Portable Executable

Portable Executable
Portable Executable
Filename extension .cpl, .exe, .dll, .ocx, .sys, .scr, .drv
Developed by Microsoft
Type of format Binary, executable, object, shared libraries
Extended from DOS MZ executable
COFF

The Portable Executable (PE) format is a file format for executables, object code and DLLs, used in 32-bit and 64-bit versions of Windows operating systems. The term "portable" refers to the format's versatility in numerous environments of operating system software architecture. The PE format is a data structure that encapsulates the information necessary for the Windows OS loader to manage the wrapped executable code. This includes dynamic library references for linking, API export and import tables, resource management data and thread-local storage (TLS) data. On NT operating systems, the PE format is used for EXE, DLL, SYS (device driver), and other file types. The Extensible Firmware Interface (EFI) specification states that PE is the standard executable format in EFI environments.

PE is a modified version of the Unix COFF file format. PE/COFF is an alternative term in Windows development.

On Windows NT operating systems, PE currently supports the IA-32, IA-64, and x86-64 (AMD64/Intel64) instruction set architectures (ISAs). Prior to Windows 2000, Windows NT (and thus PE) supported the MIPS, Alpha, and PowerPC ISAs. Because PE is used on Windows CE, it continues to support several variants of the MIPS, ARM (including Thumb), and SuperH ISAs.

The main competitors to PE are ELF (used in Linux and most other versions of Unix) and Mach-O (used in Mac OS X).

Contents

Brief history

Microsoft migrated to the PE format with the introduction of the Windows NT 3.1 operating system. All later versions of Windows, including Windows 95/98/ME, support the file structure. The format has retained limited legacy support to bridge the gap between DOS-based and NT systems. For example, PE/COFF headers still include an MS-DOS executable program, which is by default a stub that displays the simple message "This program cannot be run in DOS mode" (or similar). PE also continues to serve the changing Windows platform. Some extensions include the .NET PE format (see below), a 64-bit version called PE32+ (sometimes PE+), and a specification for Windows CE.

Technical details

Layout

A PE file consists of a number of headers and sections that tell the dynamic linker how to map the file into memory. An executable image consists of several different regions, each of which require different memory protection; so the start of each section must be aligned to a page boundary. For instance, typically the .text section (which holds program code) is mapped as execute/readonly, and the .data section (holding global variables) is mapped as no-execute/readwrite. However, to avoid wasting space, the different sections are not page aligned on disk. Part of the job of the dynamic linker is to map each section to memory individually and assign the correct permissions to the resulting regions, according to the instructions found in the headers.

Import Table

One section of note is the import address table (IAT), which is used as a lookup table when the application is calling a function in a different module. It can be in form of both import by ordinal and import by name. Because a compiled program cannot know the memory location of the libraries it depends upon, an indirect jump is required whenever an API call is made. As the dynamic linker loads modules and joins them together, it writes actual addresses into the IAT slots, so that they point to the memory locations of the corresponding library functions. Though this adds an extra jump over the cost of an intra-module call resulting in a performance penalty, it provides a key benefit: The number of memory pages that need to be copy-on-write changed by the loader is minimized, saving memory and disk I/O time. If the compiler knows ahead of time that a call will be inter-module (via a dllimport attribute) it can produce more optimized code that simply results in an indirect call opcode.

Relocations

PE files do not contain position-independent code. Instead they are compiled to a preferred base address, and all addresses emitted by the compiler/linker are fixed ahead of time. If a PE file cannot be loaded at its preferred address (because it's already taken by something else), the operating system will rebase it. This involves recalculating every absolute address and modifying the code to use the new values. The loader does this by comparing the preferred and actual load addresses, and calculating a delta value. This is then added to the preferred address to come up with the new address of the memory location. Base relocations are stored in a list and added, as needed, to an existing memory location. The resulting code is now private to the process and no longer shareable, so many of the memory saving benefits of DLLs are lost in this scenario. It also slows down loading of the module significantly. For this reason rebasing is to be avoided wherever possible, and the DLLs shipped by Microsoft have base addresses pre-computed so as not to overlap. In the no rebase case PE therefore has the advantage of very efficient code, but in the presence of rebasing the memory usage hit can be expensive. This contrasts with ELF which uses fully position independent code and a global offset table, which trades off execution time against memory usage in favor of the latter.

.NET, metadata, and the PE format

Microsoft's .NET Framework has extended the PE format with features which support the Common Language Runtime (CLR). Among the additions are a CLR Header and CLR Data section. Upon loading a binary, the OS loader yields execution to the CLR via a reference in the PE/COFF IMPORT table. The CLR then loads the CLR Header and Data sections.

