{"id":8499,"date":"2023-05-11T23:16:10","date_gmt":"2023-05-11T23:16:10","guid":{"rendered":"https:\/\/www.hexacorn.com\/blog\/?p=8499"},"modified":"2023-05-11T23:16:10","modified_gmt":"2023-05-11T23:16:10","slug":"pe-section-names-re-visited-again-in-2023","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2023\/05\/11\/pe-section-names-re-visited-again-in-2023\/","title":{"rendered":"PE Section names \u2013 re-visited, again, in 2023"},"content":{"rendered":"\n<p>In <a href=\"https:\/\/www.hexacorn.com\/blog\/2016\/12\/15\/pe-section-names-re-visited\/\" data-type=\"post\" data-id=\"3997\">my<\/a> <a href=\"https:\/\/www.hexacorn.com\/blog\/2019\/07\/26\/pe-section-names-re-visited-again\/\" data-type=\"post\" data-id=\"6620\">previous<\/a> posts I have listed many PE sections present in different types of binaries. Today I am looking at win11 PE sections and am happy to report that the world of PE Sections has expanded a bit, again; here are some stats:<\/p>\n\n\n\n<ul><li>3176 b&#8217;.rsrc&#8217;<\/li><li>3109 b&#8217;.text&#8217;<\/li><li>3109 b&#8217;.reloc&#8217;<\/li><li>3108 b&#8217;.data&#8217;<\/li><li>3102 b&#8217;.pdata&#8217;<\/li><li>2983 b&#8217;.rdata&#8217;<\/li><li>2007 b&#8217;.a64xrm&#8217; &#8211;> <a href=\"https:\/\/ffri.github.io\/ProjectChameleon\/new_reloc_chpev2\/\">CHPEV2 section<\/a><\/li><li>1958 b&#8217;.hexpthk&#8217; &#8211;> possibly stands for <a href=\"https:\/\/blogs.blackberry.com\/en\/2019\/09\/teardown-windows-10-on-arm-x86-emulation\">Hybrid Executable Push Thunk<\/a><\/li><li>1705 b&#8217;.didat&#8217;<\/li><li>241 b&#8217;.00cfg&#8217;<\/li><li>50 b&#8217;.orpc&#8217;<\/li><li>39 b&#8217;?g_Encry&#8217; &#8211;> <a href=\"https:\/\/downwithup.github.io\/blog\/post\/2023\/04\/23\/post9.html\">WarbirdPayload<\/a><\/li><li>31 b&#8217;PAGE&#8217;<\/li><li>25 b&#8217;INIT&#8217;<\/li><li>25 b&#8217;GFIDS&#8217;<\/li><li>25 b&#8217;.edata&#8217;<\/li><li>19 b&#8217;.wpp_sf&#8217;<\/li><li>14 b&#8217;.idata&#8217;<\/li><li>12 b&#8217;.mrdata&#8217;<\/li><li>9 b&#8217;PAGECMRC&#8217;<\/li><li>7 b&#8217;RT_DATA&#8217;<\/li><li>7 b&#8217;RT_BSS&#8217;<\/li><li>6 b&#8217;RT_CODE&#8217;<\/li><li>5 b&#8217;_RDATA&#8217;<\/li><li>5 b&#8217;.sdbid&#8217;<\/li><li>5 b&#8217;.no_bbt&#8217;<\/li><li>5 b&#8217;.apiset&#8217;<\/li><li>4 b&#8217;RT_CONST&#8217;<\/li><li>4 b&#8217;.isoapis&#8217;<\/li><li>4 b&#8217;.imrsiv&#8217;<\/li><li>2 b&#8217;PAGEWdfV&#8217;<\/li><li>2 b&#8217;PAGELK&#8217;<\/li><li>2 b&#8217;PAGEDATA&#8217;<\/li><li>2 b&#8217;PAGECONS&#8217;<\/li><li>2 b&#8217;.text_hf&#8217;<\/li><li>2 b&#8217;.sipc&#8217;<\/li><li>1 b&#8217;msrodata&#8217;<\/li><li>1 b&#8217;debug_wi&#8217;<\/li><li>1 b&#8217;cachelin&#8217;<\/li><li>1 b&#8217;__Defaul&#8217;<\/li><li>1 b&#8217;SANONTCP&#8217;<\/li><li>1 b&#8217;RT&#8217;<\/li><li>1 b&#8217;FE_TEXT&#8217;<\/li><li>1 b&#8217;ExtTel&#8217;<\/li><li>1 b&#8217;ERRATA&#8217;<\/li><li>1 b&#8217;CiPolicy&#8217;<\/li><li>1 b&#8217;.ssm_url&#8217;<\/li><li>1 b&#8217;.proxy&#8217;<\/li><li>1 b&#8217;.ndr64&#8242;<\/li><li>1 b&#8217;.mytext&#8217;<\/li><li>1 b&#8217;.guids&#8217;<\/li><li>1 b&#8217;.detourd&#8217;<\/li><li>1 b&#8217;.detourc&#8217;<\/li><li>1 b&#8217;.bootdat&#8217;<\/li><li>1 b&#8217;.DDIData&#8217;<\/li><\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In my previous posts I have listed many PE sections present in different types of binaries. Today I am looking at win11 PE sections and am happy to report that the world of PE Sections has expanded a bit, again; &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2023\/05\/11\/pe-section-names-re-visited-again-in-2023\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[44,99],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/8499"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=8499"}],"version-history":[{"count":1,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/8499\/revisions"}],"predecessor-version":[{"id":8500,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/8499\/revisions\/8500"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=8499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=8499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=8499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}