File And Section Alignment in Portable Executable

Please refer to https://resources.infosecinstitute.com/topic/2-malware-researchers-handbook-demystifying-pe-file/ if you want to know about all headers.

We will focus on File and Section alignment

Alignment is normalizing the data into equal chunks.

So we can say that

File Alignment is a unit of memory chunk according to which, we write our executable file to the secondary disk (i.e HDD). This brings up another question, which alignment number to choose? We have to choose a number that is easy for OS to perform read/write operations. It is known that the smallest block that can be read/write in HDD is a sector with the size of 512 bytes (normally). So it makes sense to set the File alignment 512 or 0x200. What will happen if it is not 512? PE will still compile and work most likely work but won’t be efficient in reading as OS will have to work extra in order to read files from more sectors.

Section Alignment : it is similar to file alignment, but here we deal with main memory and the smallest memory unit here is a page which has a memory size of 4096 or 0x1000 bytes. This helps OS to map the section quickly and efficiently.

Finally, Alignments are set to increase for efficient read-write operations