[INFO] Peering Inside the PE

[sirp]

Peering Inside the PE: A Tour of the Win32 Portable Executable File Format

The format of an operating system's executable file is in many ways a mirror of the

operating system. Although studying an executable file format isn't usually high on most

programmers' list of things to do, a great deal of knowledge can be gleaned this way. In this

article, I'll give a tour of the Portable Executable (PE) file format that Microsoft has

designed for use by all their Win32®-based systems: Windows NT®, Win32s™, and Windows® 95.

The PE format plays a key role in all of Microsoft's operating systems for the foreseeable

future, including Windows 2000. If you use Win32s or Windows NT, you're already using PE

files. Even if you program only for Windows 3.1 using Visual C++®, you're still using PE files

(the 32-bit MS-DOS® extended components of Visual C++ use this format). In short, PEs are

already pervasive and will become unavoidable in the near future. Now is the time to find

out what this new type of executable file brings to the operating system party.

I'm not going to make you stare at endless hex dumps and chew over the significance of

individual bits for pages on end. Instead, I'll present the concepts embedded in the PE file

format and relate them to things you encounter everyday.

MSDN

msdn-microsoft-com(6).pdf

[chickenbutt]

This is really nice, it actually supplements the 8.2 MS spec doc giving a good abstract view before learning all specs.

Learning PE format should be suggested before any reversing tutorials, cause not knowing it just makes something already time consuming and difficult even more so.