WINDOWS executable brief description (3)
4. Le format
In the era of Windows3.x, starting Windows from DOS, Windows needs to be initialized in real mode before turning the machine to the protection mode. The 16-bit code of the real mode must be placed in the executable with 32-bit code. The executable file under the old DOS and the executable executable of the NE format cannot meet this request, so it will play from Win 3.x to Win 9X, generating a new type of executable file format Le, which only applies to the system The bottom layer, contains 16-bit code and 32-bit code VXD drivers. OS / 2 2.x also uses the Le format.
In general, the executable of the protection mode places program code and data in different sections, and uses the various attributes in the executable file head to tell the executive file loader in the face of these sections. Detail action. However, VXD mixed program code and data in segments, through the identity of different segments, indicating the characteristics of the segment at runtime. The program code and data can be mixed together, and can still be effectively operated because the data selector in the flat mode used by VXD has the same base address and restriction factor. Therefore, you can use the program code or data in any of the above register buffers.
The following figure is a schematic structural diagram of the executable of the LE format:
MZ file head DOS file head DOS STUB program LE logo LE file header le file head LCODE block PCode ...... 16iDE McODE
In the LE file, code and data are stored in several types of running properties. Below is some of the available paragraphs in the Le file:
LCODE: The code and data segment locking in the page. This segment is locked in memory. In other words, this paragraph will never be put on the hard drive, so you must use this para class to avoid waste of valuable memory. Codes and data that must be placed in memory every moment should be placed in this segment. Especially those hardware interrupt handles.
Pcode: Disabled page code segment. VMM can do pages processing on this section. The code in this segment does not have to be placed in memory, when VMM needs physical memory, it will put this section on the hard disk.
PDATA: Disabled data segment.
ICode: For initialization segments used. This segment is only used to initialize VXD. When the initialization is completed, the VMM releases this paragraph from memory.
DBOCODE: only used to debug code data segments. When you want to debug the VXD program, you should use the code and data in this segment, for example, it contains the processing code for the message to be debugged.
SCODE: Static code and data segment. This period is present in memory, even if VXD has been uninstalled, this segment is useful for some dynamic VXD programs, which need to be loaded / uninstalled in a Windows process and record last time Environment and status.
Rcode: Real Mode Initialization Code Data Section. This section contains 16-bit code and data that requires real mode initialization.
16icode: Protection mode initialization data segment. This is a 16-bit segment that contains VXD to copy from the protection mode to the V86 mode. For example, if you want to copy some V86 code to a virtual machine, you want to copy the code here. If you put it in other segments, the compiler will generate an error code, for example, it produces 32-bit code instead of 16-bit code.
Mcode: Locked Message String. This section contains a message string that helps compile by the VMM message macro, which helps you construct your international version of your driver.
5. PE format
The 16-bit program is unachable, so in order to ensure the robustness of Windows, Microsoft is in Microsoft Windows NT 3.1 and its future operating system versions, that is, all Win32-based operating systems have launched a new executable. The format, that is, the PE file format. The meaning of PE is Portable Executable (portable executable), with 32-bit program code and data, is the evolution of Unix Common Object File Format (COFF). The PE format is a key point than other formats that it has an exports that is arranged in alphabetical order, and a memory file mapping function that can be imaged directly into virtual memory. At the same time, Microsoft also launched a new OBJ file and lib file format. The overall level of PE file structure is as follows: DOS MZ Header DOS Real Mode Root (Stub) Program PE Header (PE File Tag, etc.) Optional Header .Text Section Header .Bss Section Header .rdata Section Header ..................... ... .debug section header .text section.bss section.rdata section ..................... Debug Section
From PE, the structure of the executable file begins with formal documentation. Microsoft gives the PE structure described in C language in the online documentation of Visual C 6 (ie "MSDN Library Visual Studio 6.0"), which provides developers with great convenience. At the same time, the definition of each structure of PE is also available in the Winnt.h file in the VC's Include directory, which provides the original data structure used in the PE file.
Others: Windows executable brief description (1)
WINDOWS executable brief description (2)
============================================================================================================================================================================================================= ===================== Rivershan original March 23, 2004 3:38
