Reverse Engineering Tutorial 3 | EXE File
Structure...!! By AffanSoftS
Hey there pals, these days i'll will} coach you on the interior design of your possible merely|or just|or simply just|or perhaps|or maybe} named exe data file. This short article terribly important|is essential|is vital|is critical|is important} since it can crystal clear ones aspects regarding distinct chapters of possible data file in addition to during which portion can find|you can discover|you'll find|you will find|you'll discover} beneficial goods in the course of change executive regarding any kind of any|almost any} request merely|or just|or simply just|or perhaps|or maybe} debugging any kind of any|almost any} request. By advanced see exe data file simply appears to be just one data file however basically the idea includes of|involves} variety of|many|numerous|various} components along with a a|as well as a} hacker ought to o.k. what|determine what|know what|realize what} typically|are generally|usually are} varieties of|these types of|these kind of|most of these} components in addition to what's is|what on earth is|precisely what is} using one in all these|every one in all these|these|most of these} distinct portions inside exe data file.
 |
| Exe Internal Sections |
The actual portions {that are|which are|which will be|which have been|which may be} in most cases contained in a great possible (depends in thecompiler utilised or perhaps computer programme accustomed to evaluate your executable) typically|are generally|usually are}:
Executable Signal Segment, branded. wording (Microsoft) or perhaps. txt (olydbg) or perhaps CODE(Borland)
Files Pieces, branded. files,. rdata, or perhaps. bss (Microsoft) or perhaps FILES (Borland)
Sources Segment, branded. rsrc
Upload Files Segment, branded. edata
Importance Files Segment, branded. idata
Debug Facts Segment, branded. debug
Notice: Design of your PE(portable executable) data file in computer is actually the identical same|precisely the same} since once it's} crammed directly into storage if {you decide to|considering} can easily discover details within the data file in computer are going to be able|it is possible|you'll be able|it are going to be possible|it are going to be easy} to locate the idea if your data file is actually crammed directly into storage.
On {the other hand|Even so} it's not at all duplicated just directly into storage. The actual microsoft windows loader makes a decision
that components require mapping-in in addition to that components must be be} overlooked. Files that isn't mapped-in is defined towards the end with the data file earlier any kind of any|almost any} components {that can be|that'll be|which can be|that is to be|which is to be} mapped-in at the. gary the {gadget guy}. rectify info.
Why {don't we} comprehend your precise which means coming from all portions:
1. possible Signal Segment:
Throughout Microsoft windows, regarding all|almost all|most|many} value pieces are living in one portion named. wording or perhaps. txt or perhaps PROGRAM CODE. Given that Microsoft windows relies on a page-based exclusive storage administration program, acquiring a single big value portion is {very simple|is plenty easier} to control with regard to the two computer conjointly the|as well as the|plus the|along with the} request designer. This specific portion additionally offers the gain access to point(EP) conjointly the|as well as the|plus the|along with the} soar sound space table} (where present) that items towards IAT.
Notice:
type of}. EP could be the entry way by in {which the|the location wherever the|the place that the|the spot that the} value portion begins inside obfuscated exe data file.
m. Bounce sound space table}: created up of|has} {all the|all of the|every one in all the|the many|each of the} soar handles in addition to sources.
g. IAT: The idea symbolizes importance tackle space table}, is a|it is a|this is the|that is a} space table} regarding purpose hints crammed inside through the microsoft windows loader the rationale that} dlls typically|are generally|usually are} crammed. I'll will} publish a total guide with regard to Importance tackle space table} due to the fact their terribly important|an essential|a critical|an important|a vital} principle. For the time being time|In the meantime|For the moment} simply take|take|you want to take} the idea since space table} that contains purpose hints.
2. Files Segment:
The actual. bss portion presents uninitialized files to the request, which includes regarding all|almost all|most|many} specifics stated since static inside a a|in a|just a} purpose or perhaps supply component.
The actual. rdata portion presents read-only files, like literal guitar strings, constants, in addition to rectify service info.
All specifics (except automated specifics, that|which in turn|which often} look for the stack) are usually located within the. files portion. {These ar|They are|They're|These are generally|These include} request or perhaps component international specifics.
3. Source Segment:
The actual. rsrc portion created up of|has} reference info for any a} component. {There ar many|There ar tons of|There ar numerous|There ar several|There ar various}
reference authors on the market today that enables enhancing, incorporating, getting {rid of|trashing|eliminating}, exchanging in addition to duplication sources.
4. Upload Files Segment:
The actual. edata portion offers the Upload Index on an request or perhaps DLL.
As {soon as} found, that portion created up of|has} specifics of your brands in addition to handles regarding exported characteristics.
5. Importance Files Segment:
The actual. idata portion created up of|has} selection of} specifics of brought in characteristics
such as Importance Index in addition to Importance Handle Desk table}. The actual importance portion created up of|has} specifics of {all the|all of the|every one in all the|the many|each of the} characteristics brought in through the possible by DLLs. This data is actually located variety of|in many|in tons of|in numerous} files buildings. The most crucial of those will be the Importance Index conjointly the|as well as the|plus the|along with the} Importance Handle
Desk table} that many of us can talk about following. The actual Microsoft windows loader accountable for|accounts for|is accountable of|is liable for|is answerable to} filling {all of the|all the|every one in all the|each of the|the many} DLLs the request makes use of in addition to mapping these individuals into your procedure tackle area. They have notice the|to get the|to get the|to discover the|to seek for the} handles of all the so-called brought in characteristics into their selection of} DLLs in addition to certain they are|cause them to become|get them to|cause them to} offered for|designed for|intended for|for} your possible becoming crammed.
6. rectify Facts Segment:
Debug info is actually originally put in your. rectify portion. The actual letter extendable
additionally can handle independent rectify records (normally recognized using a. DBG extension) as a way approach} regarding obtaining rectify info in a very main position. The actual rectify portion offers the rectify info, nevertheless the the} rectify web directories currently living in|are in|have a home in} your. rdata portion pointed out previously. All of those people web directories sources rectify info within the. rectify portion.
7. Bottom Moving Segment:
Very last and not the {smallest {amount|slightest|least amount|least|thinnest|slimmest} of|the lowest amount of|the terribly least} and {quite a few|and the majority} critical portion way too with regard to online hackers viewpoint. Once the linker makes a great EXE data file, the idea tends to make a great supposition concerning in {which the|the location wherever the|the place that the|the spot that the}
data file is {going to be|will {probably|in all probability|most probably} be|are reaching to be|will likely be} mapped directly into storage. Dependant on that, your linker sets the genuine handles regarding value in addition to files products into your possible data file. When no matter reason|for reasons uknown} your possible winds up becoming crammed some {other place|some place else} within the exclusive tackle area, your handles your linker connected to your photograph typically|are generally|usually are} incorrect. The knowledge located within the. reloc portion doable for|will allow} your letter loader to mend varieties of|these types of|these kind of|most of these} handles within the crammed photograph to {ensure that|in order that|to ensure|making certain that} {they're|they are|they might be|these are|there're} right all over again. the opposite hand|However|Alternatively|Conversely|In contrast}, if your loader ready to|could|surely could} weight your data file for the bottom tackle thought through the linker, your. reloc portion files simply not} desired and it is disregarded.
We will continue our reverse code engineering tutorials in Future classes too. So keep connected and keep reading our articles.
If you have any doubts ask me in form of comments.
0 comments:
Post a Comment