├── PETool
    ├── LordPE.sln
    └── LordPE
    │   ├── LoadPE.aps
    │   ├── LoadPE.cpp
    │   ├── LoadPE.rc
    │   ├── LordPE.ico
    │   ├── LordPE.vcproj
    │   ├── LordPE.vcproj.KOMPUTER.Administrator.user
    │   └── resource.h
├── ReadMe.md
├── pe.jpg
├── pecoff_v8_chs.pdf
├── pecoff_v8_en.doc
└── snatshot.png


/PETool/LordPE.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "LordPE", "LordPE\LordPE.vcproj", "{73738ED0-457E-4444-86A5-E29C50B40015}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{73738ED0-457E-4444-86A5-E29C50B40015}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{73738ED0-457E-4444-86A5-E29C50B40015}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{73738ED0-457E-4444-86A5-E29C50B40015}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{73738ED0-457E-4444-86A5-E29C50B40015}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/PETool/LordPE/LoadPE.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/PETool/LordPE/LoadPE.aps


--------------------------------------------------------------------------------
/PETool/LordPE/LoadPE.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/PETool/LordPE/LoadPE.cpp


--------------------------------------------------------------------------------
/PETool/LordPE/LoadPE.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/PETool/LordPE/LoadPE.rc


--------------------------------------------------------------------------------
/PETool/LordPE/LordPE.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/PETool/LordPE/LordPE.ico


--------------------------------------------------------------------------------
/PETool/LordPE/LordPE.vcproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/PETool/LordPE/LordPE.vcproj


--------------------------------------------------------------------------------
/PETool/LordPE/LordPE.vcproj.KOMPUTER.Administrator.user:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="gb2312"?>
 2 | <VisualStudioUserFile
 3 | 	ProjectType="Visual C++"
 4 | 	Version="9.00"
 5 | 	ShowAllFiles="false"
 6 | 	>
 7 | 	<Configurations>
 8 | 		<Configuration
 9 | 			Name="Debug|Win32"
10 | 			>
11 | 			<DebugSettings
12 | 				Command="$(TargetPath)"
13 | 				WorkingDirectory=""
14 | 				CommandArguments=""
15 | 				Attach="false"
16 | 				DebuggerType="3"
17 | 				Remote="1"
18 | 				RemoteMachine="KOMPUTER"
19 | 				RemoteCommand=""
20 | 				HttpUrl=""
21 | 				PDBPath=""
22 | 				SQLDebugging=""
23 | 				Environment=""
24 | 				EnvironmentMerge="true"
25 | 				DebuggerFlavor=""
26 | 				MPIRunCommand=""
27 | 				MPIRunArguments=""
28 | 				MPIRunWorkingDirectory=""
29 | 				ApplicationCommand=""
30 | 				ApplicationArguments=""
31 | 				ShimCommand=""
32 | 				MPIAcceptMode=""
33 | 				MPIAcceptFilter=""
34 | 			/>
35 | 		</Configuration>
36 | 		<Configuration
37 | 			Name="Release|Win32"
38 | 			>
39 | 			<DebugSettings
40 | 				Command="$(TargetPath)"
41 | 				WorkingDirectory=""
42 | 				CommandArguments=""
43 | 				Attach="false"
44 | 				DebuggerType="3"
45 | 				Remote="1"
46 | 				RemoteMachine="KOMPUTER"
47 | 				RemoteCommand=""
48 | 				HttpUrl=""
49 | 				PDBPath=""
50 | 				SQLDebugging=""
51 | 				Environment=""
52 | 				EnvironmentMerge="true"
53 | 				DebuggerFlavor=""
54 | 				MPIRunCommand=""
55 | 				MPIRunArguments=""
56 | 				MPIRunWorkingDirectory=""
57 | 				ApplicationCommand=""
58 | 				ApplicationArguments=""
59 | 				ShimCommand=""
60 | 				MPIAcceptMode=""
61 | 				MPIAcceptFilter=""
62 | 			/>
63 | 		</Configuration>
64 | 	</Configurations>
65 | </VisualStudioUserFile>
66 | 


