Streamed Live on Twitch: https://twitch.tv/tsoding
Enable Subtitles for Twitch Chat

Chapters:
- 00:00:00 - Beatbox
- 00:00:27 - Intro
- 00:06:25 - Project Building
- 00:15:43 - Loading EXE file
- 00:18:08 - DOS Header and DOS STUB
- 00:44:52 - COFF Header
- 00:57:30 - Skipping Optional PE Header
- 01:05:04 - Section Table
- 01:28:36 - Dumping Raw Data of Sections
- 01:32:16 - Trying to find CLR
- 02:08:22 - CLI Header
- 02:30:29 - Not Skipping Optional PE Header
- 02:40:47 - Relative Virtual Address (RVA)
- 03:24:43 - CLI MetaData
- 03:36:10 - Stream Headers
- 03:55:07 - CLI Streams
- 04:05:32 - Outro

References:
- https://en.wikipedia.org/wiki/Portable_Executable
- https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
- https://www.red-gate.com/simple-talk/blogs/anatomy-of-a-net-assembly-pe-headers/
- https://www.ecma-international.org/wp-content/uploads/ECMA-335_6th_edition_june_2012.pdf

Topic: Reverse engineering an EXE file generated by the Mono C# Compiler to see if I can recreate it myself from scratch as part of the CLR target for the B compiler.

Twitch Chat in Subtitles generated by: https://github.com/kam1k4dze/subchat

Support:
- https://github.com/tsoding/donate#support-tsoding

Tsoding Daily

A detailed exploration of the Windows Portable Executable (PE) format through hands-on reverse engineering. The author analyzes a .NET executable compiled with Mono, examining the DOS header, PE signature, COFF header, and section tables. The goal is to understand PE structure well enough to generate .NET executables directly from a custom compiler, bypassing intermediate language assembly. The session covers binary parsing techniques, file format specifications, and practical implementation using C programming with debugging tools.

Reverse Engineering Windows EXE files on Linux