Sign in

United States (English)

Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Italia (Italiano)Россия (Русский)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特别行政區 (中文)

Security Developer Center > Security Forums > CAT.NET > portable execution file format

portable execution file format

Tuesday, October 20, 2009 2:00 PMinamsatti

0
Sign In to Vote
Microsoft Windows follows an executable file format called the PE (Portable Executable) files. A typical virus / mal-code tries to alter the file and inject malicious code in the file so that it would run during the life time of the program. By studying the file format indicate how this may be averted or what mechanisms are in place already to avoid it. Furthermore what modifications / mechanism do you suggest which may make changes to on-disk executable difficult if not impossible.
- Reply
- Quote

All Replies

Saturday, October 24, 2009 10:52 AMCoder24.com

0
Sign In to Vote
Hi,

Yes, Microsoft® Windows® uses the Portable Execution (PE) format, while back in the old Disk Operating System (DOS), Microsoft® used a format called: “MZ” format. Yes, I agree, viruses inject code, that can be executed every time the *.exe program file is executed.

Check out this link for PE details and virus injections: http://www.ntcore.com/files/inject2exe.htm
And: Check out my post: http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/74a7566c-391a-4db1-b8eb-30c723db0358/

I hope this helps…

Have a nice day…

Best regards,
Fisnik
Coder24.com
- Reply
- Quote

Need Help with Forums? (FAQ)