{"id":478479,"date":"2023-08-09T09:33:22","date_gmt":"2023-08-09T09:33:22","guid":{"rendered":""},"modified":"2023-09-05T11:16:49","modified_gmt":"2023-09-05T11:16:49","slug":"portable-executable-pe-file-header","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/portable-executable-pe-file-header\/","title":{"rendered":"Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)"},"content":{"rendered":"<h2>L\u1ecbch s\u1eed v\u00e0 ngu\u1ed3n g\u1ed1c c\u1ee7a ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) l\u00e0 m\u1ed9t th\u00e0nh ph\u1ea7n quan tr\u1ecdng c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh Microsoft Windows. N\u00f3 ph\u1ee5c v\u1ee5 nh\u01b0 m\u1ed9t c\u1ea5u tr\u00fac c\u01a1 b\u1ea3n trong \u0111\u1ecbnh d\u1ea1ng t\u1ec7p Windows Portable Executable. Kh\u00e1i ni\u1ec7m v\u1ec1 ti\u00eau \u0111\u1ec1 t\u1ec7p PE c\u00f3 th\u1ec3 b\u1eaft ngu\u1ed3n t\u1eeb s\u1ef1 ph\u00e1t tri\u1ec3n ban \u0111\u1ea7u c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows.<\/p>\n<p>\u0110\u1ea7u nh\u1eefng n\u0103m 1990, Microsoft gi\u1edbi thi\u1ec7u h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows 3.0, \u0111\u00e1nh d\u1ea5u m\u1ed9t s\u1ef1 thay \u0111\u1ed5i \u0111\u00e1ng k\u1ec3 so v\u1edbi ng\u01b0\u1eddi ti\u1ec1n nhi\u1ec7m MS-DOS. H\u1ec7 \u0111i\u1ec1u h\u00e0nh m\u1edbi mang \u0111\u1ebfn giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng \u0111\u1ed3 h\u1ecda v\u00e0 kh\u1ea3 n\u0103ng th\u1ef1c thi nhi\u1ec1u ch\u01b0\u01a1ng tr\u00ecnh c\u00f9ng m\u1ed9t l\u00fac. V\u1edbi s\u1ef1 ph\u1ee9c t\u1ea1p ng\u00e0y c\u00e0ng t\u0103ng c\u1ee7a ph\u1ea7n m\u1ec1m, c\u1ea7n c\u00f3 m\u1ed9t \u0111\u1ecbnh d\u1ea1ng t\u1ec7p \u0111\u01b0\u1ee3c ti\u00eau chu\u1ea9n h\u00f3a c\u00f3 th\u1ec3 \u0111\u00f3ng g\u00f3i m\u00e3 v\u00e0 d\u1eef li\u1ec7u th\u1ef1c thi \u0111\u1ed3ng th\u1eddi cho ph\u00e9p t\u1ea3i v\u00e0 th\u1ef1c thi ch\u01b0\u01a1ng tr\u00ecnh m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3.<\/p>\n<p>Nhu c\u1ea7u n\u00e0y \u0111\u00e3 d\u1eabn \u0111\u1ebfn s\u1ef1 ra \u0111\u1eddi c\u1ee7a \u0111\u1ecbnh d\u1ea1ng t\u1ec7p Portable Executable (PE), \u0111\u01b0\u1ee3c gi\u1edbi thi\u1ec7u trong Windows NT 3.1, ph\u00e1t h\u00e0nh n\u0103m 1993. \u0110\u1ecbnh d\u1ea1ng PE \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 thay th\u1ebf \u0111\u1ecbnh d\u1ea1ng New Executable (NE) c\u0169 h\u01a1n \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c phi\u00ean b\u1ea3n Windows 16-bit . K\u1ec3 t\u1eeb khi th\u00e0nh l\u1eadp, ti\u00eau \u0111\u1ec1 t\u1ec7p PE \u0111\u00e3 tr\u1ea3i qua nhi\u1ec1u s\u1eeda \u0111\u1ed5i v\u00e0 c\u1ea3i ti\u1ebfn kh\u00e1c nhau \u0111\u1ec3 th\u00edch \u1ee9ng v\u1edbi nhu c\u1ea7u ng\u00e0y c\u00e0ng t\u0103ng c\u1ee7a h\u1ec7 sinh th\u00e1i Windows.<\/p>\n<h2>Th\u00f4ng tin chi ti\u1ebft v\u1ec1 Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) l\u00e0 th\u00e0nh ph\u1ea7n thi\u1ebft y\u1ebfu \u0111\u1ee9ng tr\u01b0\u1edbc m\u00e3 v\u00e0 d\u1eef li\u1ec7u th\u1ef1c thi th\u1ef1c t\u1ebf trong t\u1ec7p PE. M\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a n\u00f3 l\u00e0 cung c\u1ea5p th\u00f4ng tin quan tr\u1ecdng v\u1ec1 c\u1ea5u tr\u00fac v\u00e0 \u0111\u1eb7c \u0111i\u1ec3m c\u1ee7a t\u1ec7p th\u1ef1c thi, cho ph\u00e9p h\u1ec7 \u0111i\u1ec1u h\u00e0nh t\u1ea3i v\u00e0 th\u1ef1c thi ch\u01b0\u01a1ng tr\u00ecnh m\u1ed9t c\u00e1ch ch\u00ednh x\u00e1c. M\u1ed9t s\u1ed1 th\u00f4ng tin ch\u00ednh \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong ti\u00eau \u0111\u1ec1 t\u1ec7p PE bao g\u1ed3m:<\/p>\n<ol>\n<li>\n<p><strong>Con s\u1ed1 k\u1ef3 di\u1ec7u<\/strong>: Ti\u00eau \u0111\u1ec1 t\u1ec7p PE b\u1eaft \u0111\u1ea7u b\u1eb1ng s\u1ed1 ma thu\u1eadt 2 byte, l\u00e0 \u201cMZ\u201d ho\u1eb7c \u201cZM\u201d trong ASCII. Ch\u1eef k\u00fd n\u00e0y cho bi\u1ebft t\u1ec7p l\u00e0 t\u1ec7p PE h\u1ee3p l\u1ec7.<\/p>\n<\/li>\n<li>\n<p><strong>Ng\u00e0nh ki\u1ebfn tr\u00fac<\/strong>: Ti\u00eau \u0111\u1ec1 t\u1ec7p ch\u1ee9a tr\u01b0\u1eddng ch\u1ec9 \u0111\u1ecbnh ki\u1ebfn tr\u00fac \u0111\u00edch c\u1ee7a t\u1ec7p th\u1ef1c thi, ch\u1eb3ng h\u1ea1n nh\u01b0 x86, x64, ARM ho\u1eb7c c\u00e1c tr\u01b0\u1eddng kh\u00e1c.<\/p>\n<\/li>\n<li>\n<p><strong>D\u1ea5u th\u1eddi gian<\/strong>: Ti\u00eau \u0111\u1ec1 bao g\u1ed3m d\u1ea5u th\u1eddi gian cho bi\u1ebft th\u1eddi \u0111i\u1ec3m t\u1ec7p th\u1ef1c thi \u0111\u01b0\u1ee3c t\u1ea1o ho\u1eb7c li\u00ean k\u1ebft.<\/p>\n<\/li>\n<li>\n<p><strong>\u0110\u1ecba ch\u1ec9 \u0111i\u1ec3m v\u00e0o<\/strong>: Tr\u01b0\u1eddng n\u00e0y bi\u1ec3u th\u1ecb \u0111\u1ecba ch\u1ec9 b\u1ed9 nh\u1edb c\u1ee7a \u0111i\u1ec3m v\u00e0o n\u01a1i b\u1eaft \u0111\u1ea7u th\u1ef1c hi\u1ec7n ch\u01b0\u01a1ng tr\u00ecnh.<\/p>\n<\/li>\n<li>\n<p><strong>\u0110\u1ecba ch\u1ec9 c\u01a1 s\u1edf h\u00ecnh \u1ea3nh<\/strong>: \u0110\u1ecba ch\u1ec9 c\u01a1 s\u1edf h\u00ecnh \u1ea3nh ch\u1ec9 \u0111\u1ecbnh \u0111\u1ecba ch\u1ec9 b\u1ed9 nh\u1edb \u1ea3o \u01b0a th\u00edch m\u00e0 h\u1ec7 th\u1ed1ng s\u1ebd t\u1ea3i t\u1ec7p th\u1ef1c thi t\u1ea1i \u0111\u00f3.<\/p>\n<\/li>\n<li>\n<p><strong>Ph\u1ea7n<\/strong>: C\u00e1c t\u1ec7p PE \u0111\u01b0\u1ee3c chia th\u00e0nh c\u00e1c ph\u1ea7n v\u00e0 ti\u00eau \u0111\u1ec1 ch\u1ee9a th\u00f4ng tin v\u1ec1 c\u00e1c ph\u1ea7n n\u00e0y, bao g\u1ed3m \u0111\u1ecba ch\u1ec9, k\u00edch th\u01b0\u1edbc v\u00e0 \u0111\u1eb7c \u0111i\u1ec3m \u1ea3o c\u1ee7a ch\u00fang.<\/p>\n<\/li>\n<li>\n<p><strong>B\u1ea3ng nh\u1eadp v\u00e0 xu\u1ea5t<\/strong>: C\u00e1c b\u1ea3ng n\u00e0y l\u01b0u tr\u1eef th\u00f4ng tin v\u1ec1 c\u00e1c h\u00e0m v\u00e0 th\u01b0 vi\u1ec7n m\u00e0 t\u1ec7p th\u1ef1c thi ph\u1ee5 thu\u1ed9c v\u00e0o v\u00e0 cung c\u1ea5p.<\/p>\n<\/li>\n<li>\n<p><strong>Th\u00f4ng tin di d\u1eddi<\/strong>: Ti\u00eau \u0111\u1ec1 PE bao g\u1ed3m d\u1eef li\u1ec7u t\u00e1i \u0111\u1ecbnh v\u1ecb \u0111\u1ec3 t\u1ea1o \u0111i\u1ec1u ki\u1ec7n t\u1ea3i t\u1ec7p th\u1ef1c thi t\u1ea1i m\u1ed9t \u0111\u1ecba ch\u1ec9 c\u01a1 s\u1edf kh\u00e1c n\u1ebfu \u0111\u01b0\u1ee3c y\u00eau c\u1ea7u.<\/p>\n<\/li>\n<li>\n<p><strong>T\u1ed5ng ki\u1ec3m tra<\/strong>: Ti\u00eau \u0111\u1ec1 bao g\u1ed3m t\u1ed5ng ki\u1ec3m tra \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a t\u1ec7p trong qu\u00e1 tr\u00ecnh t\u1ea3i.<\/p>\n<\/li>\n<li>\n<p><strong>Th\u00f4ng tin g\u1ee1 l\u1ed7i<\/strong>: Ti\u00eau \u0111\u1ec1 c\u00f3 th\u1ec3 l\u01b0u tr\u1eef d\u1eef li\u1ec7u g\u1ee1 l\u1ed7i \u0111\u1ec3 h\u1ed7 tr\u1ee3 ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m v\u00e0 kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1.