Reverse Engineering
PE Format
The Windows operating system uses the Portable Executable (PE) format for the following types of executable files: .acm, .ax, .cpl, .dll, .drv, .efi, .exe, .mui, .ocx, .scr, .sys, .tsp
Tools
PE Studio
PEBear
dumpbin /headers <path-to-exe>
Sections
.text: Contains executable code
.rdata: Contains read-only code
.data: Contains Application/module global variables
.pdata: Information about exceptions.
.rsrc: Contains objects such as pictures, icons, manifest files or other PE files.
.reloc: Relocation information. Allows windows loader to safely load a DLL with a randomized address space.
Last updated