I’m doing Windows malware research by machine learning method. I read the PE format and using dumpbin and found that there are many parts in there. Eg:.idata
.edata .pdata .data .rdata .sxdata .text .rscr .tls... But not all of them are used for actions/behaviours. I just care about their behaviours and to reduce the large data before the next steps. Thanks
>>I just care about their behaviours and to reduce the large data before the next steps.
What do you mean about behavirours?
PE file format is made up of IMAGE_DOS_HEADER, IMAGE_NT_HEADERS (IMAGE_FILE_HEADER, IMAGE_OPTIONAL_HEADER), IMAGE_SECTION_HEADERS, Sections. You can get the details on the structures of PE file format on Winnt.h.
Here is a document about details of Portable Executables file format itself.
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to
MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Marked as answer byduy thaoTuesday, March 21, 2017 7:50 AM