Basic Structure of PE files-1 Overview and DOS Header

1 Overview
View history. com files, exe files, and Le-format executable files (linear executable/linear executable files). VxD drivers in Windows 9x also use LE format, because these drivers also contain both 16-bit and 32-bit code.

In Windows 9x, Windows NT, and Windows 2000, all 32-bit executable files use a new file format designed by Microsoft-PE format (portable executable file format/portable execution body ).

The basic structure of the PE file 17.1 is shown. In the PE file, data such as code, initialized data, resources, and relocation information are classified into different sections by attribute, the attributes and positions of each section are described using an image_section_header structure. All image_section_header structures constitute a section table ), the section table data is placed before all the section data in the PE file. We know that in Win32, you can specify executable, read/write, and other attributes for each memory page, the PE file classifies the data with the same attributes to uniformly describe the page attributes after the data is loaded into the memory.

Because the data is stored in the section according to the attributes, data with the same attributes for different purposes (such as import table, export table, and. the read-only data specified by the const segment may be stored in the same section. Therefore, the PE file also uses a series of data directory structure image_data_directory to specify the location of the data respectively, the data in the data directory table and the data in other description file attributes are collectively referred to as the PE File Header, which is placed before the section and section table.

These parts are actually used in the PE file for Win32. to be compatible with the file format of the DOS system, A standard executable dos MZ format is added before this part. All these parts are combined to form the current PE file. The following sections describe these components.

The dos part in the PE file is composed of the file header in MZ format and the executable code part. The executable code is called "Dos Stub ). In general, The Execution Code of the DOS section simply displays a "this program cannot be run in DOS mode." And exits. This simple code is automatically generated by the compiler.

The file header in MZ format is defined by the image_dos_header structure:

_ Image_dos_header = packed record {dos. EXE header}
E_magic: word; {magic number}
E_cblp: word; {bytes on last page of file}
E_cp: word; {pages in file}
E_crlc: word; {relocations}
E_cparhdr: word; {size of header in paragraphs}
E_minalloc: word; {minimum extra paragraphs needed}
E_maxalloc: word; {maximum extra paragraphs needed}
E_ss: word; {initial (relative) SS value}
E_sp: word; {initial sp value}
E_csum: word; {checksum}
E_ip: word; {initial IP value}
E_cs: word; {initial (relative) Cs value}
E_lfarlc: word; {file address of relocation table}
E_ovno: word; {overlay number}
E_res: array [0 .. 3] of word; {Reserved Words}
E_oemid: word; {OEM identifier (for e_oeminfo )}
E_oeminfo: word; {OEM information; e_oemid specific}
E_res2: array [0 .. 9] of word; {Reserved Words}
_ Lfanew: longint; {file address of New EXE header}
End;
Timagedosheader = _ image_dos_header;
Image_dos_header = _ image_dos_header;