Enviar pesquisa
Carregar
PE102 - a Windows executable format overview (booklet V1)
•
4 gostaram
•
2,061 visualizações
Ange Albertini
Seguir
Tecnologia
Arte e fotografia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 5
Baixar agora
Baixar para ler offline
Recomendados
Pe Format
Pe Format
Hexxx
PE File Format
PE File Format
n|u - The Open Security Community
Exploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
Ktmt chuong 4
Ktmt chuong 4
Tùng Tò Mò
Fido Technical Overview
Fido Technical Overview
FIDO Alliance
Symfony 2 : chapitre 1 - Présentation Générale
Symfony 2 : chapitre 1 - Présentation Générale
Abdelkader Rhouati
Phân tích thiết kế hệ thống thông tin
Phân tích thiết kế hệ thống thông tin
huynhle1990
FIDO and the Future of User Authentication
FIDO and the Future of User Authentication
FIDO Alliance
Recomendados
Pe Format
Pe Format
Hexxx
PE File Format
PE File Format
n|u - The Open Security Community
Exploring the Portable Executable format
Exploring the Portable Executable format
Ange Albertini
Ktmt chuong 4
Ktmt chuong 4
Tùng Tò Mò
Fido Technical Overview
Fido Technical Overview
FIDO Alliance
Symfony 2 : chapitre 1 - Présentation Générale
Symfony 2 : chapitre 1 - Présentation Générale
Abdelkader Rhouati
Phân tích thiết kế hệ thống thông tin
Phân tích thiết kế hệ thống thông tin
huynhle1990
FIDO and the Future of User Authentication
FIDO and the Future of User Authentication
FIDO Alliance
Ktmt chuong 6
Ktmt chuong 6
Tùng Tò Mò
ELCE 2012 - Dive into Android Networking: Adding Ethernet Connectivity
ELCE 2012 - Dive into Android Networking: Adding Ethernet Connectivity
Benjamin Zores
Bai tap-thuc-hanh-he-quan-tri-csdl
Bai tap-thuc-hanh-he-quan-tri-csdl
giang nguyen le
Présentation de EasyAdmin, le bundle d'admin de Symfony
Présentation de EasyAdmin, le bundle d'admin de Symfony
Raphaël Kueny
Snort it-slideshares.blogspot.com
Snort it-slideshares.blogspot.com
phanleson
Les règles de passage
Les règles de passage
marwa baich
Système répartis avec RMI
Système répartis avec RMI
Korteby Farouk
Introduction to FIDO Alliance
Introduction to FIDO Alliance
FIDO Alliance
Giáo trình lắp ráp và cài đặt máy tính
Giáo trình lắp ráp và cài đặt máy tính
jackjohn45
Báo cáo phân tích thiết kế đồ án game
Báo cáo phân tích thiết kế đồ án game
Tạ Thành Đạt
Android Security Internals
Android Security Internals
Opersys inc.
Báo cáo đề tài thực tập cuối kỳ
Báo cáo đề tài thực tập cuối kỳ
thanhthong1210
20190704 パスワードに代わる新たなオンライン認証を推進するFIDO(ファイド)アライアンスの記者説明会
20190704 パスワードに代わる新たなオンライン認証を推進するFIDO(ファイド)アライアンスの記者説明会
FIDO Alliance
Bài tập lớn Phát triển phần mềm hướng dịch vụ PTIT
Bài tập lớn Phát triển phần mềm hướng dịch vụ PTIT
Popping Khiem - Funky Dance Crew PTIT
Đề tài: Xây dựng phần mềm quản lí bán thuốc, HAY, 9đ
Đề tài: Xây dựng phần mềm quản lí bán thuốc, HAY, 9đ
Dịch Vụ Viết Bài Trọn Gói ZALO 0917193864
Ket tap, ke thua
Ket tap, ke thua
Tuan Do
Báo cáo bài tập lớn môn Cơ sở dữ liệu - Học viện công nghệ bưu chính viễn thông
