For 64-bit executables/PE files, there are a couple of changes in the PE header offsets. Don’t consider the size of the OptionalHeader as 0x74, instead use the “SizeOfOptionalHeader” from the _IMAGE_FILE_HEADER. There is no longer a BaseOfData field, instead ImageBase is 8 bytes long. More details on _IMAGE_OPTIONAL_HEADER64 you can found here.
Posts Tagged: file format
This script can generate fuzzing files with valid AVI/BMP/CUE/GIF/JPG/PDF/PNG headers. The body can be a constant set of characters or random characters (useful to determine the offset when the program crashes). The code is available on github. You can download it from here.