I don't think the contents of executable files should be a mystery to programmers. Even if you aren't an Assembly programmer, it is probably good to understand the general layout and personality of Windows executables.
Therefore, as responses under this post, I am giving an example of a hex dump of a win32 Hello World program.
I've copied the names of the MZ header fields from:
Microsoft Portable Executable and Common Object File Format Specification
Revision 8.2 – September 21, 2010
for the rest of the executable image information.
As always, I am prone to mistakes. I've been working on this off and on for several days, and at this point am impatient to post, even though I haven't rechecked everything. If I notice mistakes, I'll edit the posts, and edit this post with a list of corrections.
Please feel free to respond to any of the posts with corrections, comments, or questions.
Note that this is not the most efficient possible Hello World program. For example, I chose to use the .rdata section for the constant initialized data. Had I just stuck it in the .text section, I think that I could have saved 4 KB of virtual address space and 1 KB in the executable file size (512 bytes for the section itself, and an extra 512 bytes, because 4 section table entries pushes the section table over the FileAlignment boundary). Or, the .rdata and .bss sections could have been combined into a .data section, also saving 4 KB of address space, but only 512 bytes of file size, I think.
Studying this did correct my understanding of DLL importing. I was under at least one mistaken impression.
P.S. As the forum uses a variable width font, you should probably copy the contents of the posts to notepad so that you can see them with a fixed width font. I recommend Lucida Console.
P.S. In the .idata section, I had written "WriteConsoleA" instead of "WriteConsoleW". The other edits have been relatively minor (mostly formatting).
|Response Title||Author and Date|
|hello.asm and build instructions.||on Feb 19, 6:03 PM|
|a little explanation of the source||on Feb 19, 8:38 PM|
|hello.map||on Feb 19, 6:05 PM|
|hello.obj||on Feb 19, 6:08 PM|
|hello.exe||on Feb 19, 6:11 PM|
|The DOS stub (including MZ header and DOS code)||on Feb 19, 6:16 PM|
|The PE signature and COFF header. (0x400080 to 0x400097)||on Feb 19, 6:21 PM|
|The Optional header (including the data directories). (0x400098 to 0x400177)||on Feb 19, 6:24 PM|
|The section table. (0x400178 to 0x400217)||on Feb 19, 6:36 PM|
|.text (0x401000 to 0x401053)||on Feb 19, 6:38 PM|
|.rdata (0x402000 to 0x40201d) and .bss (0x403000 to 0x403007)||on Feb 19, 6:41 PM|
|.idata (0x404000 to 0x404093)||on Feb 19, 6:42 PM|
|i had started to write an exe decompiler||stosb on May 13, 4:24 PM|