|
PE files (.exe, .dll, ...) have sections: a section with code, one with data, ... Each section has a name, and different compilers use different section names. Section names can help us identify the compiler and the type of PE file we are analyzing. @Hexacorn compiled a list of section names with corresponding description, you can find the latest version here. I find this list so useful, that I included it (with permission) in my pecheck.py tool. pecheck is a Python tool to analyze PE files, based on Ero Carrera's pefile module. Use -o s (overview of sections) to see the sections, with name, size, entropy and description:
Didier Stevens |
DidierStevens 155 Posts ISC Handler |
| Reply Subscribe |
Jul 2nd 2017 3 weeks ago |
|
Congrats on the Microsoft MVP!
|
Anonymous Posts |
| Reply Quote |
Jul 2nd 2017 3 weeks ago |
|
Thanks!
|
DidierStevens 155 Posts Posts ISC Handler |
| Reply Quote |
Jul 5th 2017 3 weeks ago |
Sign Up for Free or Log In to start participating in the conversation!
