|
*LEGAL DISCLAIMER: All references to Microsoft products, including but not
limited to: Microsoft Macro Assembler (MASM), MS-DOS, Visual C++, Visual Basic,
Visual Studio, Windows, Windows NT, Windows Software Development Kit (SDK) and
associated logos or images are trademarks owned and copyright by Microsoft
Corporation.
|
|
Specifications
|
|
|
|
|
|
|
|
|
|
PE and COFF revision v11.0 | | DOCX | | Jan 23, 2017 | | Microsoft |
PE and COFF revision v10.0 | | DOCX | | Jun 15, 2016 | | Microsoft |
PE and COFF revision v8.3 | | DOCX | | Feb 6, 2013 | | Microsoft |
PE and COFF revision v8.2 | | DOCX | | Sep 21, 2010 | | Microsoft |
PE and COFF revision v8.1 | | DOCX | | Feb 15, 2008 | | Microsoft |
PE and COFF revision v8.0 | | DOC | | May 16, 2006 | | Microsoft |
PE and COFF revision v6.0 | | DOC / PDF | | Feb, 1999 | | Microsoft |
PE and COFF revision v5.0 | | HTML | | Oct, 1997 | | Microsoft |
PE and COFF revision v4.1 | | HTML | | Aug, 1994 | | Microsoft |
PE and COFF revision v4.0 | | HTML | | Sep, 1993 | | Microsoft |
Portable Executable Format | | TXT | | - | | Micheal J. O'Leary |
COFF KB Article (Q121460) | | TXT / HTML | | Oct 12, 1994 | | Microsoft Knowledge Base |
TIS Formats for Windows v1.0 (PE/Debug Symbols) | | PDF | | Feb 1993 | | Borland, IBM, Intel, Lotus, MetaWare, Microsoft, Santa Cruz Operation, WATCOM, PharLap, and Symantec |
COFF rev 1.3 - NT OS/2 Linker/Librarian/Image Format | | DOC | | May 31, 1990 | | Michael J. O'Leary | |
Windows Authenticode PE Signature Format v1.0 | | DOCX | | Mar, 2008 | | Microsoft |
PE Checksum Algorithm
|
NT 3.51 Win32 SDK Tools source code (including full IMAGEHLP.DLL source) | | ZIP | | Aug 1989, Mar 1993 | | Steve Wood (algorithm), David N. Cutler (Checksum APIs) |
Distilled version of the checksum code found above | | C | | | | |
NOTE:
Contrary to
popular belief,
Microsoft's proprietary PE checksum algorithm was originally public information.
The IMAGEHLP.DLL source from the NT 3.51 SDK from June 1995 was one of the last known public releases of the algorithm.
Microsoft subsequently made IMAGEHLP.DLL closed-source once it became a standard component of the
NT 4.0 operating system - first released on July 31st, 1996.
The source code has been removed since the August 1996 release of Win32 SDK for Windows 95 and NT 4.0.
As of Windows 10, the Windows loader still uses the same algorithm.
|
RES, LIB and OBJ File Formats
|
LIB File Format | | HTML | | Apr 1998 | | Matt Pietrek |
Win32 Resource (RES) File Format (1993) | | TXT | | 1993 | | Floyd Rogers |
Win32 Resource (RES) File Format (1992) | | TXT | | 1992 | | Floyd Rogers |
PE Format Articles
|
An In-Depth Look into the Win32 PE File Format, Part 1 | | HTML | | Feb 2002 | | Matt Pietrek |
An In-Depth Look into the Win32 PE File Format, Part 2 | | HTML | | Mar 2002 | | Matt Pietrek |
Peering Inside the PE: A Tour of the Win32 PE File Format | | HTML | | Mar 1994 | | Matt Pietrek |
The PE File Format from Top to Bottom | | HTML | | Jun 1993 | | Randy Kath |
The PE File Fomat | | TXT | | Mar 1999 | | Bernd Luevelsmeyer |
The NT 3.1 Portable Executable File Format | | HTML | | Aug 1997 | | Johannes Plachy |
What is a Linker and How Does it Work? | | HTML | | Jul 1997 | | Matt Pietrek |
The Scoop on DBG Files | | HTML | | Mar 1999 | | Matt Pietrek |
Delay-Load DLLs, Part 1 | | HTML | | Dec 1998 | | Matt Pietrek |
Delay-Load DLLs, Part 2 | | HTML | | Feb 2000 | | Matt Pietrek |
EZPE Symbol-Dump Application | | HTML | | Aug 1997 | | Matt Pietrek |
Depends Dependency-Dump Application | | HTML | | Feb 1997 | | Matt Pietrek |
PEDIFF Export-Dump Application | | HTML | | Nov 1997 | | Matt Pietrek |
System-Wide Module List Application | | HTML | | Sep 1998 | | Matt Pietrek |
|
|
|
|
|
|
|
|
|
|
|
|
|
A Crash Course on the Depths of Win32 Structured Exception Handling | | HTML | | Jan 1997 | | Matt Pietrek |
New Vectored Exception Handling in Windows XP | | HTML | | Sep 2001 | | Matt Pietrek |
Win32 Exception Handling for Assembler Programmers | | HTML | | 2002 | | Jeremy Gordon |