The CLR Data section contains two important segments: Metadata and Intermediate Language (IL) code:

  • Metadata contains information relevant to the assembly, including the assembly manifest. A manifest describes the assembly in detail including unique identification (via a hash, version number, etc.), data on exported components, extensive type information (supported by the Common Type System (CTS)), external references, and a list of files within the assembly. The CLR environment makes extensive use of metadata.
  • Intermediate Language (IL) code is abstracted, language independent code that satisfies the .NET CLR's Common Intermediate Language (CIL) requirement. The term "Intermediate" refers to the nature of IL code being cross-language and cross-platform compatible. This intermediate language, similar to Java bytecode, allows platforms and languages to support the common .NET CLR. IL supports object-oriented programming (polymorphism, inheritance, abstract types, etc.), exceptions, events, and various data structures.

Use on other operating systems

The PE format is also used by ReactOS, as ReactOS is intended to be binary-compatible with Windows. It has also historically been used by a number of other operating systems, including SkyOS and BeOS R3. However, both SkyOS and BeOS eventually moved to ELF.

As the Mono development platform intends to be binary compatible with Microsoft .NET, it uses the same PE format as the Microsoft implementation.

On x86, Unix-like operating systems, some Windows binaries (in PE format) can be executed with Wine. The HX DOS Extender also uses the PE format for native DOS 32-bit binaries, plus it can to some degree execute existing Windows binaries in DOS, thus acting like a Wine for DOS.

Mac OS X 10.5 has the ability to load and parse PE files, but is not binary compatible with Windows.[1]

See also

References

  1. ^ Chartier, David (2007-11-30). "Uncovered: Evidence that Mac OS X could run Windows apps soon". Ars Technica. http://arstechnica.com/journals/apple.ars/2007/11/30/uncovered-evidence-that-mac-os-x-could-run-windows-apps-soon. Retrieved 2007-12-03. "... Steven Edwards describes the discovery that Leopard apparently contains an undocumented loader for Portable Executables, a type of file used in 32-bit and 64-bit versions of Windows. More poking around revealed that Leopard's own loader tries to find Windows DLL files when attempting to load a Windows binary." 

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Portable Executable — File Format Le format de fichier PE (Portable Executable File Format) est un format de fichier binaire informatique utilisé pour l enregistrement de code compilé (exécutable, bibliothèques). Il a été développé par Microsoft pour les fichiers… …   Wikipédia en Français

  • Portable Executable — beschreibt ein Binärformat ausführbarer Programme. Es ist das Dateiformat, das bei Win32 und Win64 Systemen für ausführbare Dateien verwendet wird. Es basiert auf dem COFF Binärformat [1]. Mögliche Dateiendungen sind zum Beispiel: .exe –… …   Deutsch Wikipedia

  • Portable Executable — Переносимый исполняемый файл Расширение .exe, .dll, .ocx, .sys, .scr, .drv, .cpl Сигнатура MZ (опционально), PE Разработан Microsoft Тип формата двоичный, исполняемый, объектный …   Википедия

  • Portable Executable File Format — Portable Executable Extension .cpl, .exe, .dll, .ocx, .sys, .scr, .drv Type de format Binaire, Exécutable, Code Objet, DLL Extension du MZ DOS Executable COF …   Wikipédia en Français

  • Exécutable Windows — Portable Executable File Format Le format de fichier PE (Portable Executable File Format) est un format de fichier binaire informatique utilisé pour l enregistrement de code compilé (exécutable, bibliothèques). Il a été développé par Microsoft… …   Wikipédia en Français

  • Executable compression — is any means of compressing an executable file and combining the compressed data with the decompression code it needs into a single executable.Running a compressed executable essentially unpacks the original executable code, then transfers… …   Wikipedia

  • Executable And Linking Format — ELF (Executable and Linking Format) est un format de fichier informatique binaire utilisé pour l enregistrement de code compilé (objets, exécutables, bibliothèques de fonctions). Il a été développé par l’USL (Unix System Laboratories) pour… …   Wikipédia en Français

  • Executable and Linkable Format — Executable and Linking Format ELF (Executable and Linking Format) est un format de fichier informatique binaire utilisé pour l enregistrement de code compilé (objets, exécutables, bibliothèques de fonctions). Il a été développé par l’USL (Unix… …   Wikipédia en Français

  • Executable and Linking Format — Extension aucune, .o, .so, .exe, .elf Développé par Unix System Laboratories Type de format Format de fichier exécutable Spécification Format ouvert …   Wikipédia en Français

  • Executable and linking format — ELF (Executable and Linking Format) est un format de fichier informatique binaire utilisé pour l enregistrement de code compilé (objets, exécutables, bibliothèques de fonctions). Il a été développé par l’USL (Unix System Laboratories) pour… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”