Báo cáo bài tập lớn môn Cơ sở dữ liệu - Học viện công nghệ bưu chính viễn thông
Huyen Pham
lập trình di động
lập trình di động
truong le hung
Admin linux utilisateurs_et_groupes cours 1
Admin linux utilisateurs_et_groupes cours 1
Mehdi Bouihi
Ins and Outs of GPIO Programming
Ins and Outs of GPIO Programming
ICS
Protection
Protection
Sanjay Sharma
the PE format 2011/01/17
the PE format 2011/01/17
Ange Albertini
Mais conteúdo relacionado
Mais procurados
Ktmt chuong 6
Ktmt chuong 6
Tùng Tò Mò
ELCE 2012 - Dive into Android Networking: Adding Ethernet Connectivity
ELCE 2012 - Dive into Android Networking: Adding Ethernet Connectivity
Benjamin Zores
Bai tap-thuc-hanh-he-quan-tri-csdl
Bai tap-thuc-hanh-he-quan-tri-csdl
giang nguyen le
Présentation de EasyAdmin, le bundle d'admin de Symfony
Présentation de EasyAdmin, le bundle d'admin de Symfony
Raphaël Kueny
Snort it-slideshares.blogspot.com
Snort it-slideshares.blogspot.com
phanleson
Les règles de passage
Les règles de passage
marwa baich
Système répartis avec RMI
Système répartis avec RMI
Korteby Farouk
Introduction to FIDO Alliance
Introduction to FIDO Alliance
FIDO Alliance
Giáo trình lắp ráp và cài đặt máy tính
Giáo trình lắp ráp và cài đặt máy tính
jackjohn45
Báo cáo phân tích thiết kế đồ án game
Báo cáo phân tích thiết kế đồ án game
Tạ Thành Đạt
Android Security Internals
Android Security Internals
Opersys inc.
Báo cáo đề tài thực tập cuối kỳ
Báo cáo đề tài thực tập cuối kỳ
thanhthong1210
20190704 パスワードに代わる新たなオンライン認証を推進するFIDO(ファイド)アライアンスの記者説明会
20190704 パスワードに代わる新たなオンライン認証を推進するFIDO(ファイド)アライアンスの記者説明会
FIDO Alliance
Bài tập lớn Phát triển phần mềm hướng dịch vụ PTIT
Bài tập lớn Phát triển phần mềm hướng dịch vụ PTIT
Popping Khiem - Funky Dance Crew PTIT
Đề tài: Xây dựng phần mềm quản lí bán thuốc, HAY, 9đ
Đề tài: Xây dựng phần mềm quản lí bán thuốc, HAY, 9đ
Dịch Vụ Viết Bài Trọn Gói ZALO 0917193864
Ket tap, ke thua
Ket tap, ke thua
Tuan Do
Báo cáo bài tập lớn môn Cơ sở dữ liệu - Học viện công nghệ bưu chính viễn thông
Báo cáo bài tập lớn môn Cơ sở dữ liệu - Học viện công nghệ bưu chính viễn thông
Huyen Pham
lập trình di động
lập trình di động
truong le hung
Admin linux utilisateurs_et_groupes cours 1
Admin linux utilisateurs_et_groupes cours 1
Mehdi Bouihi
Ins and Outs of GPIO Programming
Ins and Outs of GPIO Programming
ICS
Mais procurados
(20)
Ktmt chuong 6
Ktmt chuong 6
ELCE 2012 - Dive into Android Networking: Adding Ethernet Connectivity
ELCE 2012 - Dive into Android Networking: Adding Ethernet Connectivity
Bai tap-thuc-hanh-he-quan-tri-csdl
Bai tap-thuc-hanh-he-quan-tri-csdl
Présentation de EasyAdmin, le bundle d'admin de Symfony
Présentation de EasyAdmin, le bundle d'admin de Symfony
Snort it-slideshares.blogspot.com
Snort it-slideshares.blogspot.com
Les règles de passage
Les règles de passage
Système répartis avec RMI
Système répartis avec RMI
Introduction to FIDO Alliance
Introduction to FIDO Alliance
Giáo trình lắp ráp và cài đặt máy tính
Giáo trình lắp ráp và cài đặt máy tính
Báo cáo phân tích thiết kế đồ án game
