PORTABLE EXECUTABLE


PORTABLE EXECUTABLE

Virus Bulletin, June 2002
permission of the publishers. Unexpected Resutls [ sic ] Peter Ferrie Symantec Security Response, Australia In early 2000, while studying the latest release of the Portable Executable
http://pferrie.tripod.com/papers/chiton.pdf

PE Explorer Enables Analysis of Packed Malware Executables
PE Explorer offers a thorough look at PE (portable executable) file structure and all of the resources in the file, and tells you just about every little detail you could possibly
http://www.heaventools.com/pr_Heaventools.PE.Explorer_1.98.pdf

The PortablE language & compiler
Similarly, if you are using AROS, then use the PortablE-AROS executable, but rename it. 2.(a) If you already have a previous version of PortablE installed, simply delete the old
http://cshandley.co.uk/portable/PortablE.pdf

Pe File Infection Techniques
Scholarship for Service 3 ?Most 32-bit Windows viruses infect executables and object files (DLLs). ?Most often they achieve this by modifying the PE (Portable Executable) file
http://rozinov.sfs.poly.edu/presentations/pe_file_infection_techniques_part_1.pdf

PeaZip 2.1 online help
1 PeaZip Open source, portable file and archive manager Document revision: 2008 05 17 Author: Giorgio Tani Translation: Giorgio Tani This document refers to: PeaZip 2.1 executable
http://peazip.sourceforge.net/peazip_help.pdf

USER MANUAL
information, forms informations, assemblies, etc). 1. « Executable Informations » node : This node lists all the internal EXE structure for executable with PE (Portable Executable)
http://www.decompiler-vb.net/documentation/VBReFormer%20-%20Help.pdf

Static Analysis of Anomalies and Security Vulnerabilities in ...
Microsoft Portable Executable and Common Object File Format Specification Revision 6.0 February 1999. Micro soft Corporation . www. microsoft. com.
http://www.letu.edu/people/jaytevis/Freeware/findssv/findssv-tevis-hamilton-ACMSE06.PDF

.text: 00401000 ; File Name: srvcp.exe
text: 00401000 ; Format: Portable executable for IBM PC (PE)
http://www.zeltser.com/reverse-malware-paper/srvcp-asm.pdf

"PIMP MY PE": PARSING MALICIOUS AND MALFORMED EXECUTABLES
nickh,tomr,caseys,nicks}@sunbelt-software.com Abstract A foundational requirement in the security world is the capability to robustly parse and analyze Windows Portable Executable
http://www.sunbelt-software.com/ihs/alex/vb07_paper.pdf

The Securityof Static Typing with Dynamic Linking
with Dynamic Linking Drew Dean Computer Science Laboratory SRI International 333 Ravenswood Avenue Menlo Park, CA 94025 Abstract Dynamic linking isarequirement for portable executable
http://www.windowsecurity.com/uplarticle/14/ccs4-preprint.pdf

Endpoint Productivity Advances With Anti-Executable 3.0
FOR IMMEDIATE RELEASE Endpoint Productivity Advances With Anti-Executable 3.0 Latest version software can be accidentally or intentionally installed on computers from portable drives
http://www.faronics.com/doc/pr/PR_AE3_0.pdf

W32.Goner.A@mm
The worm has been compressed using a known Portable Executable (PE)* file compressor. The worm can spread its infection using the ICQ network as well as by email using Microsoft
http://www.goesp.com/Downloads/Anti-Virus/W32.Goner.A@mm/w32.goner.pdf

Accessing Echoed Documents Using WorkSite Portable
In the Target field of the Shortcut Properties dialog box, enter the path to the portable executable file followed by -D then the maximum age of echo documents in days. Example:
http://www.rbrosolutions.com/pdfs/rtip8_echo.pdf

Rethinking Antivirus: Executable Analysis in the Network Cloud
Each file written is scanned fora valid Portable Executable (PE) header to verify whether it is an executable. The executable is then hashed using the SHA-1 algorithm and
http://www.eecs.umich.edu/fjgroup/pubs/cloud-hotsec07.pdf

