972
edits
PE: Difference between revisions
m
→Signed PE with Attribute Certificate Table
| [unchecked revision] | [unchecked revision] |
(→DOS Stub: Fix link to use archive.org, as MSDN now redirects that link to a similar page that doesn't contain the document or images.) |
|||
| (6 intermediate revisions by 4 users not shown) | |||
Line 1:
{{File formats}}
With Windows
If you did set up a [[Cygwin]] environment on your Windows machine, "PE" is the target format for your Cygwin GCC toolchain, which causes the unaware some headache when trying to link parts build under Cygwin with parts build under Linux or BSD (which use the ELF target by default). (Hint: You have to build a [[GCC Cross-Compiler]])
Line 22:
The PE header contains information that concerns the entire file rather than individual pieces that will be coming up later. The bare minimum header contains a 4-byte signature (0x00004550), the machine type/architecture of the executable code inside, a time stamp, a pointer to symbols, as well as various flags (is the file an executable, DLL, can the application handle addresses above 2GB, does the file needed be copy to the swap file if ran from a removable device, etc). Unless you're using a really stripped down statically linked PE file to save memory with a hard coded entry point and no resources, then the PE header alone isn't enough.
<
// 1 byte aligned
struct PeHeader {
Line 34:
uint16_t mCharacteristics;
};
</syntaxhighlight>
=== Optional header ===
Line 41:
Part of the optional header is NT-specific. This include the subsystem (console, driver, or GUI application), how much stack and heap space to reserve, and the minimum required Operating System, subsystem and Windows version. You can use your own values for all of these depending on the needs of your OS.
<
// 1 byte aligned
struct Pe32OptionalHeader {
Line 75:
uint32_t mNumberOfRvaAndSizes;
};
</syntaxhighlight>
=== Data Directories ===
Line 115:
Each section has an entry in section header table.
<
struct IMAGE_SECTION_HEADER { // size 40 bytes
char[8] mName;
Line 128:
uint32_t mCharacteristics;
};
</syntaxhighlight>
===In asm linkage===
if in nasm you declare a block of code like this:
<
segment .code
aAsmFunction:
Line 140:
segment .data
aData: db 0xFF
</syntaxhighlight>
The ''segments'' will apear as ''sections''. Using this it is possible to keep C and Asm seperate, as a linker will not automatically merge ''.code'' and ''.text'', which is the normal output by C compilers.
=== Position Independent Code ===
Line 167:
For [https://wiki.osdev.org/EFI#Secure_Boot Secure Boot] under [[EFI]] such a signature is a must. It worth nothing that the PE format allows multiple certificates to be embedded in a single PE file, but UEFI firmware implementations usually only '''allow one''', which must be signed by the Microsoft KEK. If the firmware allows installing more KEK (not typical), then you can use other certificates as well.
The bCertificate data is a PKCS#7 signature with certificate, encoded in ASN.1 format. Microsoft uses signtool.exe to create these signature entries, but an Open Source solution exists, called [
== CLI / .Net ==
Line 191:
= See Also =
* [https://learn.microsoft.com/en-us/windows/win32/debug/pe-format Microsoft Learn PE Format Reference]
* MSDN Magazine: [http://msdn.microsoft.com/en-us/magazine/cc301805.aspx Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format]
* PE Specification: [http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx latest edition, OOXML format], [http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92cdfeae4b45/pecoff.doc 1999 edition, DOC format]
Line 207 ⟶ 208:
[[Category:Object Files]]
[[Category:UEFI]]
[[Category:Windows]]
[[de:Microsoft Portable Executable and Common Object File Format]]
| |||