<\/p>\n<\/li>\n<\/ol>\n<h2>C\u1ea5u tr\u00fac b\u00ean trong c\u1ee7a ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p PE bao g\u1ed3m m\u1ed9t s\u1ed1 tr\u01b0\u1eddng d\u1eef li\u1ec7u v\u00e0 c\u1ea5u tr\u00fac r\u1ea5t quan tr\u1ecdng \u0111\u1ec3 t\u1ec7p th\u1ef1c thi ho\u1ea1t \u0111\u1ed9ng b\u00ecnh th\u01b0\u1eddng. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 t\u1ed5ng quan v\u1ec1 c\u1ea5u tr\u00fac b\u00ean trong c\u1ee7a ti\u00eau \u0111\u1ec1 t\u1ec7p PE:<\/p>\n<h3>Ti\u00eau \u0111\u1ec1 COFF<\/h3>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p PE b\u1eaft \u0111\u1ea7u b\u1eb1ng ti\u00eau \u0111\u1ec1 \u0110\u1ecbnh d\u1ea1ng t\u1ec7p \u0111\u1ed1i t\u01b0\u1ee3ng chung (COFF), ch\u1ee9a th\u00f4ng tin chung v\u1ec1 t\u1ec7p, ch\u1eb3ng h\u1ea1n nh\u01b0 ki\u1ebfn tr\u00fac, d\u1ea5u th\u1eddi gian v\u00e0 s\u1ed1 ph\u1ea7n.<\/p>\n<h3>Ti\u00eau \u0111\u1ec1 t\u00f9y ch\u1ecdn<\/h3>\n<p>Sau ti\u00eau \u0111\u1ec1 COFF, ti\u00eau \u0111\u1ec1 t\u1ec7p PE ch\u1ee9a ti\u00eau \u0111\u1ec1 t\u00f9y ch\u1ecdn d\u00e0nh ri\u00eang cho h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows. Ti\u00eau \u0111\u1ec1 t\u00f9y ch\u1ecdn bao g\u1ed3m th\u00f4ng tin li\u00ean quan \u0111\u1ebfn thu\u1ed9c t\u00ednh c\u1ee7a h\u00ecnh \u1ea3nh, ch\u1eb3ng h\u1ea1n nh\u01b0 \u0111\u1ecba ch\u1ec9 \u0111i\u1ec3m nh\u1eadp, c\u01a1 s\u1edf h\u00ecnh \u1ea3nh, c\u0103n ch\u1ec9nh ph\u1ea7n v\u00e0 c\u00e1c th\u01b0 m\u1ee5c d\u1eef li\u1ec7u kh\u00e1c nhau.<\/p>\n<h3>Ti\u00eau \u0111\u1ec1 ph\u1ea7n<\/h3>\n<p>Sau ti\u00eau \u0111\u1ec1 t\u00f9y ch\u1ecdn, ti\u00eau \u0111\u1ec1 t\u1ec7p PE \u0111\u01b0\u1ee3c theo sau b\u1edfi m\u1ed9t t\u1eadp h\u1ee3p c\u00e1c ti\u00eau \u0111\u1ec1 ph\u1ea7n. M\u1ed7i ti\u00eau \u0111\u1ec1 ph\u1ea7n m\u00f4 t\u1ea3 m\u1ed9t v\u00f9ng c\u1ee5 th\u1ec3 c\u1ee7a t\u1ec7p th\u1ef1c thi v\u00e0 cung c\u1ea5p th\u00f4ng tin chi ti\u1ebft v\u1ec1 \u0111\u1ecba ch\u1ec9, k\u00edch th\u01b0\u1edbc v\u00e0 \u0111\u1eb7c \u0111i\u1ec3m \u1ea3o c\u1ee7a n\u00f3.<\/p>\n<h2>Ph\u00e2n t\u00edch c\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) cung c\u1ea5p m\u1ed9t s\u1ed1 t\u00ednh n\u0103ng ch\u00ednh g\u00f3p ph\u1ea7n mang l\u1ea1i s\u1ef1 \u1ed5n \u0111\u1ecbnh v\u00e0 hi\u1ec7u qu\u1ea3 cho c\u00e1c t\u1ec7p th\u1ef1c thi Windows. Nh\u1eefng t\u00ednh n\u0103ng n\u00e0y bao g\u1ed3m:<\/p>\n<ol>\n<li>\n<p><strong>T\u00ednh linh ho\u1ea1t<\/strong>: Ti\u00eau \u0111\u1ec1 t\u1ec7p PE h\u1ed7 tr\u1ee3 nhi\u1ec1u ki\u1ebfn tr\u00fac kh\u00e1c nhau, cho ph\u00e9p c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n t\u1ea1o c\u00e1c t\u1ec7p th\u1ef1c thi cho c\u00e1c n\u1ec1n t\u1ea3ng CPU kh\u00e1c nhau.<\/p>\n<\/li>\n<li>\n<p><strong>Li\u00ean k\u1ebft \u0111\u1ed9ng<\/strong>: C\u00e1c b\u1ea3ng nh\u1eadp v\u00e0 xu\u1ea5t trong ti\u00eau \u0111\u1ec1 t\u1ec7p PE cho ph\u00e9p li\u00ean k\u1ebft \u0111\u1ed9ng c\u00e1c ch\u1ee9c n\u0103ng, gi\u00fap gi\u1ea3m k\u00edch th\u01b0\u1edbc th\u1ef1c thi v\u00e0 th\u00fac \u0111\u1ea9y kh\u1ea3 n\u0103ng s\u1eed d\u1ee5ng l\u1ea1i m\u00e3.<\/p>\n<\/li>\n<li>\n<p><strong>\u0110\u1ecba ch\u1ec9 b\u1ed9 nh\u1edb \u1ea3o<\/strong>: \u0110\u1ecba ch\u1ec9 c\u01a1 s\u1edf h\u00ecnh \u1ea3nh v\u00e0 th\u00f4ng tin t\u00e1i \u0111\u1ecbnh v\u1ecb cho ph\u00e9p h\u1ec7 \u0111i\u1ec1u h\u00e0nh t\u1ea3i t\u1ec7p th\u1ef1c thi \u1edf c\u00e1c \u0111\u1ecba ch\u1ec9 b\u1ed9 nh\u1edb kh\u00e1c nhau, gi\u00fap s\u1eed d\u1ee5ng b\u1ed9 nh\u1edb \u1ea3o m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3.