Enabling Firmware Applications
in System Management Mode, independently of the foreground operating system. The Firmbase ® System Firmbase makes it possible for OEMs to use standard 32-bit Windows (Portable Executable
http://www.embeddedbios.com/documents/firmbase.pdf

VIRUS ANALYSIS 1
additional polymorphic decryptor. This virus supports a unique new technique: code integration. The Mistfall engine contained in it is capable of decompiling Portable Executable
http://www.peterszor.com/zmist.pdf

VB'98 Conference proceedings
In addition, Windows NT introduced a new executable file structure called Portable Executable (PE) file format (a file format which is very similar to, if not based on, the Unix COFF
http://www.peterszor.com/attacks.pdf

AToolkitfor Detecting and Analyzing Malicious Software
The Portable Executable Analysis Toolkit. It is a software prototype designed to prov ide a selection o f tools that an analyst may use in order toe xaminestructur al aspects ofa
http://www.cigital.com/papers/download/PEAT_ACSAC02.pdf

Automated Debugging and Process Analysis
Portable Executable Format (PE/COFF) ? COFF Section Tables ? Located by adding: ? base_addr + * (uint 32) (base_addr + 0x3c) + size of (COFF) + PCOFF>SizeOfOptionalHeader ? Then
http://rjohnson.uninformed.org/

x86 Disassembler Internals Toorcon 7 September 2005
Derived from DEC's Common Object File Format (COFF)-Object files are generated as COFF and later linked as PE binaries-Officalreference: Microsoft Portable Executable and Common
http://rjohnson.uninformed.org/Presentations/200512%20CCC%20-%20Disassembler%20Internals%20II/Disassembler%20Internals%20II.pdf

Executable and Linkable Format (ELF)
ELF: Executable and Linkable Format ii Portable Formats Specification, Version 1.1 Tool Interface Standards (TIS)
http://www.skyfree.org/linux/references/ELF_Format.pdf

AToolkitfor Detecting and Analyzing Malicious Software
The Portable Executable Analysis Toolkit. It is a software prototype designed to prov ide a selection o f tools that an analyst may use in order to examine structural aspects ofa
http://www.acsac.org/2002/papers/32.pdf

Tool Interface Standard (TIS) Formats Specification for Windows
portable executable format 2.0 pe header signature stamp cpu type # objects time/date stamp reserved reserved nt hdr size flags reserved lmajor lminor reserved reserved reserved entrypoint rva
http://www.openwatcom.org/ftp/devel/docs/pe_and_symbols.pdf

Tool Interface Standard (TIS) Portable Formats Specification
The TIS Committee grants you a non-exclusive, worldwide, royalty-free license to use the information disclosed in the Specifications to make your software TIS-compliant; no other
http://www.acm.uiuc.edu/sigops/rsrc/pfmt11.pdf

Architectures for secure portable executable content
Introduction Downloadable executable content (or mobile code) are based on the idea of transmitting data that are actually codes to be executed. Use of the World Wide Web has
http://www.spinellis.gr/pubs/jrnl/1998-InetRes-ExeSec/html/exesec.pdf

05812848; Subclassing system for computer that operates with portable ...
05812848; Subclassing system for computer that operates with portable-executable (PE) modules; 1998-09-22; 395/685
http://service1.symantec.com/legal/publishedpatents.nsf/0/66E55CB1A9FB81C988256DF7005D6CC7/$FILE/05812848.pdf

Vulnerability in Portable Executable File
Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture Vulnerability in Portable Executable File
http://goodfellas.shellcode.com.ar/docz/bof/pe.pdf

Microsoft Portable Executable and Common Object File Format ...
Microsoft Portable Executable and Common Object File Format Specification IMPORTANT?READ CAREFULLY: This Microsoft Agreement ("Agreement") is a legal agreement between you
http://osdever.net/documents/PECOFF.pdf?the_id=49

Tool Interface Standard (TIS) Executable and Linking Format (ELF ...
iii Preface This Executable and Linking Format Specification, Version 1.2, is the result of end, the committee has developed specifications--some for file formats that are portable
http://x86.ddj.com/ftp/manuals/tools/elf.pdf