Báo cáo phân tích thiết kế đồ án game
Android Security Internals
Android Security Internals
Báo cáo đề tài thực tập cuối kỳ
Báo cáo đề tài thực tập cuối kỳ
20190704 パスワードに代わる新たなオンライン認証を推進するFIDO(ファイド)アライアンスの記者説明会
20190704 パスワードに代わる新たなオンライン認証を推進するFIDO(ファイド)アライアンスの記者説明会
Bài tập lớn Phát triển phần mềm hướng dịch vụ PTIT
Bài tập lớn Phát triển phần mềm hướng dịch vụ PTIT
Đề tài: Xây dựng phần mềm quản lí bán thuốc, HAY, 9đ
Đề tài: Xây dựng phần mềm quản lí bán thuốc, HAY, 9đ
Ket tap, ke thua
Ket tap, ke thua
Báo cáo bài tập lớn môn Cơ sở dữ liệu - Học viện công nghệ bưu chính viễn thông
Báo cáo bài tập lớn môn Cơ sở dữ liệu - Học viện công nghệ bưu chính viễn thông
lập trình di động
lập trình di động
Admin linux utilisateurs_et_groupes cours 1
Admin linux utilisateurs_et_groupes cours 1
Ins and Outs of GPIO Programming
Ins and Outs of GPIO Programming
Destaque
Protection
Protection
Sanjay Sharma
the PE format 2011/01/17
the PE format 2011/01/17
Ange Albertini
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
Antiy Labs
PE Packers Used in Malicious Software - Part 1
PE Packers Used in Malicious Software - Part 1
amiable_indian
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Hajin Jang
Smashing The Stack
Smashing The Stack
Daniele Bellavista
Destaque
(6)
Protection
Protection
the PE format 2011/01/17
the PE format 2011/01/17
PE Trojan Detection Based on the Assessment of Static File Features
PE Trojan Detection Based on the Assessment of Static File Features
PE Packers Used in Malicious Software - Part 1
PE Packers Used in Malicious Software - Part 1
PE File Format and Packer - Inc0gnito 2016
PE File Format and Packer - Inc0gnito 2016
Smashing The Stack
Smashing The Stack
Semelhante a PE102 - a Windows executable format overview (booklet V1)
Windbg랑 친해지기
Windbg랑 친해지기
Ji Hun Kim
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend
Alexandre Moneger
Stability issues of user space
Stability issues of user space
晓东 杜
Creating user-mode debuggers for Windows
Creating user-mode debuggers for Windows
Mithun Shanbhag
Reverse eningeering
Reverse eningeering
Kent Huang
Getting started cpp full
Getting started cpp full
Võ Hòa
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eve
chiportal
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Alex Matrosov
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device Drivers
Satpal Parmar
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Jagadisha Maiya
[Pgday.Seoul 2017] 3. PostgreSQL WAL Buffers, Clog Buffers Deep Dive - 이근오
[Pgday.Seoul 2017] 3. PostgreSQL WAL Buffers, Clog Buffers Deep Dive - 이근오
PgDay.Seoul
0x01 - Breaking into Linux VMs for Fun and Profit.pdf
0x01 - Breaking into Linux VMs for Fun and Profit.pdf
scribdsituation719
International Burmese democratic forces and friends of Burma who
International Burmese democratic forces and friends of Burma who
Burma Democratic Concern (BDC)
Innodb에서의 Purge 메커니즘 deep internal (by 이근오)
Innodb에서의 Purge 메커니즘 deep internal (by 이근오)
I Goo Lee.
