual Basic project continually changes so much from build to build (I suspect it's the data segments) - and to be able to analyse the differences so that I can explain them all.

My environment is Windows 2000, Visual Basic 6 Service Pack 5. I have also tried Windows NT 4 (and it has the same problem) but I can't change my development environment.

There are a lot of people here who understand file formats better than I do and I hope someone can offer me some help in solving my problem.

I have recently found Microsoft's article on "An Indepth Look into the Win32 Portable Executable File Format - MSDN Magazine Feb, 2002" (hxxp://www.msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx). I have also downloaded all tools that I can find on analysing PE Files (the most useful I found so far was PELord from hxxp://y0da.cjb.net/). However, this tells me that the differences include date/time stamps (which was obvious using "fc.exe") - but I still can't justify most of the differences.

If I generate a vanilla "VB Executable", there are still a lot of differences. If I change the title of the main form from Form1 to Form2, PELord can not recognise this change correctly using the compare option.

Is there a tool that will allow me to compare code segments to determine they are equivalent? Other than spending a lot of time to come up to speed with PE Files and writing my own tool, I can't see any other way to justify the differences I am seeing.

Thanks for any help



Well Being
PS My apologies for entering direct links above. I have since corrected that