PE (Portable Exec utable) is in Win32 executable files comply with the data format.
Utable : it is used to indicate the type of user field
Common executable files (such as "* .exe" file and "* .dll" files) are typical PE file.
An executable file that contains only the binary machine code, but also comes with a lot of other information, such as strings, menus, icons, bitmaps, fonts and so on.
PE file format defines how to organize all this information in the executable file. When the program is executed, the operating system will go to the appropriate place according to the agreed PE file format accurately position the various types of resources, and respectively, into a different area of memory. Without this common file format conventions, imagine an executable file into memory will become how difficult things!
PE file format to the executable file into several data sections (section), different resources are stored in different sections.
A typical PE file contains the following sections.
.text generated by the compiler, the storage of binary machine code, but also we disassemble and commissioning of the object.
.data initialization data block, such as macro definitions, global variables, static variables and the like.
Information foreign function with a dynamic link library files, etc. .idata executable file being used.
Resources .rsrc store programs, such as icons, menus, and so on.
In addition, also possible section includes ".reloc", ". Edata" , ". Tls", ". Rdata" and so on.
题外话:如果是正常编译出的标准 PE 文件,其节信息往往是大致相同的。但这些
section 的名字只是为了方便人的记忆与使用,使用 Microsoft Visual C++中的编译指示
符#pragma dat a_seg()可以把代码中的任意部分编译到 PE 的任意节中,节名也可以自
己定义。如果可执行文件经过了“加壳”处理,PE 的节信息就会变得非常“古怪”。
在 Crack 和反病毒分析中需要经常处理这类古怪的 PE 文件。From: [book] 0day security - software vulnerability analysis techniques - Second Edition
