Difference between revisions of "Executable"
From Forensics Wiki
Joachim Metz (Talk | contribs) (→DBG, PDB) |
Joachim Metz (Talk | contribs) (→DBG, PDB) |
||
| (2 intermediate revisions by one user not shown) | |||
| Line 11: | Line 11: | ||
== External Links == | == External Links == | ||
* [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable] | * [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable] | ||
| + | |||
| + | === ELF === | ||
| + | * [http://robinhoksbergen.com/papers/howto_elf.html Manually Creating an ELF Executable], by Robin Hoksbergen | ||
=== MZ, PE/COFF === | === MZ, PE/COFF === | ||
| Line 33: | Line 36: | ||
* [http://sourceforge.net/p/mingw-w64/code/HEAD/tree/experimental/tools/libmsdebug/ libmsdebug], by the [[MinGW|MinGW project]] | * [http://sourceforge.net/p/mingw-w64/code/HEAD/tree/experimental/tools/libmsdebug/ libmsdebug], by the [[MinGW|MinGW project]] | ||
* [http://moyix.blogspot.ch/2007/10/types-stream.html The Types Stream], by [[Brendan Dolan-Gavitt]], October 4, 2007 | * [http://moyix.blogspot.ch/2007/10/types-stream.html The Types Stream], by [[Brendan Dolan-Gavitt]], October 4, 2007 | ||
| + | * [http://web.archive.org/web/20110814041817/http://www.stackhash.com/blog/post/Format-of-a-minidump-(mdmp)-file.aspx Format of a minidump (mdmp) file], Internet Archive: StackHash blog, May 16, 2011 | ||
=== Mach-O === | === Mach-O === | ||
* [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O] | * [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O] | ||
| + | |||
| + | === Packers === | ||
| + | * [http://www.woodmann.com/crackz/Packers.htm Packers & Unpackers] | ||
== Tools == | == Tools == | ||
Latest revision as of 07:45, 3 February 2014
|
|
Please help to improve this article by expanding it.
|
An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.
There are multiple families of executable files:
- Scripts; e.g. shell scripts, batch scripts (.bat)
- DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
- ELF
- Mach-O
Contents |
External Links
ELF
- Manually Creating an ELF Executable, by Robin Hoksbergen
MZ, PE/COFF
- Wikipedia: Portable Executable
- Microsoft PE and COFF Specification
- Peering Inside the PE: A Tour of the Win32 Portable Executable File Format, by Matt Pietrek, March 1994
- Under the Hood, by Matt Pietrek, July 1997
- An In-Depth Look into the Win32 Portable Executable File Format, by Matt Pietrek, February 2002
- MZ, PE-COFF executable file format (EXE), by the libexe project, October 2011
- The Internal of Reloc .text, Full Disclosure Mailing list, October 21, 2013
DBG, PDB
- Wikipedia: Program database
- Matching Debug Information, by debuginfo.com
- Description of the .PDB files and of the .DBG files, by Microsoft
- Public and Private Symbols, by Microsoft
- DbgHelp Structures, by Microsoft
- Internet Archive: Microsoft Symbol and Type Information, by Microsoft
- Microsoft Symbol and Type Information
- Stream Descriptions, pdbparse project
- minidump_format.h
- libmsdebug, by the MinGW project
- The Types Stream, by Brendan Dolan-Gavitt, October 4, 2007
- Format of a minidump (mdmp) file, Internet Archive: StackHash blog, May 16, 2011
Mach-O
Packers
Tools
MZ, PE/COFF
- pefile, multi-platform Python module to read and work with Portable Executable (aka PE) files
PDB
- pdbparse, Open-source parser for Microsoft debug symbols (PDB files)
