PE file?

  • PE file format is used by the Windows executable files
  • Such as .exe, .dll, .sys, .ocx, and .drv
  • A series of structures and sub-components that contain the information required by the operating system to load it into memory.

Features of the PE structure

  • It detaches the code and the data in sections.
  • Each section has separate memory permissions.
  • The file is expandable in memory (less size on a hard disk).
  • Supports dynamic linking (via export and import tables).
  • Supports relocation.
  • Supports resource section.
  • Portable for multiple processors, subsystems, and types of files.

When the binary is executed

  • The operating system loader reads the information from the PE header.
  • Load the binary content from the file into the memory.
  • The PE header contains information such as
    • where the executable needs to be loaded into memory
    • the address where the execution starts
    • the list of libraries/functions on which the application relies on
    • the resources used by the binary