Figure 1 - PE File

  • The CLR header stores information to indicate that the PE file is a .NET executable and the CLR data section contains metadata and Microsoft Intermediate Language (MSIL, or IL for short) code.
  • Every common language runtime–compliant development tool compiles its own source code into IL code. Because all development tools produce the same IL, regardless of the language in which their source code is written, differences in implementation are gone by the time they reach the common language runtime.
  • Metadata is data that is used to describe classes and what they can do, separate from the code of the class itself. It is important to understand that metadata is not part of the class in the same way that variables and methods are, but instead it is used to describe classes.The CLR uses metadata for many purposes including; locating and loading classes, laying out objects in memory, finding out what methods and properties a class has, enforcing security and discovering the class’s transactional behaviour. You can ask an object at runtime for this type of information such as its type, methods, properties, events and so on.Most of the metadata associated with a class is provided by the compilation process, but it is possible to create your own metadata items, called attributes, and attach them to your own classes.
  • IL code : Code the compiler produced as it compiled the source code. At runtime, the CLR compiles the IL into native CPU instructions.

  Ref: Programming Design Pattern and CLR Via C#.

PE File.的更多相关文章

  1. Delphi : Analyze PE file headers?

    Analyze PE file headers? { You'll need a OpenDialog to open a Exe-File and a Memo to show the file i ...

  2. Make the PE file consistent when code not changed

    参考:http://www.mouseos.com/assembly/06.html 参考:http://www.cnblogs.com/tk091/archive/2012/04/18/245617 ...

  3. Inject shellcode into PE file

    先声明这是不免杀的,只是演示. 哔哩哔哩视频 新增节 一般能实现特定功能的shellcode的长度都比较长,可以分到几个节上的空白区,但是这样麻烦啊,或者把最后一个节扩大,但是最后一个节一般没有执行的 ...

  4. 《Peering Inside the PE: A Tour of the Win32 Portable Executable File Format》阅读笔记二

    Common Sections The .text section is where all general-purpose code emitted by the compiler or assem ...

  5. dnSpy PE format ( Portable Executable File Format)

    Portable Executable File Format PE Format  微软官方的 What is a .PE file in the .NET framework? [closed] ...

  6. 利用PE数据目录的导入表获取函数名及其地址

    PE文件是以64字节的DOS文件头开始的(IMAGE_DOS_HEADER),接着是一段小DOS程序,然后是248字节的 NT文件头(IMAGE_NT_HEADERS),NT的文件头位置由IMAGE_ ...

  7. Load PE from memory(反取证)(未完)

      Article 1:Loading Win32/64 DLLs "manually" without LoadLibrary() The most important step ...

  8. PE病毒初探——向exe注入代码

    PE文件其实就是Windows可执行文件,关于它的一些简要介绍摘自百度: PE文件被称为可移植的执行体是Portable Execute的全称,常见的EXE.DLL.OCX.SYS.COM都是PE文件 ...

  9. 【PE结构】恶意代码数字签名验证

    说明 恶意代码数字签名验证功能,WinverityTrust.CryptQueryObject 代码实现 WinVerifyTrust //------------------------------ ...

随机推荐

  1. Vim识别编码

    http://blog.chinaunix.net/uid-20357359-id-1963123.html

  2. 测试一下MarkDown

    欢迎使用Markdown编辑器写博客 本Markdown编辑器使用StackEdit修改而来,用它写博客,将会带来全新的体验哦: Markdown和扩展Markdown简洁的语法 代码块高亮 图片链接 ...

  3. ‘char *' differs in levels of indirection from 'int'

    这个问题是有与和系统变量重名导致的,如 char* ans = (char*) malloc(10);系统变量是一个int.

  4. android 一个页面内 多个listview的实现

    如果很平常的两个listview组件竖直放在linearLayout布局中,结果是: 两个listview 很独立,中间似乎有个分割线,完全吧他们分离了,各自独立滚动,如果上面的listview把整个 ...

  5. 监听APP升级广播处理

    当旧版本的用户升级新版本的时候需要重新设定一些值处理,这时候需要监听升级版本的广播 <receiver android:name=".OnUpgradeReceiver"&g ...

  6. Bluetooth LE(低功耗蓝牙) - 第三部分

    回顾 在本系列的前两篇文章中,我们已经了解了一些关于Bluetooth LE的背景并建立一个简单的Activity / Service框架.   在这篇文章中,我们将探讨Bluetooth LE的细节 ...

  7. 译文:TransactionScope 与 Async/Await

    你可能不知道这一点,在 .NET Framework 4.5.0  版本中包含有一个关于 System.Transactions.TransactionScope 在与 async/await 一起工 ...

  8. bzoj3124

    很好的一道treedp,当然也挺烦的首先不难想到先求出一个直径,然后穷举每条边,看他删除之后直径大小是否会变,变了的话就是必须经过的边下面我们就要想怎么优化,本人语言表达略差,还是配合程序说吧. ty ...

  9. Apache log4net™ Config Examples

    Overview This document presents example configurations for the built-in appenders. These configurati ...

  10. bzoj 2463 [中山市选2009]谁能赢呢?(博弈)

    2463: [中山市选2009]谁能赢呢? Time Limit: 10 Sec  Memory Limit: 128 MBSubmit: 1290  Solved: 944[Submit][Stat ...