<\/p>\n<\/li>\n<li>\n<p><strong>B\u1ea3o v\u1ec7<\/strong>: T\u1ed5ng ki\u1ec3m tra ti\u00eau \u0111\u1ec1 PE gi\u00fap x\u00e1c minh t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a t\u1ec7p th\u1ef1c thi trong qu\u00e1 tr\u00ecnh t\u1ea3i, b\u1ea3o v\u1ec7 kh\u1ecfi kh\u1ea3 n\u0103ng gi\u1ea3 m\u1ea1o ho\u1eb7c h\u1ecfng h\u00f3c.<\/p>\n<\/li>\n<li>\n<p><strong>H\u1ed7 tr\u1ee3 g\u1ee1 l\u1ed7i<\/strong>: Vi\u1ec7c \u0111\u01b0a th\u00f4ng tin g\u1ee1 l\u1ed7i v\u00e0o ti\u00eau \u0111\u1ec1 PE h\u1ed7 tr\u1ee3 c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n trong vi\u1ec7c g\u1ee1 l\u1ed7i v\u00e0 l\u1eadp h\u1ed3 s\u01a1 ph\u1ea7n m\u1ec1m c\u1ee7a h\u1ecd.<\/p>\n<\/li>\n<\/ol>\n<h2>C\u00e1c lo\u1ea1i ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ph\u00e2n lo\u1ea1i th\u00e0nh hai lo\u1ea1i ch\u00ednh d\u1ef1a tr\u00ean ki\u1ebfn tr\u00fac \u0111\u00edch:<\/p>\n<table>\n<thead>\n<tr>\n<th>Ki\u1ec3u<\/th>\n<th>Ng\u00e0nh ki\u1ebfn tr\u00fac<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>PE32<\/td>\n<td>32-bit<\/td>\n<\/tr>\n<tr>\n<td>PE32+<\/td>\n<td>64-bit<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Ti\u00eau \u0111\u1ec1 PE32 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c t\u1ec7p th\u1ef1c thi Windows 32 bit, trong khi ti\u00eau \u0111\u1ec1 PE32+ \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c t\u1ec7p th\u1ef1c thi Windows 64 bit. S\u1ef1 kh\u00e1c bi\u1ec7t n\u1eb1m \u1edf quy m\u00f4 c\u1ee7a m\u1ed9t s\u1ed1 tr\u01b0\u1eddng nh\u1ea5t \u0111\u1ecbnh v\u00e0 kh\u1ea3 n\u0103ng c\u1ee7a ki\u1ebfn tr\u00fac m\u00e0 ch\u00fang h\u1ed7 tr\u1ee3.<\/p>\n<h2>C\u00e1c c\u00e1ch s\u1eed d\u1ee5ng Ti\u00eau \u0111\u1ec1, s\u1ef1 c\u1ed1 v\u00e0 gi\u1ea3i ph\u00e1p c\u1ee7a t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) \u0111\u00f3ng m\u1ed9t vai tr\u00f2 quan tr\u1ecdng trong ho\u1ea1t \u0111\u1ed9ng c\u1ee7a c\u00e1c t\u1ec7p th\u1ef1c thi Windows. N\u00f3 cho ph\u00e9p h\u1ec7 \u0111i\u1ec1u h\u00e0nh t\u1ea3i v\u00e0 th\u1ef1c thi c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3. Tuy nhi\u00ean, vi\u1ec7c x\u1eed l\u00fd t\u1ec7p PE ho\u1eb7c s\u1eeda \u0111\u1ed5i ti\u00eau \u0111\u1ec1 kh\u00f4ng \u0111\u00fang c\u00e1ch c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn nhi\u1ec1u v\u1ea5n \u0111\u1ec1 kh\u00e1c nhau, bao g\u1ed3m:<\/p>\n<ol>\n<li>\n<p><strong>V\u1ea5n \u0111\u1ec1 t\u01b0\u01a1ng th\u00edch<\/strong>: C\u00e0i \u0111\u1eb7t kh\u00f4ng ch\u00ednh x\u00e1c trong ti\u00eau \u0111\u1ec1 t\u1ec7p PE, ch\u1eb3ng h\u1ea1n nh\u01b0 \u0111\u1ecba ch\u1ec9 c\u01a1 s\u1edf h\u00ecnh \u1ea3nh, c\u00f3 th\u1ec3 g\u00e2y ra s\u1ef1 c\u1ed1 t\u01b0\u01a1ng th\u00edch khi ch\u1ea1y t\u1ec7p th\u1ef1c thi tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c nhau.<\/p>\n<\/li>\n<li>\n<p><strong>L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/strong>: Vi\u1ec7c gi\u1ea3 m\u1ea1o ti\u00eau \u0111\u1ec1 PE, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1c b\u1ea3ng nh\u1eadp v\u00e0 xu\u1ea5t, c\u00f3 th\u1ec3 g\u00e2y ra c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng d\u1eabn \u0111\u1ebfn c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ti\u00eam m\u00e3.