PE头“子系统"的作用是什么?场地? [英] What are the effects of the PE header "subsystem" field?
问题描述
我有几个关于 PE子系统"字段的问题,可能在某种程度上有重叠.为了避免将每个问题单独发送到这个地方,我想我会一起问他们,然后单独重新询问任何没有得到解决的问题.希望一切顺利...
I have several questions about the PE "subsystem" field, which may overlap to some extent. To avoid spamming this place with each question separately, I thought I'd ask them together and then re-ask separately anything that doesn't get addressed. Hope this is OK...
我知道 IMAGE_SUBSYSTEM_WINDOWS_CUI 使操作系统将进程预先附加"到控制台,无论是其父进程还是在必要时创建新控制台.IMAGE_SUBSYSTEM_WINDOWS_GUI 不这样做.
I know that IMAGE_SUBSYSTEM_WINDOWS_CUI makes the OS "pre-attach" the process to a console, either of its parent process or creating a new console if necessary. IMAGE_SUBSYSTEM_WINDOWS_GUI doesn't do that.
在现代版本的 Windows 中,这两者之间还有其他区别吗?过去有更多吗?
Are there any other differences between these two in a modern version of Windows? Have there been more in the past?
其他值呢,Windows 使用它们只是为了拒绝 EXE,还是导致 Windows 模拟不同的 API?这种模拟"过程是否可以由最终用户扩展,或者是否已经深入到操作系统中?
What about the other values, are they used by Windows merely to reject an EXE, or do they cause Windows to emulate a different API? Is this "emulation" process extensible by end-users or is this hard-baked into the OS?
推荐答案
是的,预连接控制台似乎是目前唯一的区别.如果没记错的话,基于 16 位的 Windows 版本 (95/98/SE/Me) 并非如此.
Yes, pre-attaching a console seems to be the only current difference. If memory serves, that wasn't so much the case with the 16-bit based versions of Windows though (95/98/SE/Me).
旧版本的 NT 接受 POSIX 和 OS/2 子系统的其他值.
Older versions of NT accepted other values for the POSIX and OS/2 subsystems.
理论上,您可能能够使用 NT Native API 编写自己的子系统.虽然如果你看一下,周围有相当多的文档,但我完全不确定它是否足以完成这项任务.无论如何,Win32 子系统一直具有相当特殊"的状态,现在其他子系统都消失了,我完全不确定他们是否试图确保可以集成其他子系统.在 NT 4(例如)上,我会说困难,但几乎可以肯定".在当前版本的 Windows 上,我认为对内核进行某些更改会阻止其工作的可能性大约是偶数——并且远低于当前可用文档能够胜任除 MS 之外的任何人的任务的偶数可能性实现一个子系统.
In theory, you might be able to write your own subsystem using the NT Native API. Although there's a fair amount of documentation around for that if you look, I'm not at all sure it's sufficient to this task. The Win32 subsystem has always had rather a "special" status anyway, and now that the other subsystems are gone, I'm not at all sure they've even tried to assure that other subsystems can be integrated. On NT 4 (for one example) I'd have said "difficult but almost certainly possible". On a current version of Windows, I'd say there's about even odds that some change to the kernel would prevent it from working -- and much lower than even odds that the currently-available documentation would be up to the task of anybody but MS implementing a subsystem.
这篇关于PE头“子系统"的作用是什么?场地?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
