<-- /BYTE* / Resources 
1
Resources

*LEGAL DISCLAIMER: All references to Microsoft products, including but not limited to: Microsoft Macro Assembler (MASM), MS-DOS, Visual C++, Visual Basic, Visual Studio, Windows, Windows NT, Windows Software Development Kit (SDK) and associated logos or images are trademarks owned and copyright by Microsoft Corporation.

Microsoft Portable Executable and COFF (32-bit and 64-bit) Format

Specifications
      
FORMAT
     
      DATE
     
AUTHOR      
     
PE and COFF revision v11.0DOCXJan 23, 2017Microsoft
PE and COFF revision v10.0DOCXJun 15, 2016Microsoft
PE and COFF revision v8.3DOCXFeb 6, 2013Microsoft
PE and COFF revision v8.2DOCXSep 21, 2010Microsoft
PE and COFF revision v8.1DOCXFeb 15, 2008Microsoft
PE and COFF revision v8.0DOCMay 16, 2006Microsoft
PE and COFF revision v6.0DOC / PDFFeb, 1999Microsoft
PE and COFF revision v5.0HTMLOct, 1997Microsoft
PE and COFF revision v4.1HTMLAug, 1994Microsoft
PE and COFF revision v4.0HTMLSep, 1993Microsoft
Portable Executable FormatTXT-Micheal J. O'Leary
COFF KB Article (Q121460)TXT / HTML Oct 12, 1994Microsoft Knowledge Base
TIS Formats for Windows v1.0 (PE/Debug Symbols)PDFFeb 1993Borland, IBM, Intel, Lotus, MetaWare, Microsoft, Santa Cruz Operation, WATCOM, PharLap, and Symantec
COFF rev 1.3 - NT OS/2 Linker/Librarian/Image FormatDOCMay 31, 1990Michael J. O'Leary
Windows Authenticode PE Signature Format v1.0DOCXMar, 2008Microsoft

PE Checksum Algorithm
NT 3.51 Win32 SDK Tools source code (including full IMAGEHLP.DLL source)ZIPAug 1989, Mar 1993Steve Wood (algorithm), David N. Cutler (Checksum APIs)
Distilled version of the checksum code found aboveC
NOTE: Contrary to popular belief, Microsoft's proprietary PE checksum algorithm was originally public information. The IMAGEHLP.DLL source from the NT 3.51 SDK from June 1995 was one of the last known public releases of the algorithm. Microsoft subsequently made IMAGEHLP.DLL closed-source once it became a standard component of the NT 4.0 operating system - first released on July 31st, 1996. The source code has been removed since the August 1996 release of Win32 SDK for Windows 95 and NT 4.0. As of Windows 10, the Windows loader still uses the same algorithm.

RES, LIB and OBJ File Formats
LIB File FormatHTMLApr 1998Matt Pietrek
Win32 Resource (RES) File Format (1993)TXT1993Floyd Rogers
Win32 Resource (RES) File Format (1992)TXT1992Floyd Rogers

PE Format Articles
An In-Depth Look into the Win32 PE File Format, Part 1HTMLFeb 2002Matt Pietrek
An In-Depth Look into the Win32 PE File Format, Part 2HTMLMar 2002Matt Pietrek
Peering Inside the PE: A Tour of the Win32 PE File FormatHTMLMar 1994Matt Pietrek
The PE File Format from Top to BottomHTMLJun 1993Randy Kath
The PE File FomatTXTMar 1999Bernd Luevelsmeyer
The NT 3.1 Portable Executable File FormatHTMLAug 1997Johannes Plachy
What is a Linker and How Does it Work?HTMLJul 1997Matt Pietrek
The Scoop on DBG FilesHTMLMar 1999Matt Pietrek
Delay-Load DLLs, Part 1HTMLDec 1998Matt Pietrek
Delay-Load DLLs, Part 2HTMLFeb 2000Matt Pietrek
EZPE Symbol-Dump ApplicationHTMLAug 1997Matt Pietrek
Depends Dependency-Dump ApplicationHTMLFeb 1997Matt Pietrek
PEDIFF Export-Dump ApplicationHTMLNov 1997Matt Pietrek
System-Wide Module List ApplicationHTMLSep 1998Matt Pietrek


Exception Handling/Stack-Walking
      
FORMAT
     
      DATE
     
AUTHOR      
     
A Crash Course on the Depths of Win32 Structured Exception HandlingHTMLJan 1997Matt Pietrek
New Vectored Exception Handling in Windows XPHTMLSep 2001Matt Pietrek
Win32 Exception Handling for Assembler ProgrammersHTML2002Jeremy Gordon
Stack Walking for Exception Reports Part 1HTMLApr 1997Matt Pietrek
Stack Walking with Symbolic Traces Part 2 (using IMAGEHLP)HTMLMay 1997Matt Pietrek
Stack Walking with Symbolic Traces Part 3 (using DBGHELP)HTMLMar 2002Matt Pietrek
Exception GeneratorHTMLOct 1997Matt Pietrek