Code Injection in Windows
Code Injection in Windows
n|u - The Open Security Community
程式設計師的自我修養 Chapter 5
程式設計師的自我修養 Chapter 5
Shu-Yu Fu
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Gavin Guo
The forgotten art of assembly
The forgotten art of assembly
Marian Marinov
x86_1.ppt
x86_1.ppt
jeronimored
Semelhante a PE102 - a Windows executable format overview (booklet V1)
(20)
Windbg랑 친해지기
Windbg랑 친해지기
06 - ELF format, knowing your friend
06 - ELF format, knowing your friend
Stability issues of user space
Stability issues of user space
Creating user-mode debuggers for Windows
Creating user-mode debuggers for Windows
Reverse eningeering
Reverse eningeering
Getting started cpp full
Getting started cpp full
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eve
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
[Pgday.Seoul 2017] 3. PostgreSQL WAL Buffers, Clog Buffers Deep Dive - 이근오
[Pgday.Seoul 2017] 3. PostgreSQL WAL Buffers, Clog Buffers Deep Dive - 이근오
0x01 - Breaking into Linux VMs for Fun and Profit.pdf
0x01 - Breaking into Linux VMs for Fun and Profit.pdf
International Burmese democratic forces and friends of Burma who
International Burmese democratic forces and friends of Burma who
Innodb에서의 Purge 메커니즘 deep internal (by 이근오)
Innodb에서의 Purge 메커니즘 deep internal (by 이근오)
Code Injection in Windows
Code Injection in Windows
程式設計師的自我修養 Chapter 5
程式設計師的自我修養 Chapter 5
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
The forgotten art of assembly
The forgotten art of assembly
x86_1.ppt
x86_1.ppt
Mais de Ange Albertini
Technical challenges with file formats
Technical challenges with file formats
Ange Albertini
Relations between archive formats
Relations between archive formats
Ange Albertini
Abusing archive file formats
Abusing archive file formats
Ange Albertini
TimeCryption
TimeCryption
Ange Albertini
You are *not* an idiot
You are *not* an idiot
Ange Albertini
Improving file formats
Improving file formats
Ange Albertini
KILL MD5
KILL MD5
Ange Albertini
No more dumb hex!
No more dumb hex!
Ange Albertini
Beyond your studies
Beyond your studies
Ange Albertini
An introduction to inkscape
An introduction to inkscape
Ange Albertini
The challenges of file formats
The challenges of file formats
Ange Albertini
Exploiting hash collisions
Exploiting hash collisions
Ange Albertini
Infosec & failures
Infosec & failures
Ange Albertini
Connecting communities
Connecting communities
Ange Albertini
TASBot - the perfectionist
TASBot - the perfectionist
Ange Albertini
Caring for file formats
Caring for file formats
Ange Albertini
Hacks in video games
Hacks in video games
Ange Albertini
Trusting files (and their formats)
Trusting files (and their formats)
Ange Albertini
Let's write a PDF file
Let's write a PDF file
Ange Albertini
PDF: myths vs facts
PDF: myths vs facts
Ange Albertini
Mais de Ange Albertini
(20)
Technical challenges with file formats
Technical challenges with file formats
Relations between archive formats
Relations between archive formats
Abusing archive file formats
Abusing archive file formats
TimeCryption
TimeCryption
You are *not* an idiot
You are *not* an idiot
Improving file formats
Improving file formats
KILL MD5
KILL MD5
No more dumb hex!
No more dumb hex!
Beyond your studies
Beyond your studies
An introduction to inkscape
An introduction to inkscape
The challenges of file formats
The challenges of file formats
Exploiting hash collisions
Exploiting hash collisions
Infosec & failures
Infosec & failures
Connecting communities
Connecting communities
TASBot - the perfectionist
TASBot - the perfectionist
Caring for file formats
Caring for file formats
Hacks in video games
Hacks in video games
Trusting files (and their formats)
Trusting files (and their formats)
Let's write a PDF file
Let's write a PDF file
PDF: myths vs facts
PDF: myths vs facts
Último
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Último
(20)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
PE102 - a Windows executable format overview (booklet V1)
1.
Ange Albertini 2009-2013 Corkami PEortable
xecutable 102 MZ Dos header PE HEADER NT HEADERS FILE HEADER OPTIONAL HEADER DATA DIRECTORY SECTIONs EXPORT, IMPORT, Address Table Resources, exceptions, relocations debug, TLS, SAFESEH, .NET
2.
