PE Format ... and its dark dark secrets
Well we all know what a PE is... many have not heard it called my this name,
but the PE is the .exe you use to run applications on your computer. For
example notepad.exe, winamp.exe etc... and kernel.dll, nero.dll are all PE's.
They all follow a certain structure. Now such a valuable and reguarly used
file format should be understood or at least tried ;)
So I'm going to show you the insides of a simple .exe... rip it to pieces
until there's nothing left in there.
Okay now I had to choose an exe as an example... I was going to use
notepad.exe but then I thought that it is a bit complex to start with, and I'll
add it in later on. So to start with we'll compile and create our own exe
and then we can see just where this code is in our PE file.
Now before I start telling you which bytes do what and what a section is and
why I'm poor...lol... I'm going to break it up into little chapters that you can
easily chew and digest. If I force it al l on you in one big go it might
kill you ;).
Chptr-1- PE File Format From A Distance.
Chptr-2- Start of a PE... our simple .exe
Chptr-3- FileHeader isnt' scary its our friend!
Chptr-4- More Headers (Optional or NOT)
Chptr-5- Sections ... our code.. we found you.
Chptr-6- Import Table.
Also feedback is welcome, so if you come across any errors please tell me.
Again this information is for educational purposes, as I think its an piece of
knowledge to know this... as its something you use all the time, and if your a
programmer... even more valuable.
webmaster@xbdev.net
|