PE document presents
PE file is an executable file format used primarily in windows operating system, PE file is a 32-bit executable file is also called an executable file called PE32,64 bit or PE32 + PE +
PE file format
| kind | Main extension |
|---|---|
| Executable type | EXE,SCR |
| Driver type | SYS,VXD |
| Library Series | DLL,OCX,CPL,DRV |
| Object File System | OBJ |
PE File Type
All files outside of strictly OBJ (object) file is executable. DLL, SYS file although it can not be run directly in the shell, but can be performed using other methods (debugger, services, etc.).
VA&RVA
VA refers to the process inside the virtual absolute address, RVA relative virtual addresses, refers to the relative address VA and RVA from a reference position (ImageBase) to start the conversion to meet the following relationship.
= VA + the ImageBase RVA
the PE is present in most of the internal information RVA form. The reason is that, PE files (mostly DLL) is loaded to a specific position when the process virtual memory, the location may have been loaded with other PE files (DLL). It must now be loaded by relocation to another position. If you use the VA, they can not access normal. Thus RVA used to locate, even if relocation occurs, as long as the relative address with respect to the reference position does not change, can be normal access.
32-bit window OS, each process allocation 4GB of virtual memory, so the value range of the process are VA 00000000 ~ FFFFFFFF