823 B

Raw Blame History

PE Shellcode

General PE Information

[PE structure](../../../reverse engineering/windows/portable-executable.md)

Inserting Shellcode

Multiple sections inside the PE can be used to insert the shellcode. This is defined by how the shellcode variable is initialized. When the shellcode is defined as

A local variable inside the main function it will be stored in the .text section
A global variable it will be stored in the .data section
A raw binary in an icon image and referencing it will store it in the .rsrc section
A custom data section it is stored in this unusual section

Crafting Shellcode

Tools & Tipps

hasherezade's PE-bear gives an overview of the PE's sections
asmtutor.com

823 B Raw Blame History

PE Shellcode

General PE Information

Inserting Shellcode

Crafting Shellcode

Tools & Tipps

823 B

Raw Blame History