MSDN has an article "An In-Depth Look into the Win32 Portable Executable File Format" that describes the structure of an executable file.

MSDN 有一篇文章“深入了解 Win32 可移植可执行文件格式”，它描述了可执行文件的结构。

Basically, a .exe contains several blobs of data and instructions on how they should be loaded into memory. Some of these sections happen to contain machine code that can be executed (other sections contain program data, resources, relocation information, import information, etc.)

基本上，一个 .exe 包含几个数据块和关于如何将它们加载到内存中的说明。其中一些部分恰好包含可以执行的机器代码（其他部分包含程序数据、资源、重定位信息、导入信息等）

I suggest you get a copy of Windows Internalsfor a full description of what happens when you run an exe.

我建议您获取一份Windows Internals的副本，以获取有关运行 exe 时发生的情况的完整描述。

For a native executable, the machine code is platform specific. The .exe's header indicates what platform the .exe is for.

对于本机可执行文件，机器代码是特定于平台的。.exe 的标头指示 .exe 适用于哪个平台。

When running a native .exe the following happens (grossly simplified):

运行本机 .exe 时会发生以下情况（大大简化）：

• A process object is created.
• The exe file is read into that process's memory. Different sections of the .exe (code, data, etc.) are mapped in separately and given different permissions (code is execute, data is read/write, constants are read-only).
• Relocations occur in the .exe (addresses get patched if the .exe was not loaded at its preferred address.)
• The import table is walked and dependent DLL's are loaded.
• DLL's are mapped in a similar method to .exe's, with relocations occuring and their dependent DLL's being loaded. Imported functions from DLL's are resolved.
• The process starts execution at an initial stub in NTDLL.
• The initial loader stub runs the entry points for each DLL, and then jumps to the entry point of the .exe.

• 一个进程对象被创建。
• exe 文件被读入该进程的内存中。.exe 的不同部分（代码、数据等）分别映射并赋予不同的权限（代码是执行，数据是读/写，常量是只读的）。
• 重定位发生在 .exe 中（如果 .exe 未在其首选地址加载，则地址将被修补。）
• 遍历导入表并加载依赖的 DLL。
• DLL 以与 .exe 类似的方法映射，发生重定位并加载它们的依赖 DLL。解决了从 DLL 中导入的函数。
• 该进程在 NTDLL 中的初始存根处开始执行。
• 初始加载程序存根运行每个 DLL 的入口点，然后跳转到 .exe 的入口点。

Managed executables contain MSIL (Microsoft Intermediate Language) and may be compiled so they can target any CPU that the CLR supports. I am not that familiar with the inner workings of the CLR loader (what native code initially runs to boot strap the CLR and start interpreting the MSIL) - perhaps someone else can elaborate on that.

托管可执行文件包含 MSIL（Microsoft 中间语言）并且可以编译，以便它们可以针对 CLR 支持的任何 CPU。我不太熟悉 CLR 加载程序的内部工作原理（最初运行本机代码以引导 CLR 并开始解释 MSIL）——也许其他人可以详细说明。

I can tell you what the first two bytes in .exe files contain - 'MZ'. i mean the characters 'MZ'.

我可以告诉你 .exe 文件中的前两个字节包含什么 - 'MZ'。我的意思是字符'MZ'。

It actually represents: Mark Zbikowski. The guy who designed the exe file format.

它实际上代表：Mark Zbikowski。设计exe文件格式的家伙。

http://en.wikipedia.org/wiki/Mark_Zbikowski

http://en.wikipedia.org/wiki/Mark_Zbikowski

1's and 0's!

1和0！

This wikipedia linkwill give you all the info you need on the Portable Executable format used for Windows applications.

此维基百科链接将为您提供有关用于 Windows 应用程序的可移植可执行文件格式的所有信息。

An EXE file is really a type of file known as a Portable Executable. It contains binary data, which can be read by the processor and executed (essentially x86 instructions.) There's also a lotof header data and other miscellaneous content. The actual executable code is located in a section called .text, and is stored as machine instructions (processor specific). This code (as well as other parts of the .EXE) are put into memory, and the CPU is sent to it, where it starts executing. (Note that there's much more interfaces actually happening; this is a simplified explanation).

EXE 文件实际上是一种称为便携式可执行文件的文件类型。它包含二进制数据，可以被处理器读取并执行（主要是 x86 指令）。还有很多头数据和其他杂项内容。实际的可执行代码位于名为 的部分中.text，并存储为机器指令（特定于处理器）。这段代码（以及 .EXE 的其他部分）被放入内存，然后 CPU 被发送到它，并在那里开始执行。（请注意，实际发生的接口要多得多；这是一个简化的解释）。