After being a TA and grading countless shitty papers, I understand why some teachers become bitter
Forwarded from Wulfgar's Onion Fields
This media is not supported in your browser
VIEW IN TELEGRAM
how it feels to finally get to the gas station on a road trip
Forwarded from vx-underground
When I made my malware reverse engineering tip thingie, some noobs commented that file headers are complicated, or whatever. At first glance they seem kind of crazy but they're actually pretty shrimple.
For those who don't know, every executable file on your machine (with some exceptions, but we won't go there) have "headers". The word "head" here is the keyword. It's what is first. It's the "head" of the executable.
The "headers", or stuff that comes first, is just a bunch of mumbo jumbo your operating system reads to understand what the fuck it's doing and to understand what it's looking at.
Windows is different than Linux. We'll discuss Windows because that's all I know because I'm a Windows nerd.
Windows does a bunch of junk when files are executed (not just .exe files). We won't discuss it all because it's a bunch of nerd stuff. We'll focus exclusively on .exe files.
The Windows headers (called PE headers, an acronym for Portable Executable) are layered and are old and have historical context. There's multiple headers. Each "header" discusses different stuff about the .exe file.
You can think of headers as like shipping labels on a box that you receive in the mail. The shipping labels will describe stuff about the box like, size, height, weight, what could potentially be inside (such as batteries), blah blah blah. File headers do the same kind of
File headers on Windows will say stuff like:
- Is this a .exe, .dll, .sys, etc?
- Where the fuck is the actual code in this file?
- Where the fuck does the actual code stop (so it knows when to stop reading)?
- Where the fuck are the embedded images the code might use (called the resource section, for displaying icons)?
- How big is this fucking thing?
- When the fuck was this compiled?
- How old is this fucking thing?
- Is this fucking thing signed?
- What the fuck is it written in (mostly for .NET stuff)?
- What other fucking libraries does this thing depend on?
- Does this fucking thing share code with other things (for .dlls and stuff)?
... and a bunch of other stuff the computer might need to know.
Is all of this important to your computer? No, not really. But some of it is for silly stuff like "drivers". Some of it is metadata naturally included from compilers (the thing that made the .exe).
Does Windows actually say "fuck" a lot when trying to run .exe files? Yes, yes it does. Windows is very angry
Can you modify the file headers to trick Windows? Yes, this is done by things called "malware" or malicious software. You can lie to Windows and still make it run the .exe by confusing it's little brain (kind of, different story for a different day)
For those who don't know, every executable file on your machine (with some exceptions, but we won't go there) have "headers". The word "head" here is the keyword. It's what is first. It's the "head" of the executable.
The "headers", or stuff that comes first, is just a bunch of mumbo jumbo your operating system reads to understand what the fuck it's doing and to understand what it's looking at.
Windows is different than Linux. We'll discuss Windows because that's all I know because I'm a Windows nerd.
Windows does a bunch of junk when files are executed (not just .exe files). We won't discuss it all because it's a bunch of nerd stuff. We'll focus exclusively on .exe files.
The Windows headers (called PE headers, an acronym for Portable Executable) are layered and are old and have historical context. There's multiple headers. Each "header" discusses different stuff about the .exe file.
You can think of headers as like shipping labels on a box that you receive in the mail. The shipping labels will describe stuff about the box like, size, height, weight, what could potentially be inside (such as batteries), blah blah blah. File headers do the same kind of
File headers on Windows will say stuff like:
- Is this a .exe, .dll, .sys, etc?
- Where the fuck is the actual code in this file?
- Where the fuck does the actual code stop (so it knows when to stop reading)?
- Where the fuck are the embedded images the code might use (called the resource section, for displaying icons)?
- How big is this fucking thing?
- When the fuck was this compiled?
- How old is this fucking thing?
- Is this fucking thing signed?
- What the fuck is it written in (mostly for .NET stuff)?
- What other fucking libraries does this thing depend on?
- Does this fucking thing share code with other things (for .dlls and stuff)?
... and a bunch of other stuff the computer might need to know.
Is all of this important to your computer? No, not really. But some of it is for silly stuff like "drivers". Some of it is metadata naturally included from compilers (the thing that made the .exe).
Does Windows actually say "fuck" a lot when trying to run .exe files? Yes, yes it does. Windows is very angry
Can you modify the file headers to trick Windows? Yes, this is done by things called "malware" or malicious software. You can lie to Windows and still make it run the .exe by confusing it's little brain (kind of, different story for a different day)