Help - Search - Members - Calendar
Full Version: What are PE files ? .NET PE Files ?
Gladiator Security Forum > General Security > Security for beginners
Hunter
Oct 20 2003, 02:45 PM
Background -- PE Files
Almost every Windows executable, DLL or EXE, is a Portable Executable (PE) format file. Although there is little in the PE format that lends itself to .NET, in the current implementation of .NET all assemblies are contained in special PE format files, which have some traditional bits left out and quite a lot of new bits put in.

Very generally, a PE file consists of a PE header, which contains a list of Data Directory entries, and a number of Sections which are defined just after the PE header. Not all the Data Directories have meaning in a .NET file, and not many Sections are present either. Nevertheless, those that remain are still important -- in particular, the last Data Directory entry points to the start of .NET information.

Background -- .NET PE Files
The real starting point of a PE file, from the .NET point of view, is the COR20 Header, which tells the .NET runtime where to find the metadata. The COR20 header, like the PE header, specifies some Data Directories, as well as the entry point for the assembly. Most of these Data Directories point to things like fixup information which is not useful for examining the assembly, but one of them points to the start of the Metadata Streams.
DaSilva
Mar 1 2004, 10:14 AM
QUOTE (Hunter @ Oct 20 2003, 02:45 PM)
Background -- PE Files
Almost every Windows executable, DLL or EXE, is a Portable Executable (PE) format file. Although there is little in the PE format that lends itself to .NET, in the current implementation of .NET all assemblies are contained in special PE format files, which have some traditional bits left out and quite a lot of new bits put in.

Very generally, a PE file consists of a PE header, which contains a list of Data Directory entries, and a number of Sections which are defined just after the PE header. Not all the Data Directories have meaning in a .NET file, and not many Sections are present either. Nevertheless, those that remain are still important -- in particular, the last Data Directory entry points to the start of .NET information.

Background -- .NET PE Files
The real starting point of a PE file, from the .NET point of view, is the COR20 Header, which tells the .NET runtime where to find the metadata. The COR20 header, like the PE header, specifies some Data Directories, as well as the entry point for the assembly. Most of these Data Directories point to things like fixup information which is not useful for examining the assembly, but one of them points to the start of the Metadata Streams.


You forgot the quote marks :)

The original article is here:


http://www.jbrowse.com/products/asmex/
Hunter
Mar 1 2004, 01:44 PM
Thanks DaSilva,

Actually I had that in a notepad long time ago and did not save the link when I started using that tool. So lets give him a plug for the product and also the other ones found at this link.. :thumb:


http://www.jbrowse.com/
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.