A journey into PE executables - Part 0 - Basic file format concepts

In this post series, I will talk about the Portable Executable format, also known as PE. But before diving into PE, we should understand the basic concept of file formats (especially executables).

What is the File format?

The file format is a standard way to access files. It determines how bits are used to encode information in digital storage. Also, it specifies how computers interact with files. It's difficult to use different types of files without using file formats.

Generally, there are two types of files, unstructured files, and structured files. The first type is just raw data without any identifier. The simplest example of this type is the plaintext file. 

Structured files, as their name suggests, have a specified structure that can be used by other programs to parse and load them into the memory. For example, normally you can't load a pdf through the photo viewer program and vice-versa.

The two above pictures explain the structure of PNG and PDF files. To check out more structures, check this link.

Executables

The executables are a type of file, that runs in operating systems without intermediaries. They interact directly with operating system internals, so something like a python script can't be an executable­čśü.
As you can guess, the executable files are structure-based. In this part, we don't dive into the structure of executables.

COFF Executable

The Common Object File Format (COFF) was introduced in Unix System V(5). It was used in executables, object files, and shared libraries. The COFF files are composed of a header section containing information about the file, followed by sections containing the actual code and data. The header section contains information such as the size of the file, the entry point address for execution, and other information needed to load and execute the program.

ELF Executable

The Executable and Linkable Format (ELF) was introduced in the early 1990s as part of the Unix operating system. It was designed by Unix System Laboratories while working with Sun Microsystems on SVR4 (UNIX System V Release 4.0). 

ELF is used for executable files, object files, shared libraries, and core dumps. Nowadays we can see ELF in Unix-Like Operating Systems such as Linux, BSD, Solaris, etc.

This post is a short introduction to file formats and executables. In the next post, we will dive into the PE file format.


Resources

https://wiki.osdev.org/ELF
Practical Binary Analysis from Dennis Andriesse

Comments

Popular posts from this blog

A journey into PE executables - Part 1 - Introduction to PE

My Experiences in WorldSkills Competition 2022 Special Edition