<\/p>\n<\/li>\n<li>\n<p><strong>L\u1ed7i th\u1ef1c thi<\/strong>: Th\u00f4ng tin b\u1ecb h\u1ecfng ho\u1eb7c thi\u1ebfu trong ti\u00eau \u0111\u1ec1 PE c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn l\u1ed7i th\u1ef1c thi, khi\u1ebfn t\u1ec7p th\u1ef1c thi kh\u00f4ng th\u1ec3 ch\u1ea1y ch\u00ednh x\u00e1c.<\/p>\n<\/li>\n<\/ol>\n<p>\u0110\u1ec3 tr\u00e1nh nh\u1eefng v\u1ea5n \u0111\u1ec1 n\u00e0y, nh\u00e0 ph\u00e1t tri\u1ec3n n\u00ean tu\u00e2n th\u1ee7 c\u00e1c ph\u01b0\u01a1ng ph\u00e1p m\u00e3 h\u00f3a ph\u00f9 h\u1ee3p, tr\u00e1nh s\u1eeda \u0111\u1ed5i ti\u00eau \u0111\u1ec1 PE sau khi bi\u00ean d\u1ecbch v\u00e0 s\u1eed d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt nh\u01b0 k\u00fd m\u00e3 \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh to\u00e0n v\u1eb9n v\u00e0 t\u00ednh x\u00e1c th\u1ef1c c\u1ee7a t\u1ec7p th\u1ef1c thi.<\/p>\n<h2>C\u00e1c \u0111\u1eb7c \u0111i\u1ec3m ch\u00ednh v\u00e0 so s\u00e1nh v\u1edbi c\u00e1c thu\u1eadt ng\u1eef t\u01b0\u01a1ng t\u1ef1<\/h2>\n<p>Ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) c\u00f3 \u0111i\u1ec3m t\u01b0\u01a1ng \u0111\u1ed3ng v\u1edbi c\u00e1c \u0111\u1ecbnh d\u1ea1ng t\u1ec7p th\u1ef1c thi kh\u00e1c \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u00e1c nhau, ch\u1eb3ng h\u1ea1n nh\u01b0 ELF (\u0110\u1ecbnh d\u1ea1ng c\u00f3 th\u1ec3 th\u1ef1c thi v\u00e0 c\u00f3 th\u1ec3 li\u00ean k\u1ebft) tr\u00ean Linux v\u00e0 Mach-O tr\u00ean macOS. Tuy nhi\u00ean, n\u00f3 c\u0169ng c\u00f3 nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m ri\u00eang bi\u1ec7t t\u1ea1o n\u00ean s\u1ef1 kh\u00e1c bi\u1ec7t:<\/p>\n<table>\n<thead>\n<tr>\n<th>\u0111\u1eb7c tr\u01b0ng<\/th>\n<th>C\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/th>\n<th>ELF<\/th>\n<th>B\u1eadc nam nhi<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>N\u1ec1n t\u1ea3ng<\/td>\n<td>c\u00e1c c\u1eeda s\u1ed5<\/td>\n<td>Linux, gi\u1ed1ng Unix<\/td>\n<td>h\u1ec7 \u0111i\u1ec1u h\u00e0nh Mac<\/td>\n<\/tr>\n<tr>\n<td>C\u00e1ch d\u00f9ng th\u00f4ng th\u01b0\u1eddng<\/td>\n<td>T\u1ec7p th\u1ef1c thi Windows<\/td>\n<td>C\u00e1c t\u1ec7p th\u1ef1c thi Linux, th\u01b0 vi\u1ec7n d\u00f9ng chung, t\u1ec7p \u0111\u1ed1i t\u01b0\u1ee3ng<\/td>\n<td>t\u1ec7p th\u1ef1c thi macOS, th\u01b0 vi\u1ec7n \u0111\u1ed9ng<\/td>\n<\/tr>\n<tr>\n<td>H\u1ed7 tr\u1ee3 ki\u1ebfn tr\u00fac<\/td>\n<td>x86, x64, ARM, v.v.<\/td>\n<td>x86, x64, ARM, v.v.<\/td>\n<td>x86, x64, ARM, v.v.<\/td>\n<\/tr>\n<tr>\n<td>C\u1ea5u tr\u00fac ti\u00eau \u0111\u1ec1 t\u1ec7p<\/td>\n<td>COFF + Ti\u00eau \u0111\u1ec1 t\u00f9y ch\u1ecdn<\/td>\n<td>Ti\u00eau \u0111\u1ec1 ELF<\/td>\n<td>Ti\u00eau \u0111\u1ec1 Mach-O<\/td>\n<\/tr>\n<tr>\n<td>\u0110\u1ecba ch\u1ec9 b\u1ed9 nh\u1edb<\/td>\n<td>B\u1ed9 nh\u1edb \u1ea3o<\/td>\n<td>B\u1ed9 nh\u1edb \u1ea3o<\/td>\n<td>B\u1ed9 nh\u1edb \u1ea3o<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>B\u1ea5t ch\u1ea5p nh\u1eefng kh\u00e1c bi\u1ec7t n\u00e0y, t\u1ea5t c\u1ea3 c\u00e1c \u0111\u1ecbnh d\u1ea1ng th\u1ef1c thi n\u00e0y \u0111\u1ec1u ph\u1ee5c v\u1ee5 m\u1ee5c \u0111\u00edch c\u01a1 b\u1ea3n l\u00e0 ch\u1ee9a m\u00e3 v\u00e0 d\u1eef li\u1ec7u th\u1ef1c thi, khi\u1ebfn ch\u00fang d\u00e0nh ri\u00eang cho n\u1ec1n t\u1ea3ng nh\u01b0ng r\u1ea5t quan tr\u1ecdng cho vi\u1ec7c ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh t\u01b0\u01a1ng \u1ee9ng.