Reverse Engineering

PE Format

The Windows operating system uses the Portable Executable (PE) format for the following types of executable files: .acm, .ax, .cpl, .dll, .drv, .efi, .exe, .mui, .ocx, .scr, .sys, .tsp

  • Tools

    • PE Studio

    • PEBear

    • dumpbin /headers <path-to-exe>

Sections

  • .text: Contains executable code

  • .rdata: Contains read-only code

  • .data: Contains Application/module global variables

  • .pdata: Information about exceptions.

  • .rsrc: Contains objects such as pictures, icons, manifest files or other PE files.

  • .reloc: Relocation information. Allows windows loader to safely load a DLL with a randomized address space.

Last updated