PE Section names – re-visited, again, in 2023
2023-5-12 07:16:10 Author: www.hexacorn.com(查看原文) 阅读量:24 收藏

May 11, 2023 in Reversing, Windows 11

In my previous posts I have listed many PE sections present in different types of binaries. Today I am looking at win11 PE sections and am happy to report that the world of PE Sections has expanded a bit, again; here are some stats:

  • 3176 b’.rsrc’
  • 3109 b’.text’
  • 3109 b’.reloc’
  • 3108 b’.data’
  • 3102 b’.pdata’
  • 2983 b’.rdata’
  • 2007 b’.a64xrm’ –> CHPEV2 section
  • 1958 b’.hexpthk’ –> possibly stands for Hybrid Executable Push Thunk
  • 1705 b’.didat’
  • 241 b’.00cfg’
  • 50 b’.orpc’
  • 39 b’?g_Encry’ –> WarbirdPayload
  • 31 b’PAGE’
  • 25 b’INIT’
  • 25 b’GFIDS’
  • 25 b’.edata’
  • 19 b’.wpp_sf’
  • 14 b’.idata’
  • 12 b’.mrdata’
  • 9 b’PAGECMRC’
  • 7 b’RT_DATA’
  • 7 b’RT_BSS’
  • 6 b’RT_CODE’
  • 5 b’_RDATA’
  • 5 b’.sdbid’
  • 5 b’.no_bbt’
  • 5 b’.apiset’
  • 4 b’RT_CONST’
  • 4 b’.isoapis’
  • 4 b’.imrsiv’
  • 2 b’PAGEWdfV’
  • 2 b’PAGELK’
  • 2 b’PAGEDATA’
  • 2 b’PAGECONS’
  • 2 b’.text_hf’
  • 2 b’.sipc’
  • 1 b’msrodata’
  • 1 b’debug_wi’
  • 1 b’cachelin’
  • 1 b’__Defaul’
  • 1 b’SANONTCP’
  • 1 b’RT’
  • 1 b’FE_TEXT’
  • 1 b’ExtTel’
  • 1 b’ERRATA’
  • 1 b’CiPolicy’
  • 1 b’.ssm_url’
  • 1 b’.proxy’
  • 1 b’.ndr64′
  • 1 b’.mytext’
  • 1 b’.guids’
  • 1 b’.detourd’
  • 1 b’.detourc’
  • 1 b’.bootdat’
  • 1 b’.DDIData’

文章来源: https://www.hexacorn.com/blog/2023/05/11/pe-section-names-re-visited-again-in-2023/
如有侵权请联系:admin#unsafe.sh