How do executables work at the bit / byte level?
I have a Windows 7 computer. I've heard that the Window executables use the PE format. I was trying to figure out how executables are built, so I opened one of them in a hex editor. They start with the heading "MZ" so the computer knows it's an .exe file. Most of them are not English. I also noticed that it had 3 "chunks" of 96 NULL characters in my particular file. Two of them were close to the beginning and one was at the end. It looks like this:
BrokenLink
This code uses the FASM assembler.
This is the code before compiling it:
BrokenLink
So my question is how do the binaries get put together. What happens with infinite NULL characters. Also, as it happens when editing the file's hex code and adding a byte, the data is "corrupted", but as it happens when you just change the byte, that's okay.
Thank you, so mkuh !!!
Christian
source to share
The format used by Windows is the Microsoft Portable Executable format. You can read the file specification to find out more .
So my question is how do the binaries get put together. What happens with infinite null characters. Also, when you edit the hexadecimal code of the file and the ADD bytes the data is "corrupted", but as it happens you just CHANGE the bytes, that's ok.
Portable executables follow a specific standard. You cannot just change the bytes, because that would cause the file to violate the standard.
Hence, adding bytes to arbitrary places can mess up the format. For example, PE files are made up of sections. These sections have a specific size, as defined in the section headings. The section header itself is a specific size with specific margins at specific offsets. Suppose you just added a byte to a section or section header, you are likely to damage the file by moving the margins to offsets they were not expecting, or make the section not the size originally set for it.
Changing the byte will change the value somewhere. Even then, you can mess things up. If you have a specific goal, you must point it, and we can probably point you in the best direction to pursue it.
source to share