Abstract
PE (Portable Executable) is the native file format of Windows32. Analyzing and manipulating the PE file gives valuable insights into the structure and work of Windows. This research includes analysis the components of Windows executable files as a structure and defined values, to provide the capability of protection and controlling Windows programs by applying specified modifications that can be undid on PE specific value to stop the program from being executed by unwanted user. Also it includes analyzing the structure of PE file and comparing a specified part from PE with a same part from common viruses file, this process offers a good way to detect malicious programs and viruses in the computer by saving viruses signatures in a specified file and scanning all PE files. The other part of the research rebuild the Import Address Table of any PE files that may make a call to one of three important and essential registry API functions in order to control the using of these functions in the system using one of the API hooking techniques to control Undesirable programs. The objective of the research is to control the executable files of the Windows system in order to provide protection for these files and the system as a whole. Research program was developed using Visual C + + 9.0.
Highlights
Windows stores its executables in a special format called PE format, PE stands for Portable Executable
PE files are derived from the earlier Common Object File Format (COFF) [6]
When an application uses a function in another Dynamic Link Libraries (DLL) or PE file, the application must import the address of the function
Summary
Windows stores its executables in a special format called PE format, PE stands for Portable Executable. It’s the native file format of Win, even NT's kernel mode driver use PE file format. The term "Portable Executable" was chosen because the intent was to have a common file format for all flavors of Windows, on all supported CPUs. Each PE uses number of API functions reside in one or more of the DLL files to performs its task and, only the information about the functions is kept in a specific part of PE. The registry is a simple, hierarchical database of information that Windows operating systems and applications use to define the configuration of the system. Windows would be nothing more than a collection of programs, unable to perform even the basic tasks that we expect from an operating system. Registry API functions are used to access and make modifications to registry components [1]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: AL-Rafidain Journal of Computer Sciences and Mathematics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
