I made analysis of Binary Data to find the structure of executables and undestand its content for x86 architectures.
I reversed Engineered the binary files.
There's an MS-DOS 2.0 Compatible EXE Header.
At location 0x3c, the stub has the file offset to the PE signature.
Then it is the PE signature which is: "PE\0\0".
Then it is a standard COFF File Header:
Then it is the optional header and depending on the PE format it can be PE32 or a PE32+:
The standard Fields have the Magic Number and the size of the code section:
Then it is Windows Specific Directories which are more but it can´t be seen here:
Then there are a bunch of Data Directories and after that there are section tables.
You have to find the .text section.
No comments:
Post a Comment