A journey into PE executables - Part 0 - Basic file format concepts
In this post series, I will talk about the Portable Executable format, also known as PE. But before diving into PE, we should understand the basic concept of file formats (especially executables).
What is the File format?
The file format is a standard way to access files. It determines how bits are used to encode information in digital storage. Also, it specifies how computers interact with files. It's difficult to use different types of files without using file formats.
Generally, there are two types of files, unstructured files, and structured files. The first type is just raw data without any identifier. The simplest example of this type is the plaintext file.
Structured files, as their name suggests, have a specified structure that can be used by other programs to parse and load them into the memory. For example, normally you can't load a pdf through the photo viewer program and vice-versa.
The two above pictures explain the structure of PNG and PDF files. To check out more structures, check this link.Executables
COFF Executable
ELF Executable
The Executable and Linkable Format (ELF) was introduced in the early 1990s as part of the Unix operating system. It was designed by Unix System Laboratories while working with Sun Microsystems on SVR4 (UNIX System V Release 4.0).
ELF is used for executable files, object files, shared libraries, and core dumps. Nowadays we can see ELF in Unix-Like Operating Systems such as Linux, BSD, Solaris, etc.
This post is a short introduction to file formats and executables. In the next post, we will dive into the PE file format.
Comments
Post a Comment