Description
In this lab, you will download and use PE studio/Dependency Walker to dive into the example PE file. PE Studio will point out any suspicious items, and generally give you a simple interface to view the contents of an executable or dynamically-linked library (DLL). Explore the application and use it to answer the following questions:
- What is the image base? Does this deviate from the standard image base value used by most compilers?
- What is the value for the Size of code?
- Where is the base of code? What section is this in?
- What are the names of the sections in this file? Do any of them deviate from standard names?
- Based on the imported functionality, what do you suspect this program does? What other information can you use to determine program functionality?