<\/p>\n<h2>Quan \u0111i\u1ec3m v\u00e0 c\u00f4ng ngh\u1ec7 t\u01b0\u01a1ng lai li\u00ean quan \u0111\u1ebfn ti\u00eau \u0111\u1ec1 t\u1ec7p th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>S\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) g\u1eafn li\u1ec1n v\u1edbi s\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a Windows v\u00e0 b\u1ed1i c\u1ea3nh thay \u0111\u1ed5i c\u1ee7a c\u00f4ng ngh\u1ec7 \u0111i\u1ec7n to\u00e1n. Khi c\u00f4ng ngh\u1ec7 ti\u1ebfp t\u1ee5c ph\u00e1t tri\u1ec3n, \u0111\u1ecbnh d\u1ea1ng PE c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c c\u1ea3i ti\u1ebfn h\u01a1n n\u1eefa \u0111\u1ec3 ph\u00f9 h\u1ee3p v\u1edbi ki\u1ebfn tr\u00fac m\u1edbi, t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt v\u00e0 t\u1ed1i \u01b0u h\u00f3a hi\u1ec7u su\u1ea5t.<\/p>\n<p>M\u1ed9t s\u1ed1 c\u00f4ng ngh\u1ec7 v\u00e0 ti\u1ebfn b\u1ed9 ti\u1ec1m n\u0103ng trong t\u01b0\u01a1ng lai li\u00ean quan \u0111\u1ebfn ti\u00eau \u0111\u1ec1 t\u1ec7p PE bao g\u1ed3m:<\/p>\n<ol>\n<li>\n<p><strong>H\u1ed7 tr\u1ee3 cho ki\u1ebfn tr\u00fac m\u1edbi<\/strong>: Khi \u0111i\u1ec7n to\u00e1n ph\u00e1t tri\u1ec3n, c\u00e1c ki\u1ebfn tr\u00fac CPU m\u1edbi c\u00f3 th\u1ec3 xu\u1ea5t hi\u1ec7n v\u00e0 \u0111\u1ecbnh d\u1ea1ng PE c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c m\u1edf r\u1ed9ng \u0111\u1ec3 h\u1ed7 tr\u1ee3 c\u00e1c ki\u1ebfn tr\u00fac n\u00e0y theo k\u1ecbp c\u00e1c ti\u1ebfn b\u1ed9 c\u00f4ng ngh\u1ec7.<\/p>\n<\/li>\n<li>\n<p><strong>C\u01a1 ch\u1ebf b\u1ea3o m\u1eadt n\u00e2ng cao<\/strong>: V\u1edbi s\u1ef1 t\u1eadp trung li\u00ean t\u1ee5c v\u00e0o an ninh m\u1ea1ng, c\u00e1c ti\u00eau \u0111\u1ec1 t\u1ec7p PE trong t\u01b0\u01a1ng lai c\u00f3 th\u1ec3 k\u1ebft h\u1ee3p c\u00e1c t\u00ednh n\u0103ng b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd h\u01a1n, ch\u1eb3ng h\u1ea1n nh\u01b0 k\u1ef9 thu\u1eadt m\u00e3 h\u00f3a v\u00e0 k\u00fd m\u00e3 n\u00e2ng cao.<\/p>\n<\/li>\n<li>\n<p><strong>C\u1ea3i thi\u1ec7n hi\u1ec7u su\u1ea5t<\/strong>: Nh\u1eefng n\u1ed7 l\u1ef1c nh\u1eb1m t\u1ed1i \u01b0u h\u00f3a th\u1eddi gian t\u1ea3i v\u00e0 th\u1ef1c thi c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn s\u1eeda \u0111\u1ed5i ti\u00eau \u0111\u1ec1 t\u1ec7p PE, h\u1ee3p l\u00fd h\u00f3a quy tr\u00ecnh v\u00e0 gi\u1ea3m chi ph\u00ed.<\/p>\n<\/li>\n<\/ol>\n<h2>C\u00e1ch s\u1eed d\u1ee5ng ho\u1eb7c li\u00ean k\u1ebft m\u00e1y ch\u1ee7 proxy v\u1edbi ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE)<\/h2>\n<p>M\u00e1y ch\u1ee7 proxy \u0111\u00f3ng vai tr\u00f2 quan tr\u1ecdng trong giao ti\u1ebfp m\u1ea1ng, \u0111\u00f3ng vai tr\u00f2 trung gian gi\u1eefa m\u00e1y kh\u00e1ch v\u00e0 m\u00e1y ch\u1ee7. M\u1eb7c d\u00f9 m\u00e1y ch\u1ee7 proxy ch\u1ee7 y\u1ebfu x\u1eed l\u00fd l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng nh\u01b0ng ch\u00fang c\u0169ng c\u00f3 th\u1ec3 t\u01b0\u01a1ng t\u00e1c v\u1edbi c\u00e1c t\u1ec7p th\u1ef1c thi, bao g\u1ed3m ti\u00eau \u0111\u1ec1 t\u1ec7p PE, theo c\u00e1c c\u00e1ch sau:<\/p>\n<ol>\n<li>\n<p><strong>L\u1ecdc n\u1ed9i dung<\/strong>: M\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 ki\u1ec3m tra c\u00e1c ti\u00eau \u0111\u1ec1 t\u1ec7p PE \u0111\u1ec3 th\u1ef1c thi c\u00e1c ch\u00ednh s\u00e1ch l\u1ecdc n\u1ed9i dung, ng\u0103n ch\u1eb7n vi\u1ec7c t\u1ea3i xu\u1ed1ng ho\u1eb7c th\u1ef1c thi c\u00e1c t\u1ec7p th\u1ef1c thi c\u1ee5 th\u1ec3 d\u1ef1a tr\u00ean \u0111\u1eb7c \u0111i\u1ec3m c\u1ee7a ch\u00fang.