a file format for Windows executables, object code, DLLs, and more. Commonly found extensions of PE files include .exe, .dll, .ocx, .sys, and .scr.
The Portable Executable file format is used in Windows to represent executables and other code objects. Microsoft first migrated to it with the Windows NT 3.1 OS. Each PE file is essentially a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. It has been wrapped by the .NET framework to support CLR features, like assembly metadata and Intermediate Language code.
The PE format is used for the (32 bits) x86, x64, ARM, Alpha, Mips, and PowerPC versions of Windows, as well as (under the wrapped .NET format) containing code satisfying the .NET Common Intermediate Language requirement. Related structures include EntryPoint, sections, Imports, Exports, Thread Local Storage, and Bound/Delay imports.
Official Specification: Microsoft PE and COFF specification
From Wikipedia:
The Portable Executable (PE) format is a file format for executables, object code, DLLs, FON Font files, and others used in 32-bit and 64-bit versions of Windows operating systems. The term "portable" refers to the format's versatility in numerous environments of operating system software architecture. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. This includes dynamic library references for linking, API export and import tables, resource management data and thread-local storage (TLS) data. On NT operating systems, the PE format is used for EXE, DLL, SYS (device driver), and other file types. The Extensible Firmware Interface (EFI) specification states that PE is the standard executable format in EFI environments.
Papers
- Matt Pietrek
- Daniel Pistelli's Microsoft's Rich signature
- Ange Albertini: PE format and PE 101
