Master the fundamental concepts of binary formats through this focused micro-challenge.
The Portable Executable (PE) format is used for .exe, .dll, and driver files on Windows. If you analyze cross-platform malware or compare Linux ELF with Windows binaries, you need to understand this layout.
A PE file layers several headers:
e_magic = 'MZ' (0x5A4D)'PE\0\0' at offset given by e_lfanewFor example, a 64-bit Windows executable has COFF Machine = 0x8664 and optional header Magic = 0x20B (PE32+).
You will parse DOS and PE headers, verify both magic values, and print machine type, entry point, and section information. Comparing PE with ELF helps you see that both formats solve the same problem (describing loadable code and data) with different field layouts.
Windows maps PE sections using VirtualAddress and SizeOfRawData, while ELF uses program headers for loading and section headers for linking. The PE optional header Subsystem field tells you whether the binary expects a console (3) or GUI (2). Cross-platform malware analysts encounter both formats, so recognizing MZ versus ELF magic immediately routes you to the correct parser.
Implement a PE header parser in C.
Requirements:
Test:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github