Figure 1 - PE File

  • The CLR header stores information to indicate that the PE file is a .NET executable and the CLR data section contains metadata and Microsoft Intermediate Language (MSIL, or IL for short) code.
  • Every common language runtime–compliant development tool compiles its own source code into IL code. Because all development tools produce the same IL, regardless of the language in which their source code is written, differences in implementation are gone by the time they reach the common language runtime.
  • Metadata is data that is used to describe classes and what they can do, separate from the code of the class itself. It is important to understand that metadata is not part of the class in the same way that variables and methods are, but instead it is used to describe classes.The CLR uses metadata for many purposes including; locating and loading classes, laying out objects in memory, finding out what methods and properties a class has, enforcing security and discovering the class’s transactional behaviour. You can ask an object at runtime for this type of information such as its type, methods, properties, events and so on.Most of the metadata associated with a class is provided by the compilation process, but it is possible to create your own metadata items, called attributes, and attach them to your own classes.
  • IL code : Code the compiler produced as it compiled the source code. At runtime, the CLR compiles the IL into native CPU instructions.

  Ref: Programming Design Pattern and CLR Via C#.

PE File.的更多相关文章

  1. Delphi : Analyze PE file headers?

    Analyze PE file headers? { You'll need a OpenDialog to open a Exe-File and a Memo to show the file i ...

  2. Make the PE file consistent when code not changed

    参考:http://www.mouseos.com/assembly/06.html 参考:http://www.cnblogs.com/tk091/archive/2012/04/18/245617 ...

  3. Inject shellcode into PE file

    先声明这是不免杀的,只是演示. 哔哩哔哩视频 新增节 一般能实现特定功能的shellcode的长度都比较长,可以分到几个节上的空白区,但是这样麻烦啊,或者把最后一个节扩大,但是最后一个节一般没有执行的 ...

  4. 《Peering Inside the PE: A Tour of the Win32 Portable Executable File Format》阅读笔记二

    Common Sections The .text section is where all general-purpose code emitted by the compiler or assem ...

  5. dnSpy PE format ( Portable Executable File Format)

    Portable Executable File Format PE Format  微软官方的 What is a .PE file in the .NET framework? [closed] ...

  6. 利用PE数据目录的导入表获取函数名及其地址

    PE文件是以64字节的DOS文件头开始的(IMAGE_DOS_HEADER),接着是一段小DOS程序,然后是248字节的 NT文件头(IMAGE_NT_HEADERS),NT的文件头位置由IMAGE_ ...

  7. Load PE from memory(反取证)(未完)

      Article 1:Loading Win32/64 DLLs "manually" without LoadLibrary() The most important step ...

  8. PE病毒初探——向exe注入代码

    PE文件其实就是Windows可执行文件,关于它的一些简要介绍摘自百度: PE文件被称为可移植的执行体是Portable Execute的全称,常见的EXE.DLL.OCX.SYS.COM都是PE文件 ...

  9. 【PE结构】恶意代码数字签名验证

    说明 恶意代码数字签名验证功能,WinverityTrust.CryptQueryObject 代码实现 WinVerifyTrust //------------------------------ ...

随机推荐

  1. 【HDU3247】 Resource Archiver(DP+AC自动机+最短路)

    Resource Archiver Time Limit: 10000MS   Memory Limit: 100000KB   64bit IO Format: %I64d & %I64u ...

  2. 集成activiti-modeler 到 自己的业务系统

    本文目的: 将activit 5.12.1 的 modeler 流程设计器 集成到自己的工程中去 解决问题: 1. 复制相关资源文件到自己的工程中 2. 解决modeler的路径访问问题,迁移到非系统 ...

  3. read by other session

    模拟场景: 同时开多个SESSION执行select * from test2; read by other session: 当会话必须等待其他会话将统一数据块读入缓冲存储器时,作为read by ...

  4. HTTP, W3SVC, WAS 和 W3WP

    IIS 请求主要模块        当客户端向 IIS 发出 HTTP 请求时,会有很多事情发生. 有许多内核模式和本机模式组件,用于将请求路由到最终响应请求的 W3WP 进程.       响应一个 ...

  5. poj3709

    首先我们发现将一段数变为同一个数比间隔着搞肯定优,因为数列是升序的,然后不难得到方程式f[i]=min(f[j]+sum[i]-sum[j]-(i-j)*a[j+1]) (i-j>=m)简单的斜 ...

  6. Delphi 用Web App Debugger简单调试ISAPI 转

    用Web App Debugger简单调试ISAPI   以isapi为例: 1.新建一个project,用isapi/nsapi: 2.remove这个project中所有的unit: 3.加进你用 ...

  7. Performance testing of web application

    Testing the performance of web application is easy . It's easy to design unrealistic scenario . Easy ...

  8. poj 2288 tsp经典问题

    题目链接:http://poj.org/problem?id=2288 #include<cstdio> #include<cstring> #include<iostr ...

  9. 安装MongoDB -- Windows平台

    1. 安装MongoDB 2. 添加环境变量 将安装后的bin目录,添加至系统的Path环境变量中,例如我的安装路径为"C:\Program Files\MongoDB\Server\3.2 ...

  10. luajit 安装cjson

    最近需要升级原有服务器的nginx加载逻辑,新的lua脚本需要解析一个远程返回的json格式的结果,原有的luajit并没有带cjson库,需要自己手动安装一下. 基本参考博客luajit安装cjso ...