这个26KB可执行文件中存储了什么? [英] What is stored in this 26KB executable?

问题描述

使用-O3编译此代码:

#include <iostream>
int main(){std::cout<<"Hello World"<<std::endl;}

生成一个长度为25,890个字节的文件. (与GCC 4.8.1一起编译)

results in a file with a length of 25,890 bytes. (Compiled with GCC 4.8.1)

编译器不能只存储两次对write(STDOUT_FILENO, ???, strlen(???));的调用，存储write的内容，存储字符串，然后将其繁荣写入磁盘吗?据我估计，这将导致EXE的长度小于1,024个字节.

Can't the compiler just store two calls to write(STDOUT_FILENO, ???, strlen(???));, store write's contents, store the string, and boom write it to the disk? It should result in a EXE with a length under 1,024 bytes to my estimate.

在汇编中编译hello world程序将生成17个字节文件: https://stackoverflow.com/questions/284797/hello-world-in-less-than-17字节，表示实际代码长5字节. (字符串为Hello World\0)

Compiling a hello world program in assembly results in 17 bytes file: https://stackoverflow.com/questions/284797/hello-world-in-less-than-17-bytes, means actual code is 5-bytes long. (The string is Hello World\0)

该EXE除了实际的main及其调用的功能之外，还存储了什么?

What that EXE stores except the actual main and the functions it calls?

注意:此问题也适用于MSVC.

NOTE: This question applies to MSVC too.

许多用户指出iostream是罪魁祸首，所以我测试了这个假设，并使用相同的参数编译了该程序:

A lot of users pointed at iostream as being the culprit, so I tested this hypothesis and compiled this program with the same parameters:

int main( ) {
}

得到23,815个字节，该假设已被证明.

And got 23,815 bytes, the hypothesis has been disproved.

推荐答案

默认情况下，编译器会生成完整的符合PE的可执行文件.假设有一个发布版本，您发布的简单代码可能包括:

The compiler generates by default a complete PE-conformant executable. Assuming a release build, the simple code you posted might probably include:

• 加载程序(例如IAT)所需的所有PE标头和表，这也意味着必须满足对齐要求
• CRT库初始化代码
• 调试信息(即使是发布版本，您也需要手动将其删除)

如果编译器是MSVC，则会包含其他内容:

In case the compiler were MSVC there would have been additional inclusions:

• 清单xml和重定位数据
• 默认编译器选项的结果，青睐速度超过大小

您发布的链接确实包含一个非常小的程序集"hello world"程序，但是为了在Windows环境中正常运行，至少需要完整，有效的PE结构可供加载程序使用(将所有级别的问题，可能会导致该代码根本无法运行.

The link you posted does contain a very small assembly "hello world" program, but in order to properly run in a Windows environment at least the complete and valid PE structure needs to be available to the loader (setting aside all the low-level issues that might cause that code not to run at all).

假设加载器已经正确地设置"了将代码运行到的过程，只有在那时，您才可以将其映射到PE部分并执行

Assuming the loader had already and correctly 'set up' the process where to run that code into, only at that point you could map it into a PE section and do

jmp small_hello_world_entry_point

实际执行代码.

参考文献: PE格式

最后通知: UPX 和类似的压缩工具也用于减少可执行文件的文件大小.

One last notice: UPX and similar compression tools are also used to reduce filesize for executables.

这篇关于这个26KB可执行文件中存储了什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！