From the beginning i am hearing that exe consists of 3 main parts,
.rcsc
.text
.data
-some time these too
(.reloc)
(.ndata)
(.rdata)
exe file starts with magic sig "MZ".
exe file has an entry point called (EP).It has export table , import table, check-sums..
hummm strange...
My question is How do i open exe file to get this information,
packer , unpackers, pe scanner's and AV's are use this concept to examine a particular file.
code, documents any thing is welcome.
thanks for reading this gibberish.
_UPDATE_
For example :
Consider file.exe ,
i want to open this file and search for particular byte pattern.
For ex : ?? ?? ?? 5B 24 55 50 44 FB 32 2E 31 5D
this is byte pattern for packer called "$pirit v1.5"
?? are wildcard bytes.