Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
23 views8 pages

9 Section Headers

9 Section Headers

Uploaded by

anand-1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views8 pages

9 Section Headers

9 Section Headers

Uploaded by

anand-1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

PE file structure

MS-DOS Header
MS-DOS stub

calc.exe PE Headers

The Section Headers define the characteristics of each section in a PE file,


Section Headers such as code, data, and resources, specifying their size, location, and
access permissions

Sections :
.text
.rdata
.data Sections
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
2E 74 65 78 74 00 00 00 D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 2E 72 64 61 74 61 00 00
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
2E 64 61 74 61 00 00 00 B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 2E 70 64 61 74 61 00 00
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
2E 72 73 72 63 00 00 00 10 47 00 00 00 50 00 00
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00
Sections : 00 00 00 00 40 00 00 40 2E 72 65 6C 6F 63 00 00
.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42
.data Sections
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
. t ext D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 . r d a t a
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.dat a B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 . p d a t a
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.rsrc 10 47 00 00 00 50 00 00
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00
Sections : 00 00 00 00 40 00 00 40 . r e l o c
.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42
.data
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
. t ext D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 . r d a t a
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.dat a B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 . p d a t a
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00 Virtual Size
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.rsrc 10 47 00 00 00 50 00 00 This is the size of the section in memory when loaded.
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00 It represents the actual size needed by the section at runtime.

Sections : 00 00 00 00 40 00 00 40 . r e l o c
.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42
.data
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
. t ext D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 . r d a t a
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.dat a B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 . p d a t a
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00 Virtual Address
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.rsrc 10 47 00 00 00 50 00 00 This is the virtual address of the section in memory when
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00 loaded.

Sections : 00 00 00 00 40 00 00 40 . r e l o c
.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42
.data
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
. t ext D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 . r d a t a
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.dat a B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 . p d a t a
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00 Size of Raw Data
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.rsrc 10 47 00 00 00 50 00 00 This is the size of the section stored on disk.
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00
Sections : 00 00 00 00 40 00 00 40 . r e l o c
.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42
.data
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
. t ext D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 . r d a t a
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.dat a B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 . p d a t a
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00 Pointer to Raw Data
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.rsrc 10 47 00 00 00 50 00 00 This field tells you where the section’s data starts in
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00 the file (on disk).
Sections : 00 00 00 00 40 00 00 40 . r e l o c
.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42
.data
.pdata
.rsrc
.reloc

https://t.me/learningnets
PE file structure winnt.h

typedef struct _IMAGE_SECTION_HEADER


{
BYTE Name[8];
union
{ DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
MS-DOS Header DWORD VirtualAddress;
DWORD SizeOfRawData;
MS-DOS stub DWORD PointerToRawData;
DWORD PointerToRelocations;
. t ext D0 0B 00 00 00 10 00 00 DWORD PointerToLinenumbers;
00 0C 00 00 00 04 00 00 00 00 00 00 00 00 00 00 WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
calc.exe PE Headers 00 00 00 00 20 00 00 60 . r d a t a
76 0C 00 00 00 20 00 00 00 0E 00 00 00 10 00 00
DWORD Characteristics;
} IMAGE_SECTION_HEADER
00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
.dat a B8 06 00 00 00 30 00 00
00 02 00 00 00 1E 00 00 00 00 00 00 00 00 00 00
00 00 00 00 40 00 00 C0 . p d a t a The Characteristics field in the PE section header is a set of flags that
F0 00 00 00 00 40 00 00 00 02 00 00 00 20 00 00
Section Headers 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40
describe the attributes of a section. These flags indicate whether the
section contains code , data , uninitialized data, or special properties
.rsrc 10 47 00 00 00 50 00 00
00 48 00 00 00 22 00 00 00 00 00 00 00 00 00 00 like write protection or execution permissions.

Sections : 00 00 00 00 40 00 00 40 . r e l o c 0x00000020 Section contains executable code.


.text 2C 00 00 00 00 A0 00 00 00 02 00 00 00 6A 00 00 0x00000040 Section contains initialized data.
.rdata 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 0x00000080 Section contains uninitialized data
.data 0x20000000 Section can be executed
.pdata 0x40000000 Section can be read.
.rsrc 0x80000000 Section can be written to.
.reloc 0x02000000 Section can be discarded after loading.
0x10000000 Section can be shared between processes.
0x04000000 Section cannot be cached in memory.

https://t.me/learningnets

You might also like