Hubbry Logo
ExecutableExecutableMain
Open search
Executable
Community hub
Executable
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Executable
Executable
Executable
View on Wikipedia
from Wikipedia

Program execution
General concepts
Types of code
Compilation strategies
Notable runtimes
Notable compilers & toolchains
A hex dump of an executable real mode loader. The first column consists of addresses of the first byte in the second column, which comprises bytes of data in hexadecimal notation (least significant byte first), and the last column consists of the corresponding ASCII form.[1]

In computing, an executable