In my previous posts I have listed many PE sections present in different types of binaries. Today I am looking at win11 PE sections and am happy to report that the world of PE Sections has expanded a bit, again; here are some stats:

• 3176 b’.rsrc’
• 3109 b’.text’
• 3109 b’.reloc’
• 3108 b’.data’
• 3102 b’.pdata’
• 2983 b’.rdata’
• 2007 b’.a64xrm’ –> CHPEV2 section
• 1958 b’.hexpthk’ –> possibly stands for Hybrid Executable Push Thunk
• 1705 b’.didat’
• 241 b’.00cfg’
• 50 b’.orpc’
• 39 b’?g_Encry’ –> WarbirdPayload
• 31 b’PAGE’
• 25 b’INIT’
• 25 b’GFIDS’
• 25 b’.edata’
• 19 b’.wpp_sf’
• 14 b’.idata’
• 12 b’.mrdata’
• 9 b’PAGECMRC’
• 7 b’RT_DATA’
• 7 b’RT_BSS’
• 6 b’RT_CODE’
• 5 b’_RDATA’
• 5 b’.sdbid’
• 5 b’.no_bbt’
• 5 b’.apiset’
• 4 b’RT_CONST’
• 4 b’.isoapis’
• 4 b’.imrsiv’
• 2 b’PAGEWdfV’
• 2 b’PAGELK’
• 2 b’PAGEDATA’
• 2 b’PAGECONS’
• 2 b’.text_hf’
• 2 b’.sipc’
• 1 b’msrodata’
• 1 b’debug_wi’
• 1 b’cachelin’
• 1 b’__Defaul’
• 1 b’SANONTCP’
• 1 b’RT’
• 1 b’FE_TEXT’
• 1 b’ExtTel’
• 1 b’ERRATA’
• 1 b’CiPolicy’
• 1 b’.ssm_url’
• 1 b’.proxy’
• 1 b’.ndr64′
• 1 b’.mytext’
• 1 b’.guids’
• 1 b’.detourd’
• 1 b’.detourc’
• 1 b’.bootdat’
• 1 b’.DDIData’