🔴 Portable Executable Files: Analyzing In-Memory versus On Disk

Portable Executable files will have different characteristics, depending on whether they are loaded into memory for execution, or residing on disk. In this session, we'll take a look at some of those key differences and how they affect your analysis. We'll explore section alignment, discuss the entry point and wrap things up by looking at dumping PE files from memory, a common task when unpacking malware. Please note, this session is a continuation of a series exploring the PE file, and you can check out the first video title "Getting Started Analyzing the Portable Executable (PE) File Format" on my YouTube channel.

Join Today
Investigating Sections in PE Files and Why They Are Important for Reverse Engineering
▶︎

Investigating Sections in PE Files and Why They Are Important for Reverse Engineering

🎥 Analyzing Portable Executable Files with PEStudio
▶︎

🎥 Analyzing Portable Executable Files with PEStudio

Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones
▶︎

Co-Creator of Haskell: Functional Programming, Thinking in Types, Useless Languages | Simon Jones

I Hacked This Temu Router. What I Found Should Be Illegal.
▶︎

I Hacked This Temu Router. What I Found Should Be Illegal.

How to Actually Learn C (2027 Edition)
▶︎

How to Actually Learn C (2027 Edition)

Andrew Kelley: A Practical Guide to Applying Data Oriented Design (DoD)
▶︎

Andrew Kelley: A Practical Guide to Applying Data Oriented Design (DoD)

02 - Exploring the Reverse Shell Source Code and API Breakdown
▶︎

02 - Exploring the Reverse Shell Source Code and API Breakdown

Their Company Data Is Trapped On This BitLocker-Encrypted SSD
▶︎

Their Company Data Is Trapped On This BitLocker-Encrypted SSD

Microsoft Just Released Their Own Linux Distro: Should You Be Worried?
▶︎

Microsoft Just Released Their Own Linux Distro: Should You Be Worried?

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

I Think They Are Lying To You
▶︎

I Think They Are Lying To You

Demystifying the PE File Format - Dominic Cunningham
▶︎

Demystifying the PE File Format - Dominic Cunningham

The Biggest Hacking Mystery of Our Time: Shadow Brokers
▶︎

The Biggest Hacking Mystery of Our Time: Shadow Brokers

Tips for C Programming
▶︎

Tips for C Programming

Windows Internals: Walking the Process Environment Block to Discover In-Memory Libraries
▶︎

Windows Internals: Walking the Process Environment Block to Discover In-Memory Libraries

What's inside a .EXE File?
▶︎

What's inside a .EXE File?

I Gave ChatGPT a Body
▶︎

I Gave ChatGPT a Body

[Workshop] Saying Goodbye to the #US Stream – Analyzing String Obfuscation
▶︎

[Workshop] Saying Goodbye to the #US Stream – Analyzing String Obfuscation

NEW CHESS BOT IS 4000 ELO?!?!
▶︎

NEW CHESS BOT IS 4000 ELO?!?!