Executable
An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.
There are multiple families of executable files:
- Scripts; e.g. shell scripts, batch scripts (.bat)
- DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
- EFI fat binary; roughly a 48-byte header and 2x MZ-PE/COFF
- ELF
- Mach-O
External Links
- Wikipedia: Executable
- Anatomy of a Program in Memory, by Gustavo Duarte, January 27, 2009
- Extracting Compiler Provenance from Program Binaries, by Nathan E. Rosenblum, Barton P. Miller, Xiaojin Zhu, June 2010
- Journey to the Stack, Part I, by Gustavo Duarte, March 10, 2014
MZ, PE/COFF
- Wikipedia: Portable Executable
- Microsoft PE and COFF Specification
- Peering Inside the PE: A Tour of the Win32 Portable Executable File Format, by Matt Pietrek, March 1994
- An In-Depth Look into the Win32 Portable Executable File Format, by Matt Pietrek, February 2002
- MZ, PE-COFF executable file format (EXE), by the libexe project, October 2011
- The Internal of Reloc .text, Full Disclosure Mailing list, October 21, 2013
DBG, PDB
- Wikipedia: Program database
- Matching Debug Information, by debuginfo.com
- Public and Private Symbols, by Microsoft
- DbgHelp Structures, by Microsoft
- Internet Archive: Microsoft Symbol and Type Information, by Microsoft
- Stream Descriptions, pdbparse project
- libmsdebug, by the MinGW project
- The Types Stream, by Brendan Dolan-Gavitt, October 4, 2007
Minidump
- MSDN: MINIDUMP_HEADER structure
- minidump_format.h, by Google, 2006
- Parsing Windows Minidumps, by Brendan Dolan-Gavitt, May 7, 2008
- Format of a minidump (mdmp) file, Internet Archive: StackHash blog, May 16, 2011
Mach-O
Tools
MZ, PE/COFF
- pefile, multi-platform Python module to read and work with Portable Executable (aka PE) files
PDB
- pdbparse, Open-source parser for Microsoft debug symbols (PDB files)
Minidump
- Dumpchk.exe, by Microsoft
- minidump, Python library to parse and read Microsoft minidump file format