Windows executable files are defined by a specification known as the Portable Executable file format.
PE files typically have file extensions of exe, dll, sys, scr, …
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
The structure of a PE file is roughly as follows:
NT Header NT Signature (0x50450000) File Header Optional Header
0xRick’s blog has several articles with deep dives into the PE file format: https://0xrick.github.io/
Links to this note
- armouringtheelf-grugq_scut2001
- .text section
- section
- hiddenwasp-intezer2019
- incidentresponse-luttgens2014
- linenoise-phrack71-2024
- malware development essentials-sektor7
- metasploit shellcode grows up: encrypted and authenticated C shells-pace2019
- PE entry redirection
- VXadventure-amethystbasilisk2024
- executable file
- objcopy
- borges2021
- UPX
- falseflags-kaspersky2017
- PE Sections
- binary file
- compiler
- Data Directory
- DOS Header
- Dynamic Link Library
- Export Directory
- File Header
- imphash
- Import Address Table
- NT Header
- Optional Header
- PE Studio
- PEBear
- PPEE
- relocation directory
- sections (PE)
- TLS directory
- TLS directory injection
- TLS initialization callback