(Login MCalkins) ASM Forum Posted Feb 19, 2012 5:56 PM
I don't think the contents of executable files should be a mystery to programmers. Even if you aren't an Assembly programmer, it is probably good to understand the general layout and personality of Windows executables.
Therefore, as responses under this post, I am giving an example of a hex dump of a win32 Hello World program.
I've copied the names of the MZ header fields from:
pecoff_v8.docx
Microsoft Portable Executable and Common Object File Format Specification
Revision 8.2 – September 21, 2010
for the rest of the executable image information.
As always, I am prone to mistakes. I've been working on this off and on for several days, and at this point am impatient to post, even though I haven't rechecked everything. If I notice mistakes, I'll edit the posts, and edit this post with a list of corrections.
Please feel free to respond to any of the posts with corrections, comments, or questions.
Note that this is not the most efficient possible Hello World program. For example, I chose to use the .rdata section for the constant initialized data. Had I just stuck it in the .text section, I think that I could have saved 4 KB of virtual address space and 1 KB in the executable file size (512 bytes for the section itself, and an extra 512 bytes, because 4 section table entries pushes the section table over the FileAlignment boundary). Or, the .rdata and .bss sections could have been combined into a .data section, also saving 4 KB of address space, but only 512 bytes of file size, I think.
Studying this did correct my understanding of DLL importing. I was under at least one mistaken impression.
Regards,
Michael
P.S. As the forum uses a variable width font, you should probably copy the contents of the posts to notepad so that you can see them with a fixed width font. I recommend Lucida Console.
P.S. In the .idata section, I had written "WriteConsoleA" instead of "WriteConsoleW". The other edits have been relatively minor (mostly formatting).