Section 3 (ex:
uninit. data) ImageBase SizeOfHeaders Relative VirtualAddress VirtualAddress (BaseOfCode) Section 1 0x0 Offset PointertoRawData Section 1 (ex:code) SizeOf Headers 0x400000 VirtualAddress (BaseOfData) Section 2 VirtualSize (SizeOfInitializedData) PointertoRawData Section 2 (ex: data) 0x... 0x... PointertoRawData Section 3 SizeOf RawData SizeOf RawData 0x40.... VirtualSize (SizeOfCode) VirtualSize (SizeOfUninitializedData) 0x... SizeOf Headers SizeOf RawData VirtualAddress SizeOfImage 0x40.... 0x... 0x400... 0x40.... NumberOfSections FileAlignment SectionAlignment 0x40.... 00+2 e_magic MZ 02+2 e_cblp 04+2 e_cp exe size 06+2 e_crlc 08+2 e_cparhdr exe start 0a+2 e_minalloc 0c+2 e_maxalloc 0e+2 e_ss initial ss 10+2 e_sp initial sp 12+2 e_csum 14+2 e_ip 16+2 e_cs 18+2 e_lfarlc 1a+2 e_ovno 1c+2 e_res[4] 24+2 e_oemid 26+2 e_oeminfo 28+2 e_res2[10] 3c+4 e_lfanew IMAGE_DOS_HEADER OFFSET 0 00+1 Name[8] 08+4 VirtualSize 0c+4 VirtualAddress 10+4 SizeOfRawData 14+4 PointerToRawData 18+4 PointerToRelocations 1c+4 PointerToLinenumbers 20+2 NumberOfRelocations 22+2 NumberOfLinenumbers 24+4 Characteristics RWX NumberOfSections IMAGE_SECTION_HEADER Section Table 00+2 Machine CPU architecture 02+2 NumberOfSections 04+4 TimeDateStamp 08+4 PointerToSymbolTable 0c+4 NumberOfSymbols 10+2 SizeOfOptionalHeader 12+2 Characteristics exe/dll,relocs 00+04 Signature PE00 04+14 FileHeader SizeofOptionalHeader IMAGE_FILE_HEADER IMAGE_NT_HEADERS(32/64) IMAGE_OPTIONAL_HEADER(32/64) 18+60/+70 OptionalHeader 64b 32b 00+2 00+2 Magic 32b or 64b 02+1 02+1 MajorLinkerVersion required with signatures 03+1 03+1 MinorLinkerVersion 04+4 04+4 SizeOfCode 08+4 08+4 SizeOfInitializedData 0c+4 0c+4 SizeOfUninitializedData 10+4 10+4 AddressOfEntryPoint 14+4 14+4 BaseOfCode ---- 18+4 BaseOfData 18+8 1c+4 ImageBase suggested address to load the file 20+4 20+4 SectionAlignment =2^y, with y≥x 24+4 24+4 FileAlignment =2^x 28+2 28+2 MajorOperatingSystemVersion 2a+2 2a+2 MinorOperatingSystemVersion 2c+2 2c+2 MajorImageVersion 2e+2 2e+2 MinorImageVersion 30+2 30+2 MajorSubsystemVersion 4:≥W95 5:≥W2000 6:≥Vista 32+2 32+2 MinorSubsystemVersion 34+4 34+4 Win32VersionValue overrides OS values in Thread Environment Block 38+4 38+4 SizeOfImage 3c+4 3c+4 SizeOfHeaders not always sizeof(Headers) 40+4 40+4 CheckSum only used for drivers 44+2 44+2 Subsystem executable/driver... 46+2 46+2 DllCharacteristics 48+8 48+4 SizeOfStackReserve 50+8 4c+4 SizeOfStackCommit 58+8 50+4 SizeOfHeapReserve 60+8 54+4 SizeOfHeapCommit 68+4 58+4 LoaderFlags 6c+4 5c+4 NumberOfRvaAndSizes ≤16 70+8 60+8 VirtualAddress, Size NumberOfRvaAndSizes Data Directories 0 EXPORT 1 IMPORT 2 RESOURCE icons, manifest, version... 