# PE32+ PE32+ is an extension of the Portable Executable (PE) file format used in 64-bit versions of Windows operating systems. Here's a brief explanation: 1. **64-bit Support**: PE32+ supports 64-bit architectures, allowing executable files to address larger amounts of memory and utilize 64-bit registers and instructions. 2. **Header Changes**: While the basic structure of the PE header remains similar to that of the standard PE32 format used for 32-bit executables, PE32+ introduces changes to accommodate 64-bit architecture requirements. These changes include modifications to the data directories, section headers, and other metadata. 3. **64-bit Addressing**: PE32+ enables the use of 64-bit virtual memory addressing, allowing applications to access memory beyond the 4 GB limit imposed by 32-bit architectures. This enables larger address spaces and supports applications that require more memory. 4. **New Calling Convention**: With PE32+, the calling convention for function calls may change to accommodate the different register usage and parameter passing conventions of 64-bit architectures. For example, function parameters might be passed in registers rather than on the stack. 5. **Compatibility**: While PE32+ is primarily designed for 64-bit Windows systems, it still maintains backward compatibility with 32-bit versions of Windows. However, 32-bit applications cannot directly execute on 64-bit systems without the aid of an emulator or compatibility layer. Overall, PE32+ extends the capabilities of the PE file format to support 64-bit architectures, enabling developers to create applications that can take advantage of the increased performance and memory capabilities offered by 64-bit systems. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nuclei-av.gitbook.io/malware-handbook/pe-format/pe32+.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.