Windows executable files are defined by a specification known as the Portable Executable file format.
PE files typically have file extensions of exe, dll, sys, scr, …
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
The structure of a PE file is roughly as follows:
NT Header NT Signature (0x50450000) File Header Optional Header
0xRick’s blog has several articles with deep dives into the PE file format: https://0xrick.github.io/
Links to this note
- binary file
- borges2021
- compiler
- Data Directory
- DOS Header
- Dynamic Link Library
- executable file
- Export Directory
- File Header
- Import Address Table
- NT Header
- objcopy
- Optional Header
- PE entry redirection
- PE Sections
- PE Studio
- PPEE
- relocation directory
- sections (PE)
- TLS directory
- TLS directory injection
- TLS initialization callback
- UPX
- VXadventure-amethystbasilisk2024