For any compiled program to execute, it must communicate some
information to its host operating system. The operating system will need to know the
entry point of the program (the first instruction that should execute when the program
is started), the desired memory layout of the program including the location of code and
data, and what libraries the program will need access to while it is executing. All of this
information is contained within an executable file and is generated during the compilation
and linking phases of the program??™s development. Loaders interpret these executable
files to communicate the required information to the operating system when a file
is executed. Two common executable file formats are the Portable Executable (PE) file
Gray Hat Hacking: The Ethical Hacker??™s Handbook
292
PART IV
Chapter 12: Passive Analysis
293
format used for Microsoft Windows executables, and the Executable and Linking Format
(ELF) used by Linux and other Unix variants. Disassemblers function by interpreting
these executable file formats (in a manner similar to the operating system loader) to
learn the layout of the executable, and then processing the instruction stream starting
from the entry point to break the executable down into its component functions.
Pages:
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532