Results 1 to 5 of 5

Thread: PE32 ...Configuration Directory??

  1. #1

    PE32 ...Configuration Directory??

    well,

    the title says all - this is the very first time I met this entry in a PE header. I didNT find any thing around the net, anybody knows what the HELL this PE data directory is??

    (OT: anyone has some info on the so called 'security directory' as well?)

    The config entry is empty apart an initial byte mark and what seems to be a sort of DWORD at end of an empty buffer, whereas the 'security section' is filled with data - it seemed made of 2 random blocks intermixed with two patterned/regular blocks...

    any hint is highly appreciated
    Last edited by Maximus; February 5th, 2011 at 18:14. Reason: NT was faulting...
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,085
    Blog Entries
    5
    Is it these two?

    IMAGE_LOAD_CONFIG_DIRECTORY

    Detailed info in MS PECOFF specs

    Points to an IMAGE_LOAD_CONFIG_DIRECTORY structure. The information in an IMAGE_LOAD_CONFIG_DIRECTORY is specific to Windows NT, Windows 2000, and Windows XP (for example, the GlobalFlag value). To put this structure in your executable, you need to define a global structure with the name __load_config_used, and of type IMAGE_LOAD_CONFIG_DIRECTORY.

    IMAGE_DIRECTORY_ENTRY_SECURITY

    Points to a list of WIN_CERTIFICATE structures, defined in WinTrust.H. Not mapped into memory as part of the image. Therefore, the VirtualAddress field is a file offset, rather than an RVA.
    http://www.delphibasics.info/home/delphibasicsarticles/anin-depthlookintothewin32portableexecutablefileformat-part1

  3. #3
    You can find them both in the MS specs.
    http://www.microsoft.com/whdc/system/platform/firmware/pecoff.mspx

  4. #4
    thank you all, guys - i failed at search, unfortunately (it happens, but shame on me, since i brag i can find almost anything on the net :P )

    ...oh my god:
    MAGE_DIRECTORY_ENTRY_SECURITY

    Points to a list of WIN_CERTIFICATE structures, defined in WinTrust.H
    ...and I werent even DRUNK when i asked about - no excuses

    thanks!!
    Last edited by Maximus; February 6th, 2011 at 13:25.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  5. #5
    i failed at search, unfortunately (it happens, but shame on me, since i brag i can find almost anything on the net :P )
    Oh the horror .

    I still have +F challenges that I have not completed.

    Woodmann
    Learn Or Die.

Similar Threads

  1. Replies: 2
    Last Post: October 3rd, 2006, 08:23
  2. Set Working Directory
    By eet_1024 in forum OllyDbg Support Forums
    Replies: 1
    Last Post: December 23rd, 2003, 12:45
  3. PW hashes and Active Directory
    By mike in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 8th, 2000, 17:35

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •