tags:

views:

57

answers:

3
+1  Q: 

Portable executable structure explanation

I am learning the structure of a portable executable. I went through the MSDN article but I am a bit confused about it. I have some confusion with their precise stucture and its functionality.

Can anybody help me or please refer me to a nice article for this?

+1  A: 

This is the official current PE/COFF spec from MSFT: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx

Alex K.  2010-05-18 11:41:48
some other article please..
kiddo  2010-05-18 12:04:48
http://en.wikipedia.org/wiki/Portable_ExecutableSee "External Links" @ the bottom.
Alex K.  2010-05-18 12:11:40
i went through those links before..but anyhow thanks for ur help
kiddo  2010-05-18 12:28:26
+1  A: 

For a more discursive approach than official specs, you should really have a look at Matt Pietrek article "An In-Depth Look into the Win32 Portable Executable File Format" (part 1, part 2). It is explained quite well, and it's much more readable than the dry, official style of the specs.

Matteo Italia  2010-05-18 15:34:16
A: 

You should take a look to the excellent representation of the PE Format at http://www.openrce.org/reference_library/files/reference/PE%20Format.pdf.

Some (64Bits) fields are missing, but it is up to 99% close to the reality.

I used this schema to work on a product to analyze PE Files, which you can be download at www.winitor.net/en/pestudio.html. Hope it helps.

marc ochsenmeier  2010-07-17 16:04:47
Marc,I appreciate that u replied me...I went throu your product..its not so good when compared with other products CFF explorer/PE explo..I tired to explore an exe,with alot of functions exported but it says there is no exported function in that particular exe...UI is not really flexible to use/its so big..hope u take my feedback in healthy way..best of luck.
kiddo  2010-07-19 08:16:27
Thanks for your input about PeStudio. I guess you saw that it has been updated. The UI needs to change, I know.
marc ochsenmeier  2010-09-03 19:36:21
Unique in PeStudio is not the UI but the fact that it is based on a PE parser (peparser.dll) that is fully OOD-oriented.
marc ochsenmeier  2010-09-03 19:38:51
just to mention that PeStudio has been updated.
marc ochsenmeier  2010-10-21 20:26:42

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)