--------------------------------------------------------------------------------
/PETool/LordPE/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by LoadPE.rc
 4 | //
 5 | #define IDD_DLG_MAIN                    9
 6 | #define IDI_MAIN                        102
 7 | #define IDD_DLG_ABOUT                   103
 8 | #define IDD_DLG_TIME                    104
 9 | #define IDD_DLG_ADDRESS                 105
10 | #define IDD_DLG_SECTION                 106
11 | #define IDD_DLG_IAT                     107
12 | #define IDD_DLG_TASKMGR                 108
13 | #define IDD_DLG_EXPORT                  109
14 | #define IDC_EDIT_ENTRYPOINT             1001
15 | #define IDC_EDIT_IMAGEBASE              1002
16 | #define IDC_EDIT_IMAGESIZE              1003
17 | #define IDC_EDIT_CODEBASE               1004
18 | #define IDC_EDIT_DATABASE               1005
19 | #define IDC_EDIT_MEMORYALIGN            1006
20 | #define IDC_EDIT_FILEALIGN              1007
21 | #define IDC_EDIT_MAGIC                  1008
22 | #define IDC_EDIT_SUBSYSTEM              1009
23 | #define IDC_EDIT_SECTIONNUM             1010
24 | #define IDC_EDIT_TIMEDATE               1011
25 | #define IDC_EDIT_HEADERSIZE             1012
26 | #define IDC_EDIT_CHARACTER              1013
27 | #define IDC_EDIT_CHECKSUM               1014
28 | #define IDC_EDIT_OPTIONALSIZE           1015
29 | #define IDC_EDIT_RVASIZE                1016
30 | #define IDC_BUTTON1                     1017
31 | #define IDC_BTN_SUBSYSTEM               1017
32 | #define IDC_BUTTON2                     1018
33 | #define IDC_BTN_CHARACTER               1018
34 | #define IDC_BTN_OPENFILE                1019
35 | #define IDC_BUTTON3                     1020
36 | #define IDC_BTN_OK                      1020
37 | #define IDC_BUTTON4                     1021
38 | #define IDC_STATIC_MAIL                 1021
39 | #define IDC_BTN_EXPORT                  1021
40 | #define IDC_BUTTON5                     1022
41 | #define IDC_STATIC_BLOG                 1022
42 | #define IDC_BTN_SECTION                 1022
43 | #define IDC_BUTTON6                     1023
44 | #define IDC_RADIO_SETMASK               1023
45 | #define IDC_BTN_TASKMGR                 1023
46 | #define IDC_BUTTON7                     1024
47 | #define IDC_RADIO_SETTIME               1024
48 | #define IDC_BTN_ADDRESS                 1024
49 | #define IDC_BUTTON8                     1025
50 | #define IDC_BTN_DATETIME                1025
51 | #define IDC_EDIT_DLGTIME_MASK           1025
52 | #define IDC_BUTTON9                     1026
53 | #define IDC_DLGTIME_DATE                1026
54 | #define IDC_BTN_IAT                     1026
55 | #define IDC_BUTTON10                    1027
56 | #define IDC_BTN_ABOUT                   1027
57 | #define IDC_EDIT_DLGTIME_TIME           1027
58 | #define IDC_BTN_COPYANDCLOSE            1029
59 | #define IDC_RADIO_VA                    1030
60 | #define IDC_RADIO_RVA                   1031
61 | #define IDC_RADIO_OFFSET                1032
62 | #define IDC_EDIT_RVADLG_VA              1033
63 | #define IDC_EDIT_RVADLG_RVA             1034
64 | #define IDC_EDIT_RVADLG_OFFSET          1035
65 | #define IDC_EDIT_RVADLG_SECTION         1036
66 | #define IDC_BTN_RVADLG_TRANS            1037
67 | #define IDC_BTN_RVADLG_CLOSE            1038
68 | #define IDC_LIST_SECTION                1039
69 | #define IDC_LIST_IAT_CALL               1040
70 | #define IDC_LIST_IAT_DLL                1041
71 | #define IDC_LIST_TASKMGR_PROCESS        1041
72 | #define IDC_LIST_TASKMGR_MODULE         1042
73 | #define IDC_EDIT_EATDLG_EATOFFSET       1043
74 | #define IDC_EDIT_EATDLG_CHARACTER       1044
75 | #define IDC_EDIT_EATDLG_BASE            1045
76 | #define IDC_EDIT_EATDLG_NAME            1046
77 | #define IDC_EDIT_EATDLG_FUNNUM          1047
78 | #define IDC_EDIT_EATDLG_FUNNAMENUM      1048
79 | #define IDC_EDIT_EATDLG_FUNADDR         1049
80 | #define IDC_EDIT8                       1050
81 | #define IDC_EDIT_EATDLG_ORDERADDR       1050
82 | #define IDC_EDIT_EATDLG_DLLNAME         1051
83 | #define IDC_EDIT_EATDLG_FUNNAMEADDR     1052
84 | #define IDC_LIST_EAT                    1053
85 | 
86 | // Next default values for new objects
87 | // 
88 | #ifdef APSTUDIO_INVOKED
89 | #ifndef APSTUDIO_READONLY_SYMBOLS
90 | #define _APS_NEXT_RESOURCE_VALUE        110
91 | #define _APS_NEXT_COMMAND_VALUE         40001
92 | #define _APS_NEXT_CONTROL_VALUE         1054
93 | #define _APS_NEXT_SYMED_VALUE           101
94 | #endif
95 | #endif
96 | 


--------------------------------------------------------------------------------
/ReadMe.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 淘到一份很好的学习资料，备份下
 4 | 
 5 | 
 6 | 作者：代码疯子
 7 | 
 8 | 
 9 | [PE文件格式学习资料](http://www.programlife.net/pe-coff-specification.html)
10 | 
11 | 
12 | [PE文件格式学习资料源码](http://plcdn.qiniudn.com/wp-content/uploads/2011/09/PE-COFF-SPECIFICATION.zip)
13 | 
14 | 
15 | 
16 | ![snatshot.png](snatshot.png)
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
27 | 


--------------------------------------------------------------------------------
/pe.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/pe.jpg


--------------------------------------------------------------------------------
/pecoff_v8_chs.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/pecoff_v8_chs.pdf


--------------------------------------------------------------------------------
/pecoff_v8_en.doc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/pecoff_v8_en.doc


--------------------------------------------------------------------------------
/snatshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wanttobeno/PELearningMaterials/08e6f0043dc1478072e754d5f80958a9f8a293d2/snatshot.png


--------------------------------------------------------------------------------