What is an EXE File?
EXE File English full name executable file, translated as executable file, portable executable (PE) file format file, it can be loaded into memory and executed by the operating system loader, can be floating in the operating system storage space Executable program. For example, notepad program notepad.exe can be used to edit documents, such as: test.txt double-click to open notepad.exe notepad program for editing.
- EXE File An executable program that can be floatingly located in the operating system storage space.
- The EXE file is divided into two parts: the EXE file header and the program body. The exe file is relatively complex and belongs to a multi-segment structure, which is one of the most successful and complex designs of DOS. Each exe file contains a file header and an image of a relocatable program. The file header contains information that MS-DOS uses to load the program, such as the size of the program and the initial values of the registers. The file header also points to a relocation table containing a linked list of pointers to the addresses of relocatable segments in the program image. MS-DOS loads the exe program by copying the image directly from the file into memory, and then adjusts the relocatable segment address described in the positioning table. The positioning table is an array of relocation pointers, each of which points to a relocatable segment address in the program image [1]
- The EXEHEADER ENDS program image contains the processor code and the initial data of the program.
- The generated program cannot see the source code, but you can see the resources of that program. Use E-Code Explorer to disassemble and debug the easy-format executable file generated by easy language compilation. Analyze the internal structure and view the data in it. .
[Feature introduction]
1. Format analysis: Analyze the overall structure of the easy format executable file, and view the data of the corresponding item. The PE bones (PE heads) and the easy-to-form primitives were analyzed separately and clearly displayed in a tree structure, supplemented by detailed analysis tables.
2. Disassembly analysis: fast static disassembly easy format executable file. Provides convenient code preview of jump and call target addresses.
3. Form analysis: Analyze the form data contained in the easy format executable file. The subordinate structure of the window unit is clearly displayed in a tree structure. Detailed control property display, accurate event processing function positioning, and convenient switch to disassembly mode, so that users can immediately enter the event function space to be debugged, avoiding wasting time in the runtime space This is necessary for debugging non-linear event-driven programs.
4. Symbol modification: You can call the easy language support library as a symbol table to modify the disassembled code. You can directly analyze the method called by the function, the attribute of the operation, the constants used, basic data types, and custom data. Type and window unit. Greatly improves the readability of the code.
5. Internal data analysis: can analyze the constants, API functions, services, and support libraries used by the program.
6. Multiple loading methods: support loading from files and loading disassembly directly from the memory of a process. Appending directly from the process list can avoid some debugging difficulties caused by AntiDebug.
7. Support multiple formats: support standard PE executable files, easy format original files, other types of easy format files. Both are correctly analyzed.
8. Easy-format capturer: For easy-format executable files with unknown shells (such as packaged and packaged by other means), it can be analyzed quickly and easily.
9. Provide hexadecimal file viewing function.
10. Provide a variety of auxiliary tools to complete functions such as dumping easy format primitives from memory, repairing relocation information, and generating EXE files from easy format primitives.
11. Both analysis results and disassembly results can be directly exported to generate report files.
12. Support custom disassembly, HEX viewing environment color, you can choose your favorite color to read the code.
13. Detailed analysis settings, you can set the most suitable debugging environment.
14. Provide file drag and drop function for direct analysis or debugging.
15. Support for obtaining files to be analyzed from the command line [3]
- When using a mailbox or qq to transfer files, if the file type is an exe file. Normally servers do not allow transmission, and even report errors as viruses. For this, you can compress the .exe file or modify the extension (such as .ex3) before transferring.