Stack Walking for Exception Reports Part 1 | | HTML | | Apr 1997 | | Matt Pietrek |
Stack Walking with Symbolic Traces Part 2 (using IMAGEHLP) | | HTML | | May 1997 | | Matt Pietrek |
Stack Walking with Symbolic Traces Part 3 (using DBGHELP) | | HTML | | Mar 2002 | | Matt Pietrek |
Exception Generator | | HTML | | Oct 1997 | | Matt Pietrek |
|
|
|
|
|
|
|
|
|
|
|
|
|
Reduce 32-bit EXE and DLL Size with LIBCTINY.LIB (2001 UPDATE) | | HTML | | Jan 2001 | | Matt Pietrek |
Reduce 32-bit EXE and DLL Size with LIBCTINY.LIB (1996) | | HTML | | Oct 1996 | | Matt Pietrek |
Remove Fatty Deposits from Your Applications Using the Liposuction Tool (32-bit) | | HTML | | Oct 1996 | | Matt Pietrek |
Optimizing DLL Load Time Performance | | HTML | | May 2000 | | Matt Pietrek |
Just Enough Assembly Language to Get By, Part I | | HTML | | Feb 1998 | | Matt Pietrek |
Just Enough Assembly Language to Get By, Part II | | HTML | | Jun 1998 | | Matt Pietrek |
Link-time Code Generation (/LTCG) | | HTML | | May 2002 | | Matt Pietrek |
Optimize Code with New VC++7.NET Switches: /RTCx, /GS, /showIncludes, /Wall, /Wp64, /GH, /GL, /LTCG, /PDBSTRIPPED | | HTML | | Aug 2001 | | John Robbins |
|
|
|
|
|
|
|
|
|
|
|
|
|
Solving the Mysteries of the Windows 2000 Loader | | HTML | | Mar 2002 | | Russ Osterlund |
DLL Initialization, Loading and Debugging | | HTML | | Sep 1999 | | Matt Pietrek |
DLL Best Practices | | HTML | | May 2006 | | Microsoft |
DllMain Deadlock from Process CRITICAL_SECTION | | HTML | | Jan 1996 | | Matt Pietrek |
CRITICAL_SECTION internals | | HTML | | Dec 2003 | | Matt Pietrek |
beginthread VS CreateThread | | HTML | | Jul 1999 | | Jeffrey Richter |
DispatchMessage() Internals | | HTML | | Mar 1997 | | Matt Pietrek |
New XP and WS03 APIs (System Info, Kernel, Debugging, Security, and UI) | | HTML | | Jun 2003 | | Matt Pietrek |
Memdiff Application | | HTML | | Nov 1999 | | Matt Pietrek |
MouseWheel Scroll Simulator for Legacy Applications | | HTML | | Jun 1997 | | Matt Pietrek |
MSDN Win32 API docs in single CHM (current and non-bloated!) | | CHM | | Jan 2016 | | Laurence Jackson |
|
|
|
|
|
|
|
|
|
|
|
|
|
Old New Thing Archive (2003-2019) | | HTML | | Jan 2019 | | Raymond Chen |
|
|
|
|
|
|
|
|
|
|
|
|
|
The Component Object Model (COM) Specification | | PDF / DOC | | Oct 1995 | | Microsoft |
Rules of the Component Object Model (COM) | | HTML | | Oct 1995 | | Charlie Kindel |
Understanding IDL: A Developer's Survival Guide | | HTML | | Aug 1998 | | Bill Hludzinski |
Improve Your Debugging by Generating Symbols from COM Type Libraries | | HTML | | Mar 1999 | | Matt Pietrek |
Avoiding DLL Hell: Application Metadata in the .NET Framework | | HTML | | Oct 2000 | | Matt Pietrek |
TypeRefViewer Utility Shows TypeRefs and MemberRefs in One GUI | | HTML | | Nov 2001 | | Matt Pietrek |
|
|
|
|
|
|
|
|
|
|
|
|
|
x64 Primer - Everything You Need to Know to Start Programming 64-Bit Windows | | HTML | | May 2006 | | Matt Pietrek |
x64 Exception Unwind Data for Functions | | HTML | | Jan 2006 | | Kevin Frei |
|
|
|
|
|
|
|
|
|
|
|
|
|
Win32 TEB, PEB and SEH header | | H | | May 2018 | | bytepointer |
Win64 TEB, PEB header | | H | | May 2018 | | bytepointer |
What's in a TIB (Thread Information Block)? | | HTML | | May 1996 | | Matt Pietrek |
|
|
|
|
Excerpts from The MS-DOS Encyclopedia © 1988
|
|
|
|
|
|
|
|
|
|
|
|
The EXE File Format (Excerpt from MS-DOS Programmer's Reference) | | TXT | | 1993 | | Microsoft Press |
Win16 NE Executable Format for Windows 3.1 | | TXT | | 1991 | | Windows 3.1 SDK (WIN31WH.HLP) |
Win16 NE Executable Format for Windows 3.0 | | TXT | | 1989 | | Windows 3.0 SDK |
|
|
|
|
|
|
|
|
|
|
|
|
|
EXEVIEW SDK Tool with Source | | WIN16 | | April 1993 | | Microsoft Product Support |
YAHU (Yet Another Header Utility) SDK Tool with Source | | WIN32 | | Jan 1995 | | Ruediger R. Asche |
|
|
|
|
|
|
|
|
|
|
|
|
|
Transition from 16-bit to 32-bit Windows | | HTML | | Jul 2000 | | Matt Pietrek |
NTVDM Subsystem (16-bit Emulator) Internals | | HTML | | Aug 1998 | | Matt Pietrek |
|
|
| |
|
|
|