3 EXCEPTION 64bits exceptions 4 SECURITY Authenticode signature 5 BASERELOC relocations 6 DEBUG symbols 7 COPYRIGHT/Architecture useless 8 GLOBALPTR only on Itanium systems 9 TLS Thread Local Storage A LOAD_CONFIG SafeSEH B BOUND_IMPORT speeds up imports loading C IAT Import Address table D DELAY_IMPORT E COM_DESCRIPTOR .NET header F reserved unused <ignored>... IMAGE_DATA_DIRECTORY[] DOS Header PE Header ant :p section start in memory section start in file where execution starts Headers & Sections File header IMAGE_FILE_MACHINE_* Machine I386 014c ARMV7 01c4 AMD64 8664 IMAGE_FILE_* Characteristics RELOCS_STRIPPED 0001 EXECUTABLE_IMAGE 0002 LINE_NUMS_STRIPPED 0004 LOCAL_SYMS_STRIPPED 0008 LARGE_ADDRESS_AWARE 0020 32BIT_MACHINE 0100 DEBUG_STRIPPED 0200 DLL 2000 Optional Header IMAGE_NT_OPTIONAL_HDR*_MAGIC Magic 32 010b 64 020b IMAGE_SUBSYSTEM_* Subsystem NATIVE (driver) 0001 WINDOWS_GUI 0002 WINDOWS_CUI (console) 0003 IMAGE_DLLCHARACTERISTICS_* DllCharacteristics DYNAMIC_BASE (aslr) 0040 NX_COMPAT (dep) 0100 NO_SEH 0400 TERMINAL_SERVER_AWARE 8000 Section IMAGE_SCN_* Characteristics CNT_* CODE 00000020 INITIALIZED_DATA 00000040 UNINITIALIZED_DATA 00000080 MEM_* DISCARDABLE 02000000 SHARED (risky!) 10000000 EXECUTE 20000000 READ 40000000 WRITE 80000000 Relocations IMAGE_REL_BASED_* TypeOffset ABSOLUTE 0 HIGHLOW 3 Resources RT_* NameID BITMAP 02 ICON 03 MENU 04 DIALOG 05 STRING 06 GROUP_ICON 0d VERSION 10 MANIFEST 18 Constants Relative Virtual Address offset relative offset Virtual Address (requires relocation)
3.
IMAGE_DELAY_IMPORT_DESCRIPTOR 00+4 dd grAttrs 04+4
szName 08+4 phmod 0c+4 pIAT 10+4 pINT 14+4 pBoundIAT 18+4 pUnloadIAT 1c+4 dwTimeStamp IMAGE_DEBUG_DIRECTORY 00+4 Characteristics 04+4 TimeDateStamp 08+2 MajorVersion 0a+2 MinorVersion 0c+4 Type 1 Coff/2 CV-PDB/9 Borland 10+4 SizeOfData 14+4 AddressOfRawData 18+4 PointerToRawData D Delay imports 6 Debug symbols 3 Signature 7 Copyright B Bound imports 00+4 Characteristics 04+4 TimeDateStamp 08+2 MajorVersion 0a+2 MinorVersion 0c+4 Name 10+4 Base 14+4 NumberOfFunctions 18+4 NumberOfNames 1c+4 AddressOfFunctions 20+4 AddressOfNames 24+4 AddressOfNameOrdinals IMAGE_EXPORT_DIRECTORY 00+4 NameOrdinal 00+4 Name 00+4 Function <address>: <api> <ordinal> or "<dll>.<name>" for imports forwarding) “Export Table” 0 Exports <dll> <copyright string> IMAGE_BOUND_IMPORT_DESCRIPTOR 00+4 TimeDateStamp 04+2 OffsetModuleName 06+2 NumberOfModuleForwarderRefs 00+4 dwLength 04+2 wRevision 06+2 wCertificateType 08+? bCertificate [] WIN_CERTIFICATE <callback code> 64b 32b 00+8 00+4 StartAddressOfRawData 08+8 04+4 EndAddressOfRawData 10+8 08+4 AddressOfIndex 18+8 0c+4 AddressOfCallBacks 20+4 10+4 SizeOfZeroFill 24+4 14+4 Characteristics +8 +4 Callback IMAGE_TLS_DIRECTORY(32/64) 9 Thread Local Storage pointer to TLS index 00000000 IMAGE_TLS_CALLBACK(32/64) A SafeSEH IMAGE_LOAD_CONFIG_DIRECTORY(32/64) HandlerTable 00+4 Handler <exception handler code> 00+4 Size 04+4 TimeDateStamp 08+2 MajorVersion 0A+2 MinorVersion 0C+4 GlobalFlagsClear 10+4 GlobalFlagsSet 14+4 CriticalSectionDefaultTimeout 18+4 