The anatomy of a win32 Hello World program.

by (Login MCalkins)
ASM Forum

 
I don't think the contents of executable files should be a mystery to programmers. Even if you aren't an Assembly programmer, it is probably good to understand the general layout and personality of Windows executables.

Therefore, as responses under this post, I am giving an example of a hex dump of a win32 Hello World program.

I've copied the names of the MZ header fields from:

http://www.fileformat.info/format/exe/corion-mz.htm

And used:

pecoff_v8.docx
Microsoft Portable Executable and Common Object File Format Specification
Revision 8.2 – September 21, 2010

for the rest of the executable image information.

As always, I am prone to mistakes. I've been working on this off and on for several days, and at this point am impatient to post, even though I haven't rechecked everything. If I notice mistakes, I'll edit the posts, and edit this post with a list of corrections.

Please feel free to respond to any of the posts with corrections, comments, or questions.

Note that this is not the most efficient possible Hello World program. For example, I chose to use the .rdata section for the constant initialized data. Had I just stuck it in the .text section, I think that I could have saved 4 KB of virtual address space and 1 KB in the executable file size (512 bytes for the section itself, and an extra 512 bytes, because 4 section table entries pushes the section table over the FileAlignment boundary). Or, the .rdata and .bss sections could have been combined into a .data section, also saving 4 KB of address space, but only 512 bytes of file size, I think.

Studying this did correct my understanding of DLL importing. I was under at least one mistaken impression.

Regards,
Michael

P.S. As the forum uses a variable width font, you should probably copy the contents of the posts to notepad so that you can see them with a fixed width font. I recommend Lucida Console.

P.S. In the .idata section, I had written "WriteConsoleA" instead of "WriteConsoleW". The other edits have been relatively minor (mostly formatting).



    
This message has been edited by MCalkins on Feb 20, 2012 12:34 AM
This message has been edited by MCalkins on Feb 19, 2012 9:04 PM
This message has been edited by MCalkins on Feb 19, 2012 8:42 PM
This message has been edited by MCalkins on Feb 19, 2012 6:47 PM

Posted on Feb 19, 2012, 5:56 PM

Respond to this message   

Return to Index

Response TitleAuthor and Date
hello.asm and build instructions. on Feb 19, 6:03 PM
 a little explanation of the source on Feb 19, 8:38 PM
hello.map on Feb 19, 6:05 PM
hello.obj on Feb 19, 6:08 PM
hello.exe on Feb 19, 6:11 PM
 The DOS stub (including MZ header and DOS code) on Feb 19, 6:16 PM
 The PE signature and COFF header. (0x400080 to 0x400097) on Feb 19, 6:21 PM
 The Optional header (including the data directories). (0x400098 to 0x400177) on Feb 19, 6:24 PM
 The section table. (0x400178 to 0x400217) on Feb 19, 6:36 PM
 .text (0x401000 to 0x401053) on Feb 19, 6:38 PM
 .rdata (0x402000 to 0x40201d) and .bss (0x403000 to 0x403007) on Feb 19, 6:41 PM
 .idata (0x404000 to 0x404093) on Feb 19, 6:42 PM
i had started to write an exe decompilerstosb on May 13, 4:24 PM

 Copyright © 1999-2014 Network54. All rights reserved.   Terms of Use   Privacy Statement