Figure 1 - PE File

  • The CLR header stores information to indicate that the PE file is a .NET executable and the CLR data section contains metadata and Microsoft Intermediate Language (MSIL, or IL for short) code.
  • Every common language runtime–compliant development tool compiles its own source code into IL code. Because all development tools produce the same IL, regardless of the language in which their source code is written, differences in implementation are gone by the time they reach the common language runtime.
  • Metadata is data that is used to describe classes and what they can do, separate from the code of the class itself. It is important to understand that metadata is not part of the class in the same way that variables and methods are, but instead it is used to describe classes.The CLR uses metadata for many purposes including; locating and loading classes, laying out objects in memory, finding out what methods and properties a class has, enforcing security and discovering the class’s transactional behaviour. You can ask an object at runtime for this type of information such as its type, methods, properties, events and so on.Most of the metadata associated with a class is provided by the compilation process, but it is possible to create your own metadata items, called attributes, and attach them to your own classes.
  • IL code : Code the compiler produced as it compiled the source code. At runtime, the CLR compiles the IL into native CPU instructions.

  Ref: Programming Design Pattern and CLR Via C#.

PE File.的更多相关文章

  1. Delphi : Analyze PE file headers?

    Analyze PE file headers? { You'll need a OpenDialog to open a Exe-File and a Memo to show the file i ...

  2. Make the PE file consistent when code not changed

    参考:http://www.mouseos.com/assembly/06.html 参考:http://www.cnblogs.com/tk091/archive/2012/04/18/245617 ...

  3. Inject shellcode into PE file

    先声明这是不免杀的,只是演示. 哔哩哔哩视频 新增节 一般能实现特定功能的shellcode的长度都比较长,可以分到几个节上的空白区,但是这样麻烦啊,或者把最后一个节扩大,但是最后一个节一般没有执行的 ...

  4. 《Peering Inside the PE: A Tour of the Win32 Portable Executable File Format》阅读笔记二

    Common Sections The .text section is where all general-purpose code emitted by the compiler or assem ...

  5. dnSpy PE format ( Portable Executable File Format)

    Portable Executable File Format PE Format  微软官方的 What is a .PE file in the .NET framework? [closed] ...

  6. 利用PE数据目录的导入表获取函数名及其地址

    PE文件是以64字节的DOS文件头开始的(IMAGE_DOS_HEADER),接着是一段小DOS程序,然后是248字节的 NT文件头(IMAGE_NT_HEADERS),NT的文件头位置由IMAGE_ ...

  7. Load PE from memory(反取证)(未完)

      Article 1:Loading Win32/64 DLLs "manually" without LoadLibrary() The most important step ...

  8. PE病毒初探——向exe注入代码

    PE文件其实就是Windows可执行文件,关于它的一些简要介绍摘自百度: PE文件被称为可移植的执行体是Portable Execute的全称,常见的EXE.DLL.OCX.SYS.COM都是PE文件 ...

  9. 【PE结构】恶意代码数字签名验证

    说明 恶意代码数字签名验证功能,WinverityTrust.CryptQueryObject 代码实现 WinVerifyTrust //------------------------------ ...

随机推荐

  1. andorid studio

    http://www.cnblogs.com/smyhvae/p/4390905.html

  2. 在linux中使用php将word文档转为pdf

    使用本教程需要在linux中安装openoffice,改页面中有详细的安装与使用教程(http://www.cnblogs.com/sustudy/p/3999628.html). 既然,你看了该教程 ...

  3. windows/NBTSTAT,linux/nmblookup命令详解,查询NetBIOS名

    NBTSTAT命令详解 请问: Linux下有没有和nbtstat一样的命令,用 nmblookup -A ip 可以 nbstat命令主要用于查看当前基于netbios的tcp/ip连接状态,通过该 ...

  4. Hibernate(六)一对一双向关联映射

    在上次的博文Hibernate从入门到精通(五)一对一单向关联映射中我们讲解了一下一对一单向关联映射, 这次我们继续讲解一下与之对应的一对一双向关联映射. 一对一双向关联 与一对一单向关联映 射所不同 ...

  5. 《A First Course in Probability》-chaper8-极限定理-弱大数定理

    基于之前强大数定理的得证,这里我们再结合切比雪夫不等式,能够得到弱大数定理. 弱大数定理: 表面上,强大数定理和弱大数定理好像是质同的,但是他们之间真正的区别到底是什么呢?

  6. ural 1333 化平面为点计算覆盖率

    题目链接:http://acm.timus.ru/problem.aspx?space=1&num=1333 #include<cstdio> #include<cstrin ...

  7. 细谈Java

    重载:相同函数名,不同参数. 重写(覆写):父类和子类之间的,子类重写了父类的方法. java的多态:重载+覆写 1.      Main方法: 是public的,也是static,也是void的,参 ...

  8. 405. Convert a Number to Hexadecimal

    ..感觉做的很蠢. 主要就是看负数怎么处理. 举个例子,比如8位: 0111 1111 = 127 1111 1111 = -1 1000 0000 = -128 正常情况1111 1111应该是25 ...

  9. 搜狗输入法皮肤安装 分类: windows常用小技巧 2014-05-04 15:10 172人阅读 评论(0) 收藏

    第一步: 下载皮肤,皮肤是.ssf格式的. 第二步: 找到安装目录:(以我的为例) D:\软件\搜狗输入法\SogouInput\7.1.0.1652\AllSkin: 把下载的皮肤剪切(或复制)到此 ...

  10. 【Android - 框架】之刷新加载框架Ultra-Pull-To-Refresh的使用

    Ultra-Pull-To-Refresh框架是用来嵌套其他布局,实现下拉刷新和上拉加载的框架.它其中可以嵌套任何控件,ListView.GridView.ScrollView.RecyclerVie ...