this is the live version of
an overview of the Portable Executable format and its malformations
presented at Hashdays, in Lucerne, on the 3rd November 2012
direct download link: http://corkami.googlecode.com/files/ange_albertini_hashdays_2012.zip
60. Conclusion
● the Windows executable format is complex
● mostly covered, but many little traps
● new discoveries every day :(
http://pe101.corkami.com
http://pe.corkami.com
61. Questions?
Thanks to
Fabian Sauter, Peter Ferrie, وليد عصر
Bernhard Treutwein, Costin Ionescu, Deroko, Ivanlef0u, Kris Kaspersky, Moritz Kroll, Thomas Siebert,
Tomislav Peričin, Kris McConkey, Lyr1k, Gunther, Sergey Bratus, frank2, Ero Carrera, Jindřich Kubec, Lord
Noteworthy, Mohab Ali, Ashutosh Mehra, Gynvael Coldwind, Nicolas Ruff, Aurélien Lebrun, Daniel
Plohmann, Gorka Ramírez, 최진영 , Adam Błaszczyk, 板橋一正 , Gil Dabah, Juriaan Bremer, Bruce Dang,
Mateusz Jurczyk, Markus Hinderhofer, Sebastian Biallas, Igor Skochinsky, Ильфак Гильфанов, Alex
Ionescu, Alexander Sotirov, Cathal Mullaney