DeCommitFreeBlockThreshold 1C+4 DeCommitTotalFreeThreshold 20+4 LockPrefixTable 24+4 MaximumAllocationSize 28+4 VirtualMemoryThreshold 2C+4 ProcessAffinityMask 30+4 ProcessHeapFlags 34+2 CSDVersion 36+2 Reserved1 38+4 EditList 3C+4 SecurityCookie 40+4 SEHandlerTable 44+4 SEHandlerCount 18+8 20+8 28+8 30+8 38+8 40+8 48+4 4C+2 4E+2 50+8 58+8 60+8 68+8 64b 32b Size1 DIRECTORY.SIZE IMAGE_BASE_RELOCATION +2 TypeOffset Type:4 Offset:12 00+4 VirtualAddress 04+4 SizeOfBlock PUSH EBP PUSH offset szMyString relocation block 5 Relocations IMAGE_REL_BASED_HIGHLOW 3 offset IMAGE_IMPORT_DESCRIPTOR 00+4 OriginalFirstThunk/Characteristics 04+4 TimeDateStamp 08+4 ForwarderChain 0c+4 Name 10+4 FirstThunk IMAGE_IMPORT_BY_NAME 00+2 Hint 02+1 Name[*] <address> <library> <api> <hint> IMAGE_THUNK_DATA(32/64) +8 +4 AddressOfData /Ordinal/ForwarderString/Function IMAGE_THUNK_DATA(32/64) +8 +4 AddressOfData /Ordinal/ForwarderString/Function C IAT 1 Imports Kernel32.dll 4 Exceptions 00+4 FunctionStart 04+4 FunctionEnd 08+4 UnwindInfo RUNTIME_FUNCTION UNWIND_INFO 00+1 Version/Flags :3 :5 01+1 SizeOfProlog 02+1 CountOfCodes 03+1 FrameRegister/Offset :4 :4 ??+4 ExceptionHandler/FunctionEntry +4 ExceptionData[] UNWIND_CODE 00+1 CodeOffset 01+1 UnwindOp/Opinfo :4 :4 02+2 FrameOffset DIRECTORY.SIZE(requireD)
4.
Size1Size1 <Resource data> Icons RT_ICON
3 <header-less .ICO data> Manifest RT_MANIFEST 24 <XML file> example: <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0' /> Resources (data itself) Version information RT_VERSION 16 VS_VERSION_INFO VS_FIXEDFILEINFO StringFileInfo StringTable String VarFileInfo Var 00+02 wLength 02+02 wValueLength 04+02 wType 0:bin/1:text 06+2*? szKey[] "VS_VERSION_INFO" +[0-3] Padding1 ??+34 Value ??+[0-3] Padding2 ??+? Children 00+4 dwSignature 0xFEEF04BD 04+4 dwStrucVersion 08+4 dwFileVersionMS 0c+4 dwFileVersionLS 10+4 dwProductVersionMS 14+4 dwProductVersionLS 18+4 dwFileFlagsMask 1c+4 dwFileFlags 20+4 dwFileOS 24+4 dwFileType 28+4 dwFileSubtype 2c+4 dwFileDateMS 30+4 dwFileDateLS 00+2 wLength 02+2 wValueLength 0: no value 04+2 wType 0: children are binary 08+2*? szKey "StringFileInfo" +[0-3] Padding ??+? Children 00+2 wLength 02+2 wValueLength 0 = no value 04+2 wType 1 08+2*? szKey "<language ID>" +[0-3] Padding ??+? Children 00+2 wLength 02+2 wValueLength 04+2 wType 1 text 08+2*? szKey ex:"ProductName" +[0-3] Padding +2*? Value[] ex:"Notepad" 00+2 wLength 02+2 wValueLength 0 = no value 04+2 wType 08+2*? szKey "VarFileInfo" +[0-3] Padding ??