Difference between revisions of "Executable"
From Forensics Wiki
Joachim Metz (Talk | contribs) (→DBG, PDB) |
Joachim Metz (Talk | contribs) (→Minidump) |
||
| (6 intermediate revisions by one user not shown) | |||
| Line 11: | Line 11: | ||
== External Links == | == External Links == | ||
* [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable] | * [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable] | ||
| + | |||
| + | === ELF === | ||
| + | * [http://robinhoksbergen.com/papers/howto_elf.html Manually Creating an ELF Executable], by Robin Hoksbergen | ||
=== MZ, PE/COFF === | === MZ, PE/COFF === | ||
| Line 30: | Line 33: | ||
* [http://pierrelib.pagesperso-orange.fr/exec_formats/MS_Symbol_Type_v1.0.pdf Microsoft Symbol and Type Information] | * [http://pierrelib.pagesperso-orange.fr/exec_formats/MS_Symbol_Type_v1.0.pdf Microsoft Symbol and Type Information] | ||
* [https://code.google.com/p/pdbparse/wiki/StreamDescriptions Stream Descriptions], [https://code.google.com/p/pdbparse/ pdbparse project] | * [https://code.google.com/p/pdbparse/wiki/StreamDescriptions Stream Descriptions], [https://code.google.com/p/pdbparse/ pdbparse project] | ||
| − | |||
* [http://sourceforge.net/p/mingw-w64/code/HEAD/tree/experimental/tools/libmsdebug/ libmsdebug], by the [[MinGW|MinGW project]] | * [http://sourceforge.net/p/mingw-w64/code/HEAD/tree/experimental/tools/libmsdebug/ libmsdebug], by the [[MinGW|MinGW project]] | ||
| − | * [http://moyix.blogspot. | + | * [http://moyix.blogspot.com/2007/10/types-stream.html The Types Stream], by [[Brendan Dolan-Gavitt]], October 4, 2007 |
| + | |||
| + | === Minidump === | ||
| + | * [http://msdn.microsoft.com/en-us/library/windows/desktop/ms680378(v=vs.85).aspx MSDN: MINIDUMP_HEADER structure] | ||
| + | * [https://code.google.com/p/google-breakpad/source/browse/trunk/src/google_breakpad/common/minidump_format.h minidump_format.h], by [[Google]], 2006 | ||
| + | * [http://moyix.blogspot.com/2008/05/parsing-windows-minidumps.html Parsing Windows Minidumps], by [[Brendan Dolan-Gavitt]], May 7, 2008 | ||
| + | * [http://web.archive.org/web/20110814041817/http://www.stackhash.com/blog/post/Format-of-a-minidump-(mdmp)-file.aspx Format of a minidump (mdmp) file], Internet Archive: StackHash blog, May 16, 2011 | ||
=== Mach-O === | === Mach-O === | ||
* [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O] | * [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O] | ||
| + | |||
| + | === Packers === | ||
| + | * [http://www.woodmann.com/crackz/Packers.htm Packers & Unpackers] | ||
== Tools == | == Tools == | ||
| Line 44: | Line 55: | ||
=== PDB === | === PDB === | ||
* [https://code.google.com/p/pdbparse/ pdbparse], Open-source parser for Microsoft debug symbols (PDB files) | * [https://code.google.com/p/pdbparse/ pdbparse], Open-source parser for Microsoft debug symbols (PDB files) | ||
| + | |||
| + | === Minidump === | ||
| + | * [http://support.microsoft.com/kb/315271 Dumpchk.exe], by [[Microsoft]] | ||
| + | * [http://amnesia.gtisc.gatech.edu/~moyix/minidump.py minidump.py], by [[Brendan Dolan-Gavitt]] | ||
Latest revision as of 13:46, 31 March 2014
|
|
Please help to improve this article by expanding it.
|
An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.
There are multiple families of executable files:
- Scripts; e.g. shell scripts, batch scripts (.bat)
- DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
- ELF
- Mach-O
Contents |
External Links
ELF
- Manually Creating an ELF Executable, by Robin Hoksbergen
MZ, PE/COFF
- Wikipedia: Portable Executable
- Microsoft PE and COFF Specification
- Peering Inside the PE: A Tour of the Win32 Portable Executable File Format, by Matt Pietrek, March 1994
- Under the Hood, by Matt Pietrek, July 1997
- An In-Depth Look into the Win32 Portable Executable File Format, by Matt Pietrek, February 2002
- MZ, PE-COFF executable file format (EXE), by the libexe project, October 2011
- The Internal of Reloc .text, Full Disclosure Mailing list, October 21, 2013
DBG, PDB
- Wikipedia: Program database
- Matching Debug Information, by debuginfo.com
- Description of the .PDB files and of the .DBG files, by Microsoft
- Public and Private Symbols, by Microsoft
- DbgHelp Structures, by Microsoft
- Internet Archive: Microsoft Symbol and Type Information, by Microsoft
- Microsoft Symbol and Type Information
- Stream Descriptions, pdbparse project
- libmsdebug, by the MinGW project
- The Types Stream, by Brendan Dolan-Gavitt, October 4, 2007
Minidump
- MSDN: MINIDUMP_HEADER structure
- minidump_format.h, by Google, 2006
- Parsing Windows Minidumps, by Brendan Dolan-Gavitt, May 7, 2008
- Format of a minidump (mdmp) file, Internet Archive: StackHash blog, May 16, 2011
Mach-O
Packers
Tools
MZ, PE/COFF
- pefile, multi-platform Python module to read and work with Portable Executable (aka PE) files
PDB
- pdbparse, Open-source parser for Microsoft debug symbols (PDB files)
