How exactly do executables work?

Asked 24/10, 2009 at 2:43 Answered 24/10, 2009 at 3:12

I know that executables contain instructions, but what exactly are these instructions? If I want to call the MessageBox API function for example, what does the instruction look like?

Thanks.

Weevil answered 24/10, 2009 at 2:43 Comment(0)

Executables are binary files that are understood by the operating system. The executable will contain sections which have data in them. Windows uses the PE format. The PE Format has a section which has machine instructions. These instructions are just numbers which are ordered in a sequence and is understood by the CPU.

A function call to MessageBox(), would be a sequence of instructions which will

1) have the address of the function which is in a DLL. This address is put in by the compiler

2) instructions to "push" the parameters onto a stack

3) The actual function call

4) some sort of cleanup (depends on the calling convention).

Its important to remember that EXE files are just specially formatted files. I dont have a disassembly for you, but you can try compiling your code, then open your EXE in visual studio to see the disassembly.

Grandstand answered 24/10, 2009 at 2:51 Comment(8)

Thank for you answer, but Wikipedia says that DLL file uses the PE format either. Why is that? – Weevil 24/10, 2009 at 2:54

And how exactly it "pushes" that parameters? I know from PE Explorer that the DLL saves the function and the size of its parameters, for example 8 bytes can be int,int. – Weevil 24/10, 2009 at 2:56

A DLL can also contain executable code that EXEs can use at run time - hence the name "dynamic link library". – Hearing 24/10, 2009 at 2:57

Yes, windows is flexible. A DLL in windows is similar to an EXE but doesnt have an entry point. Basically, its like an EXE which cannot be run. DLL's also have other features like function address which can be called from outside the DLL. The PE format is flexible and is extended to even contain .NET code, resource files, etc. – Grandstand 24/10, 2009 at 2:58

DLLs can be executable in some cases, bot directly by 'running it' but via abother process/executable. – Dani 24/10, 2009 at 2:58

The Pushing of the parameters is following the calling convention. Its too complicated to explain here. Here is a link about it en.wikipedia.org/wiki/Calling_convention Basically, there is a stack for every thread. When you call a function, parameters are put on this stack. The function or the caller needs to clean up after the call. This behavior can be changed using certain modifiers in C/C++. – Grandstand 24/10, 2009 at 3:1

Calling convention looks really complicated, but it's really interesting. Thank you. – Weevil 24/10, 2009 at 3:4

Concerning #2: How do those instructions relate to the numbered machine instructions in a sequence in the PE format? – Unconventional 8/11, 2013 at 20:10

That is a bloated question if I ever saw one. BUT, I will try my best to give an overview. In a binary executable there are these things called "byte codes", byte codes are just the hex represtation of an instruction. Commonly you can "look up" byte codes and convert them to Assembly instructions. For example: The instruction:

mov ax, 2h

Has the byte code representation:

B8 02 00

The byte codes get loaded into RAM and executed by the processer as that is its "language". No one sane that I know programs in byte code, it would just be wayyyy to complicated. Assembly is...fun enough as it is. Whenever you compile a program in a higher level language it has to take your code and turn it into Assembly instructions, you just imagine how mangled your code would look after it compiles it. Don't get me wrong, compilers are great, but disassemble a C++ program with IDA Pro Freeware and you will see what I am talking about. That is executables in a nutshell, there are certainly books written on this subject. I am not a Windows API expert, but someone else can show you what the instruction would look like for calling the Windows API "MessageBox". It should only be a few lines of Assembly.

Caryncaryo answered 24/10, 2009 at 3:12 Comment(0)

Whatever code is written (be it in C or some other language) is compiled by a compiler to a special sort of language called assembly (well, machine code, but they're very close). Assembly is a very low-level language, which the CPU executes natively. Normally, you don't program in assembly because it is so low-level (for example, you don't want to deal with pulling bits back and forth from memory).

I can't say about the MessageBox function specifically, but I'd guess that it's a LOT of instructions. Think about it: it has to draw the box, and style it however your computer styles it, and hook up an even handler so that something happens when the user clicks the button, tells Windows (or whatever operating system) to add it to the taskbar (or dock, etc), and so many other things.

Neckline answered 24/10, 2009 at 2:51 Comment(0)

-8

It depends on the language that you are working in. But for many it is as simple as...

msgbox("Your message goes here")

alert("Your message goes here")

Watson answered 24/10, 2009 at 2:47 Comment(1)

I didn't really think you understand my question, I meant after compilation, how these instructions look like? – Weevil 24/10, 2009 at 2:49

Recommended topics

Hot tags