The section from the MS-DOS 2.0 Compatible EXE Header through to the unused section just before the PE header is the MS-DOS 2.0 Section, and is used for MS-DOS compatibility only. The following list describes the Microsoft PE executable format, with the base of the image header at the top. A VA is not as predictable as an RVA because the loader might not load the image at its preferred location. For almost all purposes, a VA should be considered just an address.
Pe explorer v2 windows#
The address is called a VA because Windows creates a distinct VA space for each process, independent of physical memory. Same as RVA, except that the base address of the image file is not subtracted. In addition, an image file can contain a number of sections, such as. All the raw data in a section must be loaded contiguously. A section is similar to a segment in Intel 8086 architecture.
Pe explorer v2 code#
With more sections, there is more file overhead, but the linker is able to link in code more selectively. For example, all code in an object file can be combined within a single section or (depending on compiler behavior) each function can occupy its own section. The basic unit of code or data within a PE or COFF file. For simplicity, a compiler should just set the first RVA in each section to zero. In this case, an RVA would be an address within a section (described later in this table), to which a relocation is later applied during linking. In an object file, an RVA is less meaningful because memory locations are not assigned. The RVA of an item almost always differs from its position within the file on disk (file pointer). In an image file, this is the address of an item after it is loaded into memory, with the base address of the image file subtracted from it. The term "object file" does not necessarily imply any connection to object-oriented programming.Ī description of a field that indicates that the value of the field must be zero for generators and consumers must ignore the field. The linker produces an image file, which in turn is used as input by the loader. In other words, this is a position within the file as stored on disk.Ī reference to the linker that is provided with Microsoft Visual Studio.Ī file that is given as input to the linker. The location of an item within the file itself, before being processed by the linker (in the case of object files) or the loader (in the case of image files). If the stamp value is 0 or 0xFFFFFFFF, it does not represent a real or meaningful date/time stamp. For exceptions, see the descripton of IMAGE_DEBUG_TYPE_REPRO in Debug Type. In most cases, the format of each stamp is the same as that used by the time functions in the C run-time library.
This document describes details about attribute certificates other than to allow for their insertion into image files.Ī stamp that is used for different purposes in several places in a PE or COFF file. The statement can be verified as being made by the manufacturer by using public or private key cryptography schemes.
Therefore, it is very difficult to modify a file to have the same message digest as the original file. A message digest is similar to a checksum except that it is extremely difficult to forge.
Pe explorer v2 software#
A number of different verifiable statements can be associated with a file one of the most useful ones is a statement by a software manufacturer that indicates what the message digest of the image is expected to be. The name "Portable Executable" refers to the fact that the format is not architecture specific.Ĭertain concepts that appear throughout this specification are described in the following table: NameĪ certificate that is used to associate verifiable statements with an image.
Pe explorer v2 portable#
These files are referred to as Portable Executable (PE) and Common Object File Format (COFF) files, respectively. This document specifies the structure of executable (image) files and object files under the Microsoft Windows family of operating systems. This revision of the Microsoft Portable Executable and Common Object File Format Specification replaces all previous revisions of this specification. Microsoft reserves the right to alter this document without notice. This document is provided to aid in the development of tools and applications for Windows but is not guaranteed to be a complete specification in all respects.
0 kommentar(er)
