About PE File #2

13
About PE file #2 pyutic 1

Transcript of About PE File #2

Page 1: About PE File #2

About PE file #2

pyutic

1

Page 2: About PE File #2

PE file structureHeader

Real-Data

2

Page 3: About PE File #2

PE file structureHeader

Real-Data

DOS Header

NT Header

Section Header

Section Data

Section Data

Section Data

3

Page 4: About PE File #2

Offset? VA? RVA?

Offset

VA(Virtual Address)

ImageBase + RVA

RVA(Relative Virtual Address)

4

Page 5: About PE File #2

Header -DOS Header-

PE file can be used for ‘DOS OS’

DOS Header

DOS Stub NT Header

DOS! NO!

5

Page 6: About PE File #2

Header -DOS Header-

PE file can be used for ‘DOS OS’

DOS Header

DOS Stub

NT Header

6

Page 7: About PE File #2

Header -NT Header-

Many things are in here!

Machine

Sections Information

Characteristic

Entry Point

Image Base

SubSystem

Data Directory

7

Page 8: About PE File #2

Header -NT Header ~ Data Directory-

RVA & Size

Import Directory

Export Directory

Relocation Directory

Resource Directory

8

Page 9: About PE File #2

How packer works

9

Original Binary

Header

Section

Section

Section

Page 10: About PE File #2

How packer works

10

Original Binary

Header

Section #1

Section #2

Section #3

Packed Binary

Header

Section #1

Section #2

Section #3

Page 11: About PE File #2

How packer works -UPX-

11

Original Binary

Page 12: About PE File #2

How packer works -UPX-

12

After Packing

Why UPX0 is?

Page 13: About PE File #2

Thanks [email protected]

13


17 Facts About Thankfulness - 1 File Download

17 Facts About Thankfulness - 1 File Download

PE File Header

PE File Header

bpatp.litbang.pertanian.go.idbpatp.litbang.pertanian.go.id/balaipatp/assets/upload/download/file/... · PETUNJUK PE-NYUSUNAN KELENGKAPAN DOI

bpatp.litbang.pertanian.go.idbpatp.litbang.pertanian.go.id/balaipatp/assets/upload/download/file/... · PETUNJUK PE-NYUSUNAN KELENGKAPAN DOI

About This File: This file was created by scanning the ...

About This File: This file was created by scanning the ...

Code fusion information-hiding algorithm based on PE file ...

Code fusion information-hiding algorithm based on PE file ...

Reasoning About POSIX File Systems

Reasoning About POSIX File Systems

Tales from the Trenches - Spearphishing Takeout · TALES FROM THE TRENCHES Spearphishing Takeout FULL STORY 3 About DUOBEAN DUOBEAN malwareconsists of a PE file without header, and

Tales from the Trenches - Spearphishing Takeout · TALES FROM THE TRENCHES Spearphishing Takeout FULL STORY 3 About DUOBEAN DUOBEAN malwareconsists of a PE file without header, and

About PE File #1

About PE File #1

Book About Bcp 31.8.20 web file

Book About Bcp 31.8.20 web file

File Formats About graphic file formats And image compression.

File Formats About graphic file formats And image compression.

What statistical analysis should I use? 1 Thursday, 13 August 201510:21 PM Introduction About the A data file About the B data file About the C data file.

What statistical analysis should I use? 1 Thursday, 13 August 201510:21 PM Introduction About the A data file About the B data file About the C data file.

About This File: This file was created by scanning the ... · About This File: This file was created by scanning the printed publicat ion. Misscans identified by the software have

About This File: This file was created by scanning the ... · About This File: This file was created by scanning the printed publicat ion. Misscans identified by the software have

About This File: This file was created by scanning the printed

About This File: This file was created by scanning the printed

ECONOMIA BAZATĂ PE CUNOAȘTERE – UNITĂȚI DE …scoalagimnazialabelin.wikispaces.com/file/view/Anexa_2-Sablon... · ECONOMIA BAZATĂ PE CUNOAȘTERE – UNITĂȚI DE ÎNVĂȚARE

ECONOMIA BAZATĂ PE CUNOAȘTERE – UNITĂȚI DE …scoalagimnazialabelin.wikispaces.com/file/view/Anexa_2-Sablon... · ECONOMIA BAZATĂ PE CUNOAȘTERE – UNITĂȚI DE ÎNVĂȚARE

SERVICE MANUAL AIR-CONDITIONER S - Heronhill … SERVICE MANUAL FILE NO. A90-9608 AIR-CONDITIONER RAV-362B-PE/RAV-363A8-PE RAV-462B-PE/RAV-463A8-PE SPLIT BUILT-IN DUCT TYPE RAV-362U-PE/RAV-363A8-PE

SERVICE MANUAL AIR-CONDITIONER S - Heronhill … SERVICE MANUAL FILE NO. A90-9608 AIR-CONDITIONER RAV-362B-PE/RAV-363A8-PE RAV-462B-PE/RAV-463A8-PE SPLIT BUILT-IN DUCT TYPE RAV-362U-PE/RAV-363A8-PE

Part III - Windows PE File Format Basics

Part III - Windows PE File Format Basics

About School of PE - PE Exam Review - PE License - School ...

About School of PE - PE Exam Review - PE License - School ...

PE Course File 09

PE Course File 09

MD5 File Validation - cisco.com · Information About MD5 File Validation MD5 File Validation Overview TheMD5FileValidationfeatureprovidesamechanismforuserstoverifythatsystemimagefilesarenot

MD5 File Validation - cisco.com · Information About MD5 File Validation MD5 File Validation Overview TheMD5FileValidationfeatureprovidesamechanismforuserstoverifythatsystemimagefilesarenot

PE(Portable Executable) File 구조

PE(Portable Executable) File 구조