PE file infrastructure sorting

PE（Portable Execute） file , It is Windows The general name of executable file , It's also windows Standard file format under the system .

stay window The common suffix on the system is DLL,EXE,OCX,SYS And other documents belong to PE file . But in fact , Whether a file is PE Files have nothing to do with their extensions ,PE The file can be any extension .

PE The file structure can be summarized as ： It is mainly composed of “ head ”（DOS head ,NT head , Optional head ） and “ section ”（text section ,data section ） form .

To implement in code , Determine an executable file , Whether it is PE File structure . There are two main judgments ：

1.DOS Whether the magic value field of the header is “MZ” , That is to say 0x5A4D value .

2.NT Whether the signature field information of the header is “PE00” , That is to say 0x00004550 value .

The following figure is a standard PE File structure chart

PEB Summary of structure
PEB structure （Process Envirorment Block Structure）： Process environment information block .

PEB： It is mainly used to store process information , Every process has its own PEB Information .

PEB： It is located in the user address space .