A journey into PE executables - Part 1 - Introduction to PE

PE Executables The PE stands for Portable Executable . PE is a modified version of the Common Object file format introduced in the previous post. For this reason, it is also known as PE/COFF. It's used in windows executables, drivers, dynamic libraries, etc. Like other executables, a PE file has a structure to store some features for executing in the operating system. Let's Dive into it. Structure The above picture shows a schematic of a PE executable structure defined in WinNT.h .  DOS Header and DOS Stub The first part of the PE structure is called DOS/MS-DOS header. It starts with a magic value (4D 5A), which consists of the ASCII characters 'M', and 'Z'. The "MZ" stands for "Mark Zbikowski". He is one of the original DOS developers. For this reason, it's also known as the MZ header. This header also has a stub area. An example of when the code in this sub-area is executed is when a user attempts to run the file under DOS. The followin

A journey into PE executables - Part 0 - Basic file format concepts

In this post series, I will talk about the Portable Executable format, also known as PE. But before diving into PE, we should understand the basic concept of file formats (especially executables). What is the File format? The file format is a standard way to access files. It determines how bits are used to encode information in digital storage. Also, it specifies how computers interact with files. It's difficult to use different types of files without using file formats. Generally, there are two types of files, unstructured files, and structured files. The first type is just raw data without any identifier. The simplest example of this type is the plaintext file.  Structured files, as their name suggests, have a specified structure that can be used by other programs to parse and load them into the memory. For example, normally you can't load a pdf through the photo viewer program and vice-versa. The two above pictures explain the structure of PNG and PDF files. To check out m

My Experiences in WorldSkills Competition 2022 Special Edition

In this post, I will talk about my experiences in the Worldskills competition in Goyang.  First of all, let me introduce you to the WorldSkills Competition. WorldSkills competition is an International competition held in many fields of expertise (IT, Jewelry, mechanical, etc). Like any other competitor, I started from the regional level. At the same time, I met some people who had the same goals as me. They had a CTF team and one of the admins of that team invited me there. To be honest, I learned a lot of things from this team and the members (Also I still learn from them :D). We passed the national level competition together, and AmirFarzam and I were selected as the official competitor of WSC. We worked very hard for 2 months. I remember the day Farid and I were working literally 24 hours without a mere eye shut. Finally, after 2 months, it was time to go to Korea. It's worthwhile to mention that it was also my very first flight and I was very excited at that time. Korea is a gr

Hello World

Hi. I'm Amir Mohammad Jahangirzad and it's my first post for this blog. I also had another blog ( - in Hugo, but I lost those files. In this blog, I will write about cyber security and low-level concepts like reverse engineering, binary exploitation, malware analysis, and also my experiences. My purpose is to share knowledge and experiences with people who are interested in this field..