Menu
there are many windows PE resource viewers programs. But how do they work? Do they decode function calls to winapi, or does PE have some section for GUI information? Like Android has XML GUI definitons? Thanks.
974
The Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code.
dot) is NON-PE. This means the file is a file which does not contain a portable executable header i.e. . dot extension. Webroot is currently only capable of PE malware detection, however the program also contains a heuristics engine for some NON-PE files.
The Portable Executable format is the standard file format for executables, object code and Dynamic Link Libraries (DLLs) used in 32- and 64-bit versions of Windows operating systems.
Signature (Image Only)After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes).
There are probably different implementation strategies, so it's not possible to answer this universally for all tools.
The PE file format specification is publicly available. It specifies the section structure of a PE file, how to find the .rsrc section in the file, and how to extract individual resources from that section. The individual resource formats are also documented on MSDN. For example, the dialog GUI definitions are defined in the DLGTEMPLATE structure.
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
