Downloaded 22 times
![PE DLL
...
call [API] API: …
… ret
Imports Exports](https://image.slidesharecdn.com/angealbertinihashdays2012-121209033041-phpapp02/75/Binary-art-Byte-ing-the-PE-that-fails-you-live-version-28-2048.jpg)
Uploaded byAnge Albertini
Binary art - Byte-ing the PE that fails you (live version)
The document discusses the Portable Executable (PE) format, its complexities, and various tricks related to it. It covers standard PE characteristics, common issues, and new findings in executable formats since its introduction. The speaker, Ange Albertini, expresses gratitude to contributors and invites further questions about the material presented.
More Related Content
Similar to Binary art - Byte-ing the PE that fails you (live version)
Binary art - Byte-ing the PE that fails you (live version)
- 1. Binary art Byte-ing the PE that fails you Ange Albertini 3rd November 2012 http://corkami.com Lucerne, Switzerland
- 2. agenda what's a PE? the problem, and my approach overview of the PE format classic tricks new tricks © ID software
- 3. Portable Executable based on CommonObject File Format
- 6. PEuniversal Windows binary since 1993
- 7.
- 8.
- 9. aka “the gentleguide to standard PEs”
- 10. CVE-2012-2273 version_mini ibkernel
- 11.
- 15.
- 17.
- 18.
- 19.
- 28. PE DLL ... call [API] API: … … ret Imports Exports
- 35.
- 37. 1 ≤ FileAlignment== SectionAlignment ≤ 800 nosection*
- 38.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45. dd OriginalFirstThunk dd TimeDateStamp ddForwarderChain ---------------------------- dd Name dd FirstThunk imports_virtdesc
- 46.
- 47.
- 48. fakerelocs ibreloc
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56. PE .NET ... ... imports ... ... ... ... ... ... ... ... relocs ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... CLR ... ... tinynet
- 57.
- 58.
- 59.
- 60. Conclusion ● the Windows executable format is complex ● mostly covered, but many little traps ● new discoveries every day :( http://pe101.corkami.com http://pe.corkami.com
- 61. Questions? Thanks to Fabian Sauter, Peter Ferrie, وليد عصر Bernhard Treutwein, Costin Ionescu, Deroko, Ivanlef0u, Kris Kaspersky, Moritz Kroll, Thomas Siebert, Tomislav Peričin, Kris McConkey, Lyr1k, Gunther, Sergey Bratus, frank2, Ero Carrera, Jindřich Kubec, Lord Noteworthy, Mohab Ali, Ashutosh Mehra, Gynvael Coldwind, Nicolas Ruff, Aurélien Lebrun, Daniel Plohmann, Gorka Ramírez, 최진영 , Adam Błaszczyk, 板橋一正 , Gil Dabah, Juriaan Bremer, Bruce Dang, Mateusz Jurczyk, Markus Hinderhofer, Sebastian Biallas, Igor Skochinsky, Ильфак Гильфанов, Alex Ionescu, Alexander Sotirov, Cathal Mullaney
- 62. Thank YOU! Ange Albertini @gmail.com @ange4771 http://corkami.com
- 63.
- 64.