About PE File #2

Preview:

Click to see full reader

Citation preview

About PE file #2

pyutic

1

PE file structureHeader

Real-Data

2

PE file structureHeader

Real-Data

DOS Header

NT Header

Section Header

Section Data

Section Data

Section Data

3

Offset? VA? RVA?

Offset

VA(Virtual Address)

ImageBase + RVA

RVA(Relative Virtual Address)

4

Header -DOS Header-

PE file can be used for ‘DOS OS’

DOS Header

DOS Stub NT Header

DOS! NO!

5

Header -DOS Header-

PE file can be used for ‘DOS OS’

DOS Header

DOS Stub

NT Header

6

Header -NT Header-

Many things are in here!

Machine

Sections Information

Characteristic

Entry Point

Image Base

SubSystem

Data Directory

7

Header -NT Header ~ Data Directory-

RVA & Size

Import Directory

Export Directory

Relocation Directory

Resource Directory

8

How packer works

9

Original Binary

Header

Section

Section

Section

How packer works

10

Original Binary

Header

Section #1

Section #2

Section #3

Packed Binary

Header

Section #1

Section #2

Section #3

How packer works -UPX-

11

Original Binary

How packer works -UPX-

12

After Packing

Why UPX0 is?

Thanks !pyutic@gmail.com

13

Recommended

pe pe pere pe pe
Documents
Room: PE Hall - 594m2 & Ancillary - PE Equipment - … · Web viewTitle Room: PE Hall - 594m2 & Ancillary - PE Equipment - PE594 - Equipment List & Specification (File Format Word
Documents
Tales from the Trenches - Spearphishing Takeout · TALES FROM THE TRENCHES Spearphishing Takeout FULL STORY 3 About DUOBEAN DUOBEAN malwareconsists of a PE file without header, and
Documents
Primary physical education (PE): School leader … 1 of 32 EDUCATIONAL LEADERSHIP & MANAGEMENT | RESEARCH ARTICLE Primary physical education (PE): School leader perceptions about classroom
Documents
Code fusion information-hiding algorithm based on PE file
Documents
Reversing & malware analysis training part 3 windows pe file format basics
Technology
5G Transport - Standardization Timetable (Draft) · 2018-07-13 · SGSN 2G MSC 2G a) b) c) PE PE PE PE PE PE P P [4] Abis Abis. TNL PW or TNL LSP T-PE S-PE T-PE S-PE P T-PE. e) f)
Documents
PE Course File 09
Documents
UNIVERSITAS INDONESIA NOMINA BERAFIKS PE- PER- PE--AN, …lib.ui.ac.id/file?file=digital/20160984-RB01R194n-Nomina berafiks.pdf · Tata. Bahasa Melayu/ Indonesia..... 13. 2.2.1. J.J
Documents
PE File Format Compendium 1.1 (by Goppit, ARTeam)
Documents
Positioniereinheit PE 4 / PE 2/X Position unit PE4 / PE 2 ...€¦ · Unidad de posicionamiento PE 4 / PE 2/X Unidade de posicionamento PE 4 / PE 2/X PE 4 (3 842 998 067) PE 2/X (3
Documents
SERVICE MANUAL AIR-CONDITIONER S - Heronhill … SERVICE MANUAL FILE NO. A90-9608 AIR-CONDITIONER RAV-362B-PE/RAV-363A8-PE RAV-462B-PE/RAV-463A8-PE SPLIT BUILT-IN DUCT TYPE RAV-362U-PE/RAV-363A8-PE
Documents
Lost in the Loader:The Many Faces of the Windows PE File
Documents
Taxation of Permanent Establishment (PE) in China - wts.com · Taxation of Permenant Establishment (PE) in China | 2016 About WTS ... building sites, construction or installation
Documents
About PE File #1
Technology
MEDICAL ASSISTANCE BULLETIN M… · PE determinations about revisions to the procedure used for determining PE eligibility and to advise of the requirement to complete the revised
Documents
Data/Frame Memory PE 0 PE 1 PE 2 PE 3 PE N Control Instruction Memory Interconnect The SIMD Concept
Documents
PE File Structure - Curlybrace File Structure.pdf · PE File Structure The "portable executable file format" ... This makes a PE file an MS-DOS executable. ... base linker default
Documents
Kansas Levee Certifications Assessments, Findings and ...Introductions Presenters Doug Danaher, PE, CFM –Wilson and Company Joe File, PE, CFM –AMEC Brian Clennan, PE –City of
Documents
Private equity roundup India - Building a better working ...FILE/EY-PE_roundup_India.pdf · For additional information about PE investment in India and other emerging economies,
Documents