.exe文件中有什么? [英] what's in a .exe file?

问题描述

.exe文件是Windows可以执行的文件，但是它到底包含什么?特定于处理器的汇编语言?还是Windows能够识别的某种中间语句，将其转换为特定处理器的汇编程序?当文件执行"时，Windows会如何处理?

So a .exe file is a file that can be executed by windows, but what exactly does it contain? Assembly language that's processor specific? Or some sort of intermediate statement that's recognized by windows which turns it into assembly for a specific processor? What exactly does windows do with the file when it "executes" it?

推荐答案

MSDN上有文章"

MSDN has an article "An In-Depth Look into the Win32 Portable Executable File Format" that describes the structure of an executable file.

基本上，.exe包含几个数据块以及有关如何将其加载到内存中的指令.其中一些部分恰好包含可以执行的机器代码(其他部分包含程序数据，资源，重定位信息，导入信息等)

Basically, a .exe contains several blobs of data and instructions on how they should be loaded into memory. Some of these sections happen to contain machine code that can be executed (other sections contain program data, resources, relocation information, import information, etc.)

我建议您获得一份 Windows Internals 有关运行exe时发生情况的完整说明.

I suggest you get a copy of Windows Internals for a full description of what happens when you run an exe.

对于本机可执行文件，机器代码是特定于平台的. .exe标头指示该.exe适用于哪个平台.

For a native executable, the machine code is platform specific. The .exe's header indicates what platform the .exe is for.

运行本机.exe时，会发生以下情况(大大简化了):

When running a native .exe the following happens (grossly simplified):

• 已创建过程对象.
• 该exe文件被读取到该进程的内存中. .exe的不同部分(代码，数据等)分别映射到不同的位置，并具有不同的权限(执行代码，读取/写入数据，常量为只读).
• 重定位发生在.exe中(如果未将.exe加载到其首选地址，则地址会被修补.)
• 导入表已遍历并加载了相关的DLL.
DLL的映射方式与.exe相似，会发生重定位并加载其相关的DLL.解决了从DLL导入的功能.
• 该过程在NTDLL中的初始存根处开始执行.
• 初始加载程序存根运行每个DLL的入口点，然后跳转到.exe的入口点.

• A process object is created.
• The exe file is read into that process's memory. Different sections of the .exe (code, data, etc.) are mapped in separately and given different permissions (code is execute, data is read/write, constants are read-only).
• Relocations occur in the .exe (addresses get patched if the .exe was not loaded at its preferred address.)
• The import table is walked and dependent DLL's are loaded.
• DLL's are mapped in a similar method to .exe's, with relocations occuring and their dependent DLL's being loaded. Imported functions from DLL's are resolved.
• The process starts execution at an initial stub in NTDLL.
• The initial loader stub runs the entry points for each DLL, and then jumps to the entry point of the .exe.

受管理的可执行文件包含MSIL(Microsoft中间语言)，可以进行编译，以便它们可以针对CLR支持的任何CPU.我对CLR加载程序的内部工作并不熟悉(最初运行什么本机代码引导CLR并开始解释MSIL)-也许其他人可以对此进行详细说明.

Managed executables contain MSIL (Microsoft Intermediate Language) and may be compiled so they can target any CPU that the CLR supports. I am not that familiar with the inner workings of the CLR loader (what native code initially runs to boot strap the CLR and start interpreting the MSIL) - perhaps someone else can elaborate on that.

这篇关于.exe文件中有什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！