Hi guys ! I am new here, but i ve been more or less programming in inline assembler for quite a while...with VC++ that is

I need to find infrormation about the way Windows exe file are structured, and especially important is how does Windows load the exe file into memory and execute it.
Also, does it alter any parts of the file in memory, f.e. memory locations and such ? Any virtual to physical memory mapping ?

Another question is: When we deal with memory in Windows, those are virtual addresses not physical right ? Also does Windows use segment registers for any purpose ?

Thanks in advance !
Posted on 2003-06-22 07:45:18 by Amn
I think you can start by reading the PE tutorial written by Icezlion.

When windows load a PE, it read ths section information and maps it into the memory (according to the value set in the imagebase, which usually is 40000h). Then the exe is executed according to the entrypoint (add the value of the entrypoint to the value of the imagebase and windows execute from there).

All I know is that fs is used for tib and seh.
Posted on 2003-06-22 08:51:26 by roticv
Thank a lot. But where is that tutorial to be found ?

And sorry i am not THAT 733t h0x0r, i dont know what is tib, seh and imagebase ? :) I ve only used inline assembly which is kind of simple when one is not a big expert in hardware architecture.
Posted on 2003-06-22 09:14:01 by Amn
http://win32asm.cjb.net
Tutorial Section -> PE Tutorials
Posted on 2003-06-22 09:58:24 by SFP
Here's the complete PE tutorials by Iczelion. http://win32assembly.online.fr/files/pe-tuts.zip

And sorry i am not THAT 733t h0x0r, i dont know what is tib, seh and imagebase ? :) I ve only used inline assembly which is kind of simple when one is not a big expert in hardware architecture.


Well you heard of entrypoint I suppose? Imagebase is one of the value in the structures of PE format, IMAGE_NT_HEADER if I remember correctly. tib is the thread information block or something like that. (Waiting for f0dder to post something related to it, since I suppose he is the best man in explaining it.)

Some links with relations to TIB/TEB (searching msdn)
http://www.microsoft.com/msj/archive/S2CE.aspx

Links related to SEH (structured execption handling)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/frame_based_exception_handling.asp

PS I have attached the pecoff document by microsoft for you to read.
Posted on 2003-06-22 09:59:03 by roticv