Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PE Section Name Descriptions

Published: 2017-07-02
Last Updated: 2017-07-02 21:19:45 UTC
by Didier Stevens (Version: 1)
2 comment(s)

PE files (.exe, .dll, ...) have sections: a section with code, one with data, ... Each section has a name, and different compilers use different section names. Section names can help us identify the compiler and the type of PE file we are analyzing.

@Hexacorn compiled a list of section names with corresponding description, you can find the latest version here. I find this list so useful, that I included it (with permission) in my pecheck.py tool. pecheck is a Python tool to analyze PE files, based on Ero Carrera's pefile module. Use -o s (overview of sections) to see the sections, with name, size, entropy and description:

Didier Stevens
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: pefile
2 comment(s)
Diary Archives