I am learning the structure of a portable executable. I went through the MSDN article but I am a bit confused about it. I have some confusion with their precise stucture and its functionality.
Can anybody help me or please refer me to a nice article for this?
The Portable Executable format is the standard file format for executables, object code and Dynamic Link Libraries (DLLs) used in 32- and 64-bit versions of Windows operating systems. File infectors that infect these executables are detected by Trend Micro as PE_malwarename.
A PE file infector is a malware family that propagates by appending or wrapping malicious code into other PE files on an infected system. PE infectors are not particularly complex and can be detected by most antivirus products.
Explanation: The Portable Executable is the basic file format which main objective to used the 32- and 64-bit versions of the Microsoft systems for the exe files, obj fiie, and the DLL library.
PE File Sections The PE file specification consists of the headers defined so far and a generic object called a section. Sections contain the content of the file, including code, data, resources, and other executable information. Each section has a header and a body (the raw data).
For a more discursive approach than official specs, you should have a look at Matt Pietrek 1994 article Peering inside the PE: A tour of the Win32 Portable Executable File Format. The explanation is more readable than the dry, official style of the specs.
This is the official current PE/COFF spec from MSFT: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With