Code Optimization / Assembly
      
FORMAT
     
      DATE
     
AUTHOR      
     
Reduce 32-bit EXE and DLL Size with LIBCTINY.LIB (2001 UPDATE)HTMLJan 2001Matt Pietrek
Reduce 32-bit EXE and DLL Size with LIBCTINY.LIB (1996)HTMLOct 1996Matt Pietrek
Remove Fatty Deposits from Your Applications Using the Liposuction Tool (32-bit)HTMLOct 1996Matt Pietrek
Optimizing DLL Load Time PerformanceHTMLMay 2000Matt Pietrek
Just Enough Assembly Language to Get By, Part IHTMLFeb 1998Matt Pietrek
Just Enough Assembly Language to Get By, Part IIHTMLJun 1998Matt Pietrek
Link-time Code Generation (/LTCG)HTMLMay 2002Matt Pietrek
Optimize Code with New VC++7.NET Switches:
    /RTCx, /GS, /showIncludes, /Wall, /Wp64, /GH, /GL, /LTCG, /PDBSTRIPPED		HTMLAug 2001John Robbins


Win32 / NT OS
      
FORMAT
     
      DATE
     
AUTHOR      
     
Solving the Mysteries of the Windows 2000 LoaderHTMLMar 2002Russ Osterlund
DLL Initialization, Loading and DebuggingHTMLSep 1999Matt Pietrek
DLL Best PracticesHTMLMay 2006Microsoft
DllMain Deadlock from Process CRITICAL_SECTIONHTMLJan 1996Matt Pietrek
CRITICAL_SECTION internalsHTMLDec 2003Matt Pietrek
beginthread VS CreateThreadHTMLJul 1999Jeffrey Richter
DispatchMessage() InternalsHTMLMar 1997Matt Pietrek
New XP and WS03 APIs (System Info, Kernel, Debugging, Security, and UI)HTMLJun 2003Matt Pietrek
Memdiff ApplicationHTMLNov 1999Matt Pietrek
MouseWheel Scroll Simulator for Legacy ApplicationsHTMLJun 1997Matt Pietrek
MSDN Win32 API docs in single CHM (current and non-bloated!)CHMJan 2016Laurence Jackson


Raymond Chen's "Old New Thing" Blog
      
FORMAT
     
      DATE
     
AUTHOR      
     
Old New Thing Archive (2003-2019)HTMLJan 2019Raymond Chen


COM / DOT NET
      
FORMAT
     
      DATE
     
AUTHOR      
     
The Component Object Model (COM) SpecificationPDF / DOCOct 1995Microsoft
Rules of the Component Object Model (COM)HTMLOct 1995Charlie Kindel
Understanding IDL: A Developer's Survival GuideHTMLAug 1998Bill Hludzinski
Improve Your Debugging by Generating Symbols from COM Type LibrariesHTMLMar 1999Matt Pietrek
Avoiding DLL Hell: Application Metadata in the .NET FrameworkHTMLOct 2000Matt Pietrek
TypeRefViewer Utility Shows TypeRefs and MemberRefs in One GUIHTMLNov 2001Matt Pietrek


AMD64/x64 Specific
      
FORMAT
     
      DATE
     
AUTHOR      
     
x64 Primer - Everything You Need to Know to Start Programming 64-Bit WindowsHTMLMay 2006Matt Pietrek
x64 Exception Unwind Data for FunctionsHTMLJan 2006Kevin Frei


Undocumented Windows TEB, PEB and SEH definitions
      
FORMAT
     
      DATE
     
AUTHOR      
     
Win32 TEB, PEB and SEH headerHMay 2018bytepointer
Win64 TEB, PEB headerHMay 2018bytepointer
What's in a TIB (Thread Information Block)?HTMLMay 1996Matt Pietrek


16-Bit Executable Formats
         
Excerpts from The MS-DOS Encyclopedia © 1988
Program Structure - EXE and COM files
The WIN16 NE Header
      
FORMAT
     
      DATE
     
AUTHOR      
     
The EXE File Format (Excerpt from MS-DOS Programmer's Reference)TXT1993Microsoft Press
Win16 NE Executable Format for Windows 3.1TXT1991Windows 3.1 SDK (WIN31WH.HLP)
Win16 NE Executable Format for Windows 3.0TXT1989Windows 3.0 SDK


16-Bit Executable Viewers
      
FORMAT
     
      DATE
     
AUTHOR      
     
EXEVIEW SDK Tool with SourceWIN16April 1993Microsoft Product Support
YAHU (Yet Another Header Utility) SDK Tool with SourceWIN32Jan 1995Ruediger R. Asche


16-Bit to 32-Bit Windows
      
FORMAT
     
      DATE
     
AUTHOR      
     
Transition from 16-bit to 32-bit WindowsHTMLJul 2000Matt Pietrek
NTVDM Subsystem (16-bit Emulator) InternalsHTMLAug 1998Matt Pietrek


 1:1