+? Children 00+2 wLength 02+2 wValueLength 04+2 wType 08+2*? szKey "Translation" +[0-3] Padding +4*? Value[] 04b00h << 16 + 409h wValueLength wLength wLength wLength wLength wLength wLength 00+2 length null=no string 02+? string 16(always) Strings RT_STRING 6 Group Icons RT_GROUP_ICON 14 GRPICONDIR 00+2 idReserved always 0 - enforced 02+2 idType always 1 for icons 04+2 idCount GRPICONDIRENTRY 00+1 bWidth 01+1 bHeight 02+1 bColorCount 03+1 bReserved 04+2 wPlanes 06+2 wBitCount 08+4 dwBytesInRes 0C+2 nId Icon Id ROOT IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DIRECTORY_ENTRY 00+4 Characteristics 04+4 TimeDateStamp 08+2 MajorVersion 0a+2 MinorVersion 0c+2 NumberOfNamedEntries 0e+2 NumberOfIdEntries 00+4 Name/ID type (RT_*) 04+4 OffsetToData NamedId IMAGE_RESOURCE_DATA_ENTRY 00+4 OffsetToData 04+4 Size1 08+4 CodePage 0c+4 Reserved 2 Resources (Data Directory) language type IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DIRECTORY_ENTRY 00+4 Characteristics 04+4 TimeDateStamp 08+2 MajorVersion 0a+2 MinorVersion 0c+2 NumberOfNamedEntries 0e+2 NumberOfIdEntries 00+4 Name/ID Name/ID 04+4 OffsetToData NamedId name/IDs IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DIRECTORY_ENTRY 00+4 Characteristics 04+4 TimeDateStamp 08+2 MajorVersion 0a+2 MinorVersion 0c+2 NumberOfNamedEntries 0e+2 NumberOfIdEntries 00+4 Name/ID language 04+4 OffsetToData NamedId Resources
5.
00+4 cb 04+2 MajorRuntimeVersion 06+2
MinorRuntimeVersion 08+8 MetaData 10+4 Flags 14+4 EntryPointToken/RVA 18+8 Resources 30+8 StrongNameSignature 38+8 CodeManagerTable 40+8 VTableFixups 48+8 ExportAddressTableJumps 50+8 ManagedNativeHeader IMAGE_COR20_HEADER 00+4 Signature BSJB 04+2 MajorVersion 06+2 MinorVersion 08+4 Reserved 0C+4 VersionLength 10+? Version +2 Flags =0 +2 Streams METADATAHDR Size1 00+4 Reserved1 04+1 MajorVersion 05+1 MinorVersion 06+2 HeapOffsetSizes 07+1 Reserved2 08+8 MaskValid which tables are present 10+8 MaskSorted which tables are sorted +4 NumRows[≤64] how many rows in each table 00+4 offset 04+4 size 08+? string Stream name +? padding METADATATABLESHDR METADATASTREAMHDR 00+2 ResolutionScope 02+2 Name 04+2 Namespace TYPEREFTABLE 00+4 Flags 04+2 Name 06+2 Namespace 08+2 Extends 0A+2 FieldList 0C+2 MethodList TYPEDEFTABLE 00+4 RVA 04+2 ImplFlags 06+2 Flags 08+2 Name 0A+2 Signature 0C+2 ParamList METHODDEFTABLE 00+2 Class 02+2 Name 04+2 Signature MEMBERREFTABLE ASSEMBLYTABLE 00+4 HashAlgId 04+2 MajorVersion 06+2 MinorVersion 08+2 BuildNumber 0A+2 RevisionNumber 0C+4 Flags 10+2 PublicKey 12+2 Name 14+2 Culture 00+2 Generation 02+2 Name 04+2 Mvid 06+2 EncId 08+2 EncBaseId MODULETABLE ASSEMBLYREFTABLE 00+2 MajorVersion 02+2 MinorVersion 04+2 BuildNumber 06+2 RevisionNumber 08+4 Flags 0c+2 PublickKeyOrToken 0e+2 Name 10+2 Culture 12+2 HashValue CUSTOMATTRIBUTETABLE 00+2 Parent 02+2 Type 04+2 Value CUSTOMATTRIBUTETABLE E .NET mdtModule mdtTypeRef mdtTypeDef ... mdtMethodDef ... mdtMemberRef mdtCustomAttribute ... mdtAssembly mdtAssemblyRef ... MetaStream (#~) String (#Strings) ¨mscorlib0¨ ¨System0¨ ¨Object0¨ ... User String (#US) ¨Hello World!0¨ ... Blob (#Blob) publickeytoken signature ... Stream <Stream content> always 1st Disclamer: this is only a subset of .Net structures - the required ones to make a working executable. .NET
Baixar agora