Portable Executable (PE)

The Portable Executable (PE) file format is mainly used on Windows for executable files (.exe) or dynamically linked libraries (DLL).

Common PE sections include:

  • .text: executable code
  • .data: variables
  • .rdata: constants
  • .pdata: imported functions
  • .pdata: exported functions

These can be visualized from pestudio.

We can examine DLL imports with CFF Explorer (πŸ‘»).

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.