Figure 1 - PE File

  • The CLR header stores information to indicate that the PE file is a .NET executable and the CLR data section contains metadata and Microsoft Intermediate Language (MSIL, or IL for short) code.
  • Every common language runtime–compliant development tool compiles its own source code into IL code. Because all development tools produce the same IL, regardless of the language in which their source code is written, differences in implementation are gone by the time they reach the common language runtime.
  • Metadata is data that is used to describe classes and what they can do, separate from the code of the class itself. It is important to understand that metadata is not part of the class in the same way that variables and methods are, but instead it is used to describe classes.The CLR uses metadata for many purposes including; locating and loading classes, laying out objects in memory, finding out what methods and properties a class has, enforcing security and discovering the class’s transactional behaviour. You can ask an object at runtime for this type of information such as its type, methods, properties, events and so on.Most of the metadata associated with a class is provided by the compilation process, but it is possible to create your own metadata items, called attributes, and attach them to your own classes.
  • IL code : Code the compiler produced as it compiled the source code. At runtime, the CLR compiles the IL into native CPU instructions.

  Ref: Programming Design Pattern and CLR Via C#.

PE File.的更多相关文章

  1. Delphi : Analyze PE file headers?

    Analyze PE file headers? { You'll need a OpenDialog to open a Exe-File and a Memo to show the file i ...

  2. Make the PE file consistent when code not changed

    参考:http://www.mouseos.com/assembly/06.html 参考:http://www.cnblogs.com/tk091/archive/2012/04/18/245617 ...

  3. Inject shellcode into PE file

    先声明这是不免杀的,只是演示. 哔哩哔哩视频 新增节 一般能实现特定功能的shellcode的长度都比较长,可以分到几个节上的空白区,但是这样麻烦啊,或者把最后一个节扩大,但是最后一个节一般没有执行的 ...

  4. 《Peering Inside the PE: A Tour of the Win32 Portable Executable File Format》阅读笔记二

    Common Sections The .text section is where all general-purpose code emitted by the compiler or assem ...

  5. dnSpy PE format ( Portable Executable File Format)

    Portable Executable File Format PE Format  微软官方的 What is a .PE file in the .NET framework? [closed] ...

  6. 利用PE数据目录的导入表获取函数名及其地址

    PE文件是以64字节的DOS文件头开始的(IMAGE_DOS_HEADER),接着是一段小DOS程序,然后是248字节的 NT文件头(IMAGE_NT_HEADERS),NT的文件头位置由IMAGE_ ...

  7. Load PE from memory(反取证)(未完)

      Article 1:Loading Win32/64 DLLs "manually" without LoadLibrary() The most important step ...

  8. PE病毒初探——向exe注入代码

    PE文件其实就是Windows可执行文件,关于它的一些简要介绍摘自百度: PE文件被称为可移植的执行体是Portable Execute的全称,常见的EXE.DLL.OCX.SYS.COM都是PE文件 ...

  9. 【PE结构】恶意代码数字签名验证

    说明 恶意代码数字签名验证功能,WinverityTrust.CryptQueryObject 代码实现 WinVerifyTrust //------------------------------ ...

随机推荐

  1. js页面传参数时,参数值包含特殊字符的处理

    js页面传参数时,参数值包含特殊字符应该怎么处理,解决方法就是利用js的escape函数,这个函数在解决中文乱码等方面应用的比较广泛.推荐使用. 工作中遇到的小问题,一个页面中通过window.sho ...

  2. Android 每天定时提醒功能实现

    android要实现定时的功能那肯定就要用到闹铃相关的技术, 那么android闹铃实现是基于 AlarmManager 这个类的,首先我们来看一下它的几个主要的方法. 打开AlarmManager的 ...

  3. mac 目录详解

    打开Macintosh HD你会发现内中有四个文件夹 分别有——应用程序(Applications).系统(System).用户(User).资料库(Library).四个文件夹中又分别各有若干数量的 ...

  4. Monkey ‘mk_request_header_process’函数输入验证漏洞

    漏洞名称: Monkey ‘mk_request_header_process’函数输入验证漏洞 CNNVD编号: CNNVD-201308-003 发布时间: 2013-08-22 更新时间: 20 ...

  5. 【转】压缩Virtualbox的vdi文件

    原文网址:http://i.rexdf.org/blog/2014/10/06/ya-suo-virtualboxde-vdiwen-jian/ 问题实际上比较简单,我在Arch Linux杂记中给出 ...

  6. Android 布局之DrawLayout

    在刚开始学android的时候肯定会知道,android的主要的布局就是LinearLayout.RelativeLayout.FramLayout.AbsoluteLayout.以及TableLay ...

  7. 数据结构(启发式合并):HNOI 2009 梦幻布丁

    Description N个布丁摆成一行,进行M次操作.每次将某个颜色的布丁全部变成另一种颜色的,然后再询问当前一共有多少段颜色.例如颜色分别为1,2,2,1的四个布丁一共有3段颜色. Input 第 ...

  8. XCode4 下制作Framework的方法

    http://www.cocoachina.com/bbs/read.php?tid-75680-page-1.html

  9. android源码编译环境的准备及编译之后使用emulator运行的方法 - 官方版

    http://source.android.com/source/initializing.html http://blog.csdn.net/ithomer/article/details/6977 ...

  10. Geometric Shapes - POJ 3449(多边形相交)

    题目大意:给一些几何图形的编号,求出来这些图形都和那些相交.   分析:输入的正方形对角线上的两个点,所以需要求出来另外两个点,公式是: x2:=(x1+x3+y3-y1)/2; y2:=(y1+y3 ...