Portable Executable
From Just Solve the File Format Problem
(Difference between revisions)
(Category:Windows) |
(Reorganized links) |
||
| Line 19: | Line 19: | ||
* [[Dynamic-link library (Windows)]] | * [[Dynamic-link library (Windows)]] | ||
| − | == | + | == Specifications and technical information == |
| − | + | ||
| − | + | ||
* [http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx Microsoft PE and COFF Specification] | * [http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx Microsoft PE and COFF Specification] | ||
| + | * [http://wiki.osdev.org/PE PE], from the OSDev Wiki | ||
* [http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile.html Article on the PE format as used by Windows NT 3], by Johannes Plachy | * [http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile.html Article on the PE format as used by Windows NT 3], by Johannes Plachy | ||
| − | |||
* [http://pe.corkami.com/ PE] (corkami.com) | * [http://pe.corkami.com/ PE] (corkami.com) | ||
** [http://pe102.corkami.com/ PE102 - a Windows executable format overview] | ** [http://pe102.corkami.com/ PE102 - a Windows executable format overview] | ||
** [https://github.com/corkami/pics/blob/master/PE101.png PE101 - a Windows executable walkthrough] | ** [https://github.com/corkami/pics/blob/master/PE101.png PE101 - a Windows executable walkthrough] | ||
| + | |||
| + | == Software and tools == | ||
* [http://www.mitec.cz/exe.html EXE Explorer utility] | * [http://www.mitec.cz/exe.html EXE Explorer utility] | ||
* [https://github.com/katjahahn/PortEx/tree/master/progs PortEx Analyzer] | * [https://github.com/katjahahn/PortEx/tree/master/progs PortEx Analyzer] | ||
| + | |||
| + | == Other links == | ||
| + | * [[Wikipedia:Portable Executable|Wikipedia article]] | ||
| + | * [http://www.forensicswiki.org/wiki/Portable_Executable_Format Forensics Wiki: Portable Executable Format] | ||
* [http://blog.didierstevens.com/2015/01/22/converting-peid-signatures-to-yara-rules/ Converting PEiD Signatures To YARA Rules] | * [http://blog.didierstevens.com/2015/01/22/converting-peid-signatures-to-yara-rules/ Converting PEiD Signatures To YARA Rules] | ||
[[Category:Microsoft]] | [[Category:Microsoft]] | ||
[[Category:Windows]] | [[Category:Windows]] | ||
Revision as of 12:31, 6 June 2017
Portable Executable (PE, PE/COFF, PE32, PE32+) is a member of the EXE family of executable file formats. It is used by the Microsoft Windows family of operating systems (starting with Windows 95 and Win32s), EFI and sometimes in other environments. It is an extension/hybrid of MS-DOS EXE, and a successor to NE. Parts of it are derived from COFF.
Despite the name, not all PE files are executable. Some contain only icons, fonts, etc.
Contents |
Formats
- PE32 format is used by 32-bit Windows.
- PE32+ format is used by 64-bit Windows.
Identification
A PE file begins with the ASCII signature "MZ". At offset 60 is a 4-byte integer pointing to an "extended" header that begins with 'P' 'E' 0x00 0x00. For more information, see MS-DOS EXE.
See also
Specifications and technical information
- Microsoft PE and COFF Specification
- PE, from the OSDev Wiki
- Article on the PE format as used by Windows NT 3, by Johannes Plachy
- PE (corkami.com)
