Exploring PE-file (EXE and DLL)
What is the PE-file format? It is the native file format of Win32. It derives some of its specifications from Unix Coff (common object file format). The meaning of portable executable is that the file format is ubiquitous across the Win32 platform; the PE loader of each Win32 platform recognizes and uses this file format, even when Windows is running on CPU platforms other than Intel. It does not imply that your PE executables can be migrated without modification to other CPU platforms. Consequently, analyzing the PE file format offers valuable insights into the Windows architecture.
The PE file format is fundamentally defined by the PE header, so you should read about that first. You don’t need to comprehend every aspect of it, but you should understand its structure and be able to identify the most essential components:
- DOS header: The DOS header contains the information required to launch PE files. Therefore, this preamble is required...