Posted November 1, 201014 yr Peering Inside the PE: A Tour of the Win32 Portable Executable File FormatThe format of an operating system's executable file is in many ways a mirror of the operating system. Although studying an executable file format isn't usually high on most programmers' list of things to do, a great deal of knowledge can be gleaned this way. In this article, I'll give a tour of the Portable Executable (PE) file format that Microsoft has designed for use by all their Win32®-based systems: Windows NT®, Win32s™, and Windows® 95. The PE format plays a key role in all of Microsoft's operating systems for the foreseeable future, including Windows 2000. If you use Win32s or Windows NT, you're already using PE files. Even if you program only for Windows 3.1 using Visual C++®, you're still using PE files (the 32-bit MS-DOS® extended components of Visual C++ use this format). In short, PEs are already pervasive and will become unavoidable in the near future. Now is the time to find out what this new type of executable file brings to the operating system party.I'm not going to make you stare at endless hex dumps and chew over the significance of individual bits for pages on end. Instead, I'll present the concepts embedded in the PE file format and relate them to things you encounter everyday.MSDNmsdn-microsoft-com(6).pdf
November 1, 201014 yr This is really nice, it actually supplements the 8.2 MS spec doc giving a good abstract view before learning all specs.Learning PE format should be suggested before any reversing tutorials, cause not knowing it just makes something already time consuming and difficult even more so.
Create an account or sign in to comment