Investigating Sections in PE Files and Why They Are Important for Reverse Engineering
Вставка
- Опубліковано 18 вер 2024
- There are several topics that must be covered to gain a practical, yet comprehensive, understanding of the portable executable file format. In this video, we'll cover one of the more important - sections. We'll discuss what they are, how they differ on-disk and in-memory, and how they are aligned. We'll use structures defined by Micrsoft, such as the IMAGE_SECTION_HEADER, to further our understanding.
Cybersecurity, reverse engineering, malware analysis and ethical hacking content!
🎓 Courses on Pluralsight 👉🏻 www.pluralsigh...
🌶️ UA-cam 👉🏻 Like, Comment & Subscribe!
🙏🏻 Support my work 👉🏻 / joshstroschein
🌎 Follow me 👉🏻 / jstrosch , / joshstroschein
⚙️ Tinker with me on Github 👉🏻 github.com/jst...
0:33 Getting a sample PE file
1:20 Our focus for this video and why
2:09 Analyzing the PE structure in 010 editor
3:01 Structure definition on MSDN and finding winnt.h
4:15 Array of IMAGE_SECTION_HEADERs
6:04 Virtual size
6:20 Virtual versus raw values
6:53 Virtual address
7:06 PointerToRaw and RawSize
7:17 Size differences in the sections
7:41 Characteristics of a section
8:05 Viewing the next section header
9:06 Viewing section raw data
9:49 What is alignment
12:00 Calculating next section bytes in memory
12:50 File alignment
14:45 Viewing sections with System Informer
Very informative and awesome videos, thank you for making videos for us.
Absolutely - glad you find them useful!
Great content. Thank you for your hard work!
You're very welcome! :)
Josh Really Your Content is Awesome ❤
Thank you :)