Let's try to understand how a compiled program appears on the disk, with an example. Let's take an example of a simple C program that prints a string to the screen:

#include <stdio.h>int main() {   char *string = "This is a simple program";    printf("%s",string);   return 0;}

The above program was passed through a compiler to generate an executable file (print_string.exe). Opening the compiled executable file in the PE Internals tool (http://www.andreybazhan.com/pe-internals.html) displays the five sections (.text, .rdata, .data, .rsrc, and .reloc) generated by the compiler. Information about the sections was provided in Chapter 2, Static Analysis. Here, we will mainly focus on two sections: .text and .data. The content of ...