Probably a silly question, but what should I know about PE files? I mean, I've looked at Icz's tutes, but I'm not sure *why* I should learn about PE files. As an ASM programmer, is this something I can take advantage of (ie., can I make my programs smaller, or make em load faster)? Or is it simply something to know? The most I've been able to get from the PE file format is that I won't have to worry about running my program on 9x or NT systems.

Any insight would be appreciated,
Thanks
--Chorus
Posted on 2002-05-24 00:05:20 by chorus
IMHO, it is not really necessary to know except in these cases:

- you are doing things like API interception
- you have already learnt everything there is to know
- you are a real man :grin:
Posted on 2002-05-24 00:44:00 by sluggy
Its good to understand the basics of the PE, so you'll know what is happening when you define 'sections' and define linking commands, like merging sections together when linked.

It helps to know what the linker 'really' does for you ;)

:NaN:
Posted on 2002-05-24 01:20:55 by NaN
chorus, pe file understanding isn't only good for plain
knowledge about the sections and stuff it's good for
your assembler knowledge at all. believe me, it's very
very interesting and fun. but i wouldn't use icz's tutes.


As an ASM programmer, is this something I can take advantage of


in my opinion this is the REAL advantage of asm...
lowlevel and algo programming. you can do whatever
you want to do.
Posted on 2002-05-24 03:38:01 by mob
Thanks guys,

what sort of triggered my question was this line from Hutche's web site:


TheGun is written in 32 bit Microsoft Assembler (MASM) and is a genuine Portable Executable format file.


So I was wondering what he meant by a *genuine* PE format file. Aren't *all* windows programs genuine PE format files? I just felt like I was missing something in what he was saying...

Oh, Sluggy, is a real man like your Avatar. Cause if it is... maybe I should go back to C++ :grin:

NaN, I'm going to look more into the linker. I haven't really yet (I just use the "regular" commands), but if you say it's worthwhile, then I guess it is :)

mob, I agree with you that ASM is great for lowlevel programming. I'm very finicky about what goes into my program in the way of "extras". Hence the question about PEs -- are they bloated or pretty trim?

Thanks again everybody
--Chorus
Posted on 2002-05-24 10:59:26 by chorus
genuine? huh? maybe hutch typed this thing by hand
i wouldn't wonder, according to all his 'real men' threads...
but however, pe (portable executable) is the file-format
that windows uses to invoke programs into memory.
all the data and the code is linked together in several
sections. if you know the pe structure you can do whatever
you want with this data, simple example: imagine you
want to write a little "security" tool that adds a little
dialog in front of any executable you desire to be secured.
this dialog should pop up everytime someone starts this
exe and it will only give the control back to the the real code
if the password is corrrect... (besides it's illegal to
manipulate executables that are not compiled by yourself
but thats another story) without pe knowledge this
would be almost impossible ... that was the dumbest
example i was able to pull out of my head so excuse me...
read a good tutorial about this stuff and you'll see
Posted on 2002-05-24 11:58:09 by mob
Maybe this tool can help you a little
http://cn.geocities.com/komsbomb/
Posted on 2002-05-25 00:09:42 by KomsBomb