Figure 1 - PE File

  • The CLR header stores information to indicate that the PE file is a .NET executable and the CLR data section contains metadata and Microsoft Intermediate Language (MSIL, or IL for short) code.
  • Every common language runtime–compliant development tool compiles its own source code into IL code. Because all development tools produce the same IL, regardless of the language in which their source code is written, differences in implementation are gone by the time they reach the common language runtime.
  • Metadata is data that is used to describe classes and what they can do, separate from the code of the class itself. It is important to understand that metadata is not part of the class in the same way that variables and methods are, but instead it is used to describe classes.The CLR uses metadata for many purposes including; locating and loading classes, laying out objects in memory, finding out what methods and properties a class has, enforcing security and discovering the class’s transactional behaviour. You can ask an object at runtime for this type of information such as its type, methods, properties, events and so on.Most of the metadata associated with a class is provided by the compilation process, but it is possible to create your own metadata items, called attributes, and attach them to your own classes.
  • IL code : Code the compiler produced as it compiled the source code. At runtime, the CLR compiles the IL into native CPU instructions.

  Ref: Programming Design Pattern and CLR Via C#.

PE File.的更多相关文章

  1. Delphi : Analyze PE file headers?

    Analyze PE file headers? { You'll need a OpenDialog to open a Exe-File and a Memo to show the file i ...

  2. Make the PE file consistent when code not changed

    参考:http://www.mouseos.com/assembly/06.html 参考:http://www.cnblogs.com/tk091/archive/2012/04/18/245617 ...

  3. Inject shellcode into PE file

    先声明这是不免杀的,只是演示. 哔哩哔哩视频 新增节 一般能实现特定功能的shellcode的长度都比较长,可以分到几个节上的空白区,但是这样麻烦啊,或者把最后一个节扩大,但是最后一个节一般没有执行的 ...

  4. 《Peering Inside the PE: A Tour of the Win32 Portable Executable File Format》阅读笔记二

    Common Sections The .text section is where all general-purpose code emitted by the compiler or assem ...

  5. dnSpy PE format ( Portable Executable File Format)

    Portable Executable File Format PE Format  微软官方的 What is a .PE file in the .NET framework? [closed] ...

  6. 利用PE数据目录的导入表获取函数名及其地址

    PE文件是以64字节的DOS文件头开始的(IMAGE_DOS_HEADER),接着是一段小DOS程序,然后是248字节的 NT文件头(IMAGE_NT_HEADERS),NT的文件头位置由IMAGE_ ...

  7. Load PE from memory(反取证)(未完)

      Article 1:Loading Win32/64 DLLs "manually" without LoadLibrary() The most important step ...

  8. PE病毒初探——向exe注入代码

    PE文件其实就是Windows可执行文件,关于它的一些简要介绍摘自百度: PE文件被称为可移植的执行体是Portable Execute的全称,常见的EXE.DLL.OCX.SYS.COM都是PE文件 ...

  9. 【PE结构】恶意代码数字签名验证

    说明 恶意代码数字签名验证功能,WinverityTrust.CryptQueryObject 代码实现 WinVerifyTrust //------------------------------ ...

随机推荐

  1. 【 POJ - 3801】Crazy Circuits(有源汇、上下界最小流)

    Description You’ve just built a circuit board for your new robot, and now you need to power it. Your ...

  2. Hibernate Is Not Mapped(实体名 is not mapped [from book where id='0'])

    org.springframework.orm.hibernate3.HibernateQueryException: USERINFO is not mapped.看到.hbm.xml文件中的< ...

  3. 第1章(三)安装VS2015和Xamarin For VS

    原文 第1章(三)安装VS2015和Xamarin For VS 操作系统:Win7  64位(sp1或更高版本) 1.安装VS2015 VS2015简体中文企业版:vs2015.ent_chs.is ...

  4. bzoj1053

    不难发现,要让约数尽可能多,那么素因子越小的的指数一定越大可能的素因数的种类也不超过10种然后直接暴搜即可 ..] ,,,,,,,,,); var n,ant,ans:int64; procedure ...

  5. bzoj1954 poj3764

    对于xor有一个非常重要的性质A xor B xor B=A 并且满足交换律和结合律这道题是求无根树上最长的xor路径我们知道,无根树的题目我们都是要想办法转化为有根树来处理当我们确定了一个根,根到每 ...

  6. 如何实现View上添加标签

    效果图: 利用 https://github.com/linger1216/labelview 类库来实现 具体代码 问度娘. {LabelView label = new LabelView(thi ...

  7. python for selenium 数据驱动测试

    # -*- coding:utf-8 -*- """ 数据驱动测试,从 csv 文件中读取数据 """ from selenium impo ...

  8. 学习嵌入式Linux有没有一个最佳的顺序(持续更新)

    作为一个嵌入式Linux的初学者,我知道我可能将长期处于初学者阶段,因为我至今仍然没有能够摸索出一条很好的道路让我由初学者进入到更高级阶段.但是我始终没有放弃,本篇文章就是用来记录我学习嵌入式Linu ...

  9. java基础(八) 面向对象(三)

    这里有我之前上课总结的一些知识点以及代码大部分是老师讲的笔记 个人认为是非常好的,,也是比较经典的内容,真诚的希望这些对于那些想学习的人有所帮助! 由于代码是分模块的上传非常的不便.也比较多,讲的也是 ...

  10. Cogs 1583. [POJ3237]树的维护 LCT,树链剖分

    题目:http://cojs.tk/cogs/problem/problem.php?pid=1583 1583. [POJ3237]树的维护 ★★★☆   输入文件:maintaintree.in  ...