A journey into PE executables - Part 0 - Basic file format concepts

-

In this post series, I will talk about the Portable Executable format, also known as PE. But before diving into PE, we should understand the basic concept of file formats (especially executables).

What is the File format?

The file format is a standard way to access files. It determines how bits are used to encode information in digital storage. Also, it specifies how computers interact with files. It's difficult to use different types of files without using file formats.

Generally, there are two types of files, unstructured files, and structured files. The first type is just raw data without any identifier. The simplest example of this type is the plaintext file. 

Structured files, as their name suggests, have a specified structure that can be used by other programs to parse and load them into the memory. For example, normally you can't load a pdf through the photo viewer program and vice-versa.

The two above pictures explain the structure of PNG and PDF files. To check out more structures, check this link.

Executables

The executables are a type of file, that runs in operating systems without intermediaries. They interact directly with operating system internals, so something like a python script can't be an executable😁.
As you can guess, the executable files are structure-based. In this part, we don't dive into the structure of executables.

COFF Executable

The Common Object File Format (COFF) was introduced in Unix System V(5). It was used in executables, object files, and shared libraries. The COFF files are composed of a header section containing information about the file, followed by sections containing the actual code and data. The header section contains information such as the size of the file, the entry point address for execution, and other information needed to load and execute the program.

ELF Executable

The Executable and Linkable Format (ELF) was introduced in the early 1990s as part of the Unix operating system. It was designed by Unix System Laboratories while working with Sun Microsystems on SVR4 (UNIX System V Release 4.0). 

ELF is used for executable files, object files, shared libraries, and core dumps. Nowadays we can see ELF in Unix-Like Operating Systems such as Linux, BSD, Solaris, etc.

This post is a short introduction to file formats and executables. In the next post, we will dive into the PE file format.


Resources

https://wiki.osdev.org/ELF
Practical Binary Analysis from Dennis Andriesse

Comments

Post a Comment

Popular posts from this blog

A journey into PE executables - Part 1 - Introduction to PE

-
Image
PE Executables The PE stands for Portable Executable . PE is a modified version of the Common Object file format introduced in the previous post. For this reason, it is also known as PE/COFF. It's used in windows executables, drivers, dynamic libraries, etc. Like other executables, a PE file has a structure to store some features for executing in the operating system. Let's Dive into it. Structure The above picture shows a schematic of a PE executable structure defined in WinNT.h .  DOS Header and DOS Stub The first part of the PE structure is called DOS/MS-DOS header. It starts with a magic value (4D 5A), which consists of the ASCII characters 'M', and 'Z'. The "MZ" stands for "Mark Zbikowski". He is one of the original DOS developers. For this reason, it's also known as the MZ header. This header also has a stub area. An example of when the code in this sub-area is executed is when a user attempts to run the file under DOS. The followin
Read more

My Experiences in WorldSkills Competition 2022 Special Edition

-
Image
In this post, I will talk about my experiences in the Worldskills competition in Goyang.  First of all, let me introduce you to the WorldSkills Competition. WorldSkills competition is an International competition held in many fields of expertise (IT, Jewelry, mechanical, etc). Like any other competitor, I started from the regional level. At the same time, I met some people who had the same goals as me. They had a CTF team and one of the admins of that team invited me there. To be honest, I learned a lot of things from this team and the members (Also I still learn from them :D). We passed the national level competition together, and AmirFarzam and I were selected as the official competitor of WSC. We worked very hard for 2 months. I remember the day Farid and I were working literally 24 hours without a mere eye shut. Finally, after 2 months, it was time to go to Korea. It's worthwhile to mention that it was also my very first flight and I was very excited at that time. Korea is a gr
Read more