WINDOWS executable brief description (1)
The file in the operating system is an abstract mechanism that provides a method of saving information on a disk and is convenient for later reading. In the Windows operating system, the form of a user can experience the most direct experience is the executable of the extension of .exe, .dll et al.. With the continuous improvement of the Windows operating system, its format of its executable has a huge change. During this period, there are four processes: the easiest ways of .com-mentioned executables and MZ formats for .exe-based MZ format (MZ are the main author MARK ZBIKOWSKI name) The executable file, the NE (New Executable: Segment Executable File) format in Win 3.x, is available for LE (Linear Executable: Linear Executable: Linear Executable: Linear Executable: Linear Executable File, dedicated to VXD files), 32-bit executable file PE under Win9x and WIN NT / 2000 / XP PE (Portable Executable: Movable executable). In this case, MZ and NE belong to Win16, PE belongs to Win32, Le can be compatible with Win16 and Win32.
In an operating system, the executable code is ultimately stored in a file in a file, which is in the way in executable files. Below is an overview of the executable of the Microsoft Windows operating system.
1. COM format
The easiest executable of Windows is the COM file under DOS .com. The COM file is the product of the old only 64kB memory CP / M machine. The COM format file is 64K, and the COM file contains a binary code image of 16-bit programs, and there is no relocation information.
The COM file contains an absolute image of the binary code of the program. That is, in order to run the program-accurate processor instruction and data, MS-DOS loads the COM program by copying the image directly from the file to the memory; it does not make any changes.
To load a COM program, MS-DOS first attempts to allocate memory because the COM program must be in a 64K segment, so the size of the COM file cannot exceed 65,024 (64K minus 256 bytes for PSP and used for one start At least 256 bytes of stacks). If MS-DOS cannot assign enough memory for a program, a PSP, a starting stack, assigning an attempt failed. Otherwise, MS-DOS assigns as much as possible (until all reserved memory). Even if the COM program itself cannot be greater than 64K. Most COM programs release any unwanted memory before trying to run another program or allocate additional memory.
After the memory is allocated, MS-DOS establishes a PSP (Program Segment Prefix, Block Prefix) at the head 256 bytes of the memory, and the PSP structure is as follows:
Offset size (Byte) said that 0000H 02 interrupts 20H 0002H 02 in the memory size (using this can see if infected guided virus) 0004h 01 retain 0005H 05 to DOS long adjustment 000AH 02 INT 22H Inlet IP 000ch 02 INT 22H Entrance CS 000EH 02 INT 23H Entry IP 0010H 02 INT 23H Inlets CS 0012H 02 INT 24H Inlet IP 0014H 02 INT 24H Inlet CS 0016H 02 PET PSP segment value (whether or not it is traced) 0018H 14 stores 20 Soft No. 002CH 02 Environmental Block Section Address (Program Name) 002EH 04 Storage User Stack Address Pointer 0032H 1e Reserved 0050H 03 DOS Call (INT 21H / RETF) 0053H 02 Reserved 0055H 07 Extended FCB header 005CH 10 formatted FCB1 006CH 10 Formatted FCB2 007ch 04 Reserved 0080H 80 command line parameter length 0081H 127 command line parameters Others:
WINDOWS executable brief description (2)
WINDOWS executable brief description (3)
============================================================================================================================================================================================================= =====================
Rivershan original on March 23, 2004 3:38