<\/p>\n<\/li>\n<li>\n<p><strong>Qu\u00e9t b\u1ea3o m\u1eadt<\/strong>: M\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 qu\u00e9t ti\u00eau \u0111\u1ec1 v\u00e0 n\u1ed9i dung t\u1ec7p PE \u0111\u1ec3 t\u00ecm ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i v\u00e0 vi-r\u00fat, b\u1ea3o v\u1ec7 m\u1ea1ng c\u1ee7a kh\u00e1ch h\u00e0ng kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda ti\u1ec1m \u1ea9n.<\/p>\n<\/li>\n<li>\n<p><strong>B\u1ed9 nh\u1edb \u0111\u1ec7m v\u00e0 t\u0103ng t\u1ed1c<\/strong>: M\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 l\u01b0u v\u00e0o b\u1ed9 \u0111\u1ec7m c\u00e1c t\u1ec7p PE, gi\u1ea3m th\u1eddi gian t\u1ea3i xu\u1ed1ng v\u00e0 n\u00e2ng cao t\u1ed1c \u0111\u1ed9 t\u1ea3i \u1ee9ng d\u1ee5ng cho m\u00e1y kh\u00e1ch.<\/p>\n<\/li>\n<li>\n<p><strong>C\u00e2n b\u1eb1ng t\u1ea3i<\/strong>: Trong tr\u01b0\u1eddng h\u1ee3p \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c ph\u00e2n ph\u1ed1i tr\u00ean nhi\u1ec1u m\u00e1y ch\u1ee7, m\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng th\u00f4ng tin t\u1eeb ti\u00eau \u0111\u1ec1 t\u1ec7p PE \u0111\u1ec3 c\u00e2n b\u1eb1ng t\u1ea3i m\u1ed9t c\u00e1ch th\u00f4ng minh cho c\u00e1c y\u00eau c\u1ea7u.<\/p>\n<\/li>\n<\/ol>\n<h2>Li\u00ean k\u1ebft li\u00ean quan<\/h2>\n<p>\u0110\u1ec3 bi\u1ebft th\u00eam th\u00f4ng tin v\u1ec1 ti\u00eau \u0111\u1ec1 t\u1ec7p c\u00f3 th\u1ec3 th\u1ef1c thi di \u0111\u1ed9ng (PE) v\u00e0 c\u00e1c ch\u1ee7 \u0111\u1ec1 li\u00ean quan, vui l\u00f2ng tham kh\u1ea3o c\u00e1c t\u00e0i nguy\u00ean sau:<\/p>\n<ol>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/debug\/pe-format\" target=\"_new\" rel=\"noopener nofollow\">Th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt Microsoft PE v\u00e0 COFF<\/a><\/li>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Executable_and_Linkable_Format\" target=\"_new\" rel=\"noopener nofollow\">\u0110\u1ecbnh d\u1ea1ng c\u00f3 th\u1ec3 th\u1ef1c thi v\u00e0 c\u00f3 th\u1ec3 li\u00ean k\u1ebft (ELF)<\/a><\/li>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Mach-O\" target=\"_new\" rel=\"noopener nofollow\">\u0110\u1ecbnh d\u1ea1ng t\u1ec7p Mach-O<\/a><\/li>\n<\/ol>\n<hr>\n<p>Xin l\u01b0u \u00fd r\u1eb1ng b\u00e0i vi\u1ebft ch\u1ec9 nh\u1eb1m m\u1ee5c \u0111\u00edch gi\u00e1o d\u1ee5c v\u00e0 cung c\u1ea5p th\u00f4ng tin v\u00e0 c\u00f3 th\u1ec3 kh\u00f4ng c\u1eadp nh\u1eadt \u0111\u1ea7y \u0111\u1ee7 nh\u1eefng di\u1ec5n bi\u1ebfn m\u1edbi nh\u1ea5t ngo\u00e0i ng\u00e0y gi\u1edbi h\u1ea1n ki\u1ebfn th\u1ee9c v\u00e0o th\u00e1ng 9 n\u0103m 2021.<\/p>","protected":false},"featured_media":469191,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478479","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Portable Executable (PE) File Header: An Overview<\/mark>","faq_items":[{"question":"What is the Portable Executable (PE) File Header?","answer":"<p>The Portable Executable (PE) File Header is a crucial component of the Microsoft Windows operating system. It serves as a fundamental structure in the Windows Portable Executable file format, containing essential information about the executable, such as architecture, entry point, and sections.