Inside the PE File Format
The Hidden Structure of Windows Executables
Inside the PE File Format
Introduction
The main purpose of this post is to provide an overview of the Portable Executable (PE) file format. This format is fundamental to the Windows operating system, as it defines the structure of executable files, object code, and DLLs. In this post, we will explore the key components of the PE file format and explain how they are used by the Windows loader during program execution.
PE files
- The Portable Executable (PE) is the file format used by Windows 0S for executables, object code, and dynamic-link libraries (DLLs).
- It serves as a standardized structure for files that the Windows loader can read → load into memory → execute.
- Example of PE file:
notepad.exekernel32.dlldrivers.sys
PE Structure
The diagram below shows a simplified structure of a Portable Executable file
When opened with PE-bear, we will see the same structure:
DOS Header (IMAGE_DOS_HEADER)
This post is licensed under CC BY 4.0 by the author.