Portable Execution (PE) format internals!


All this low level stuff also got me thinking about the first ever Windows worm I had to deal with when working at a previous company – The Nimda Worm (http://en.wikipedia.org/wiki/Nimda.

This was the first every worm that I had captured and analysed myself – to do so needed an understanding of the Windows Portable Executable (PE) format and these links where just what I needed:

http://msdn.microsoft.com/en-us/magazine/cc301805.aspx

http://msdn.microsoft.com/en-us/library/ms809762.aspx

Happy Days…..


Comments (0)

Skip to main content