Skip Navigation
Reverse Engineering Blue DeviL

Abusing undocumented features to spoof PE section headers Abusing undocumented features to spoof PE section headers

Introduction Some time ago, I accidentally came across some interesting behaviour in PE files while debugging an unrelated project. I noticed that setting the SectionAlignment value in the NT header to a value lower than the page size (4096) resulted in significant differences in the way that the im...

Abusing undocumented features to spoof PE section headers

Abusing PE

Amazing write-up from x86mathew:

Abusing undocumented features to spoof PE section headers.