A PE file contains the following sections:
- .text - contains the executable code
- .rdata - hold read-only data that is globally accessible within the program
- .data - stores global data access throughout the program
- .idata - sometimes present and stores the import function information
- .edata - sometimes present and stores the export function information
- .pdata - only in 64 bit executables and stores exceptional handling information
- .rsrc - stores resources needed by the executables
- .reloc - contains information for relocation of library files
Tools used to examine PE files:
- PEview
Source: Practical Malware Analysis, hackerzvoice
