Portable executable file version reader x64

notepad.exe

File size is 69120 bytes

Machine: Intel 386 image(32-bit)(hex: 14c)

Number of sections: 3
472:.text Data size: 30720 Data ptr: 1024 Section VA:4096 sect. hdr offset: 472
512:.data Data size: 2048 Data ptr: 31744 Section VA:36864 sect. hdr offset: 512
552:.rsrc Data size: 35328 Data ptr: 33792 Section VA:45056 sect. hdr offset: 552
Resources found in section: .rsrc
Offset of raw data with resources(base address): 33792
.rsrc section VA difference(Section RVA minus section data offset): 11264

Resource entries:
Named - 0, ID - 8
Directory Entry: 3 - Icon
Directory Entry: 4 - Menu
Directory Entry: 5 - Dialog
Directory Entry: 6 - String
Directory Entry: 9 - Accelerator table
Directory Entry: 14 - Group icon
Directory Entry: 16 - Version
Directory Entry: 24 - Unknown

Version directory entry in main resource directory (level 1):
General offset: 33856
Point to subdirectory
Name: 16
Offset of next entry: 344

Version directory (level 2):
General offset (base + read_from_parent): 34136
Entries: name - 0, id - 1

Version directory id entry 1:
General offset (parent offset + struct_size + dir_entry_size*index_of_entry): 34152
Point to subdirectory
Name: 1
Offset of next entry: 896

Language directory (level 3):
General offset (base + read_from_parent): 34688
Entries: name - 0, id - 1

Language directory id entry 1:
General offset (parent offset + struct_size + dir_entry_size*index_of_entry): 34704
Name:4,9
Offset of next entry: 1280

Data entry(level 4):
Data entry offset: 35072
Offset to data: 75120
Data size: 880

Optional header stripped information
Size of code: 30720
Entry point address: 0x0000739D
Base of code: 4096
Base of data: 36864
Image base: 0x01000000

Version info (VS_VERSIONINFO)(start to read at location: 63856(read RVA offset minus VA difference))
Length: 880
Value Length: 52
Type: 0
Offset: 38
Padded offset: 40

Fixed file info (VS_FIXEDFILEINFO):
dwSignature: 0xFEEF04BD
dwStrucVersion_Minor: 0
dwStrucVersion_Major: 1
dwFileVersionMS: 327681 (0x00050001)
  dwFileVersionMS(loword): 1
  dwFileVersionMS(hiword): 5
dwFileVersionLS: 170395780 (0x0A280884)
  dwFileVersionLS(loword): 2180
  dwFileVersionLS(hiword): 2600
dwProductVersionMS: 327681 (0x00050001)
  dwProductVersionMS(loword): 1
  dwProductVersionMS(hiword): 5
dwProductVersionLS: 170395780 (0x0A280884)
  dwProductVersionLS(loword): 2180
  dwProductVersionLS(hiword): 2600

Offset: 92
Padded offset: 92
First StrFileInfo size: 720
First StringTable size: 684
Padded offset(from beginning of StrTable pseudo structure): 24

String size: 76
Value length: 22
Type: 1 (string)
Unicode null terminator found at offset in szKey: 28( in String:34)
Key: CompanyName (length 11 symbols(w/o null terminator))
Value: Microsoft Corporation
Offset(no padding): 100, padding: 0 bytes, Offset so far: 100

String size: 56
Value length: 8
Type: 1 (string)
Unicode null terminator found at offset in szKey: 36( in String:42)
Key: FileDescription (length 15 symbols(w/o null terminator))
Value: Notepad
Offset(no padding): 156, padding: 0 bytes, Offset so far: 156

String size: 114
Value length: 41
Type: 1 (string)
Unicode null terminator found at offset in szKey: 28( in String:34)
Key: FileVersion (length 11 symbols(w/o null terminator))
Value: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Offset(no padding): 270, padding: 2 bytes, Offset so far: 272

String size: 48
Value length: 8
Type: 1 (string)
Unicode null terminator found at offset in szKey: 30( in String:36)
Key: InternalName (length 12 symbols(w/o null terminator))
Value: Notepad
Offset(no padding): 320, padding: 0 bytes, Offset so far: 320

String size: 128
Value length: 46
Type: 1 (string)
Unicode null terminator found at offset in szKey: 34( in String:40)
Key: LegalCopyright (length 14 symbols(w/o null terminator))
Value: © Microsoft Corporation. All rights reserved.
Offset(no padding): 448, padding: 0 bytes, Offset so far: 448

String size: 64
Value length: 12
Type: 1 (string)
Unicode null terminator found at offset in szKey: 38( in String:44)
Key: OriginalFilename (length 16 symbols(w/o null terminator))
Value: NOTEPAD.EXE
Offset(no padding): 512, padding: 0 bytes, Offset so far: 512

String size: 106
Value length: 37
Type: 1 (string)
Unicode null terminator found at offset in szKey: 28( in String:34)
Key: ProductName (length 11 symbols(w/o null terminator))
Value: Microsoft® Windows® Operating System
Offset(no padding): 618, padding: 2 bytes, Offset so far: 620

String size: 64
Value length: 14
Type: 1 (string)
Unicode null terminator found at offset in szKey: 34( in String:40)
Key: ProductVersion (length 14 symbols(w/o null terminator))
Value: 5.1.2600.2180
Offset(no padding): 684, padding: 0 bytes, Offset so far: 684