PE Format

The Windows operating system uses the Portable Executable (PE) format for the following types of executable files: .acm, .ax, .cpl, .dll, .drv, .efi, .exe, .mui, .ocx, .scr, .sys, .tsp

• Poster

• Tools

  • PE Studio

  • PEBear

  • dumpbin /headers <path-to-exe>

Sections

• .text: Contains executable code

• .rdata: Contains read-only code

• .data: Contains Application/module global variables

• .pdata: Information about exceptions.

• .rsrc: Contains objects such as pictures, icons, manifest files or other PE files.

• .reloc: Relocation information. Allows windows loader to safely load a DLL with a randomized address space.