<\/p>"},{"question":"How did the PE File Header originate?","answer":"<p>The concept of the PE File Header can be traced back to the early development of Windows operating systems. It was introduced in Windows NT 3.1 in 1993 as a replacement for the older New Executable (NE) format used in 16-bit Windows versions.<\/p>"},{"question":"What does the PE File Header include?","answer":"<p>The PE File Header includes a magic number, architecture information, timestamp, entry point address, image base address, section details, import\/export tables, relocation data, checksum, and debugging information.<\/p>"},{"question":"How does the PE File Header work?","answer":"<p>The PE File Header provides crucial information to the operating system, enabling it to load and execute the program correctly. It contains details about the executable's layout, dependencies, and memory addressing, facilitating efficient execution.<\/p>"},{"question":"What are the key features of the PE File Header?","answer":"<p>The PE File Header offers versatility, dynamic linking, virtual memory addressing, security through checksums, and support for debugging, enhancing the stability and performance of Windows executables.<\/p>"},{"question":"What types of PE File Headers exist?","answer":"<p>There are two main types: PE32 for 32-bit Windows executables and PE32+ for 64-bit Windows executables. These headers differ in certain fields and cater to specific architectures.<\/p>"},{"question":"How can proxy servers interact with PE File Headers?","answer":"<p>Proxy servers can use PE File Headers for content filtering, security scanning, caching, acceleration, and load balancing in network communication, enhancing client experiences.<\/p>"},{"question":"What are the potential future technologies related to PE File Headers?","answer":"<p>Future technologies may involve support for new architectures, enhanced security mechanisms, and improved performance to keep up with evolving computing trends.<\/p>"},{"question":"How does the PE File Header compare to other executable file formats?","answer":"<p>The PE File Header is specific to Windows and differs from executable formats like ELF on Linux and Mach-O on macOS in terms of platform, architecture support, and file header structure.<\/p>"},{"question":"What are some common problems related to PE File Headers and their solutions?","answer":"<p>Problems may include compatibility issues, security vulnerabilities, and execution errors. Developers can address these by following best practices, avoiding header modifications, and implementing security measures like code signing.<\/p><hr><p>Please note that the answers provided here are brief summaries. For more in-depth information, refer to the corresponding sections in the main article.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki\/478479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki\/478479\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/media\/469191"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/media?parent=478479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}