Author of this series: Zi Ming Source: BKJIA
When it comes to reverse thinking, more people consider that since it is reverse, we should push the reverse or vice versa. In fact, this is not the case. Here we will talk about a more in-depth study of the windows writing mechanism, to better study their security, who makes Microsoft so conservative? Although some windows code has been exported, there are still more secrets worth exploring and new discoveries every day, as the first step of reverse analysis, we will first learn what pe files are?
Understanding of pe
PE is short for Portable Executable File Format, which is the mainstream Executable File Format on Windows.
Pe File Format
PE ("portable executable") file format is for MS windows NT, windows 95 and win32s executable binary code (DLLs and programs ). In windows NT, the driver is also in this format and can also be used for object files and libraries.
This format was designed by Microsoft and standardized by the TIS (tool interface standard) Committee (Microsoft, Intel, Borland, Watcom, IBM, etc.) in 1993. It is based on the format of the object file running on UNIX and VMS and the COFF "common object file format" of the executable file.
Pe format Structure
| 498) this. style. width = 498; "border = 0> |
The above is the first course of Reverse Analysis and the understanding of pe. Next we will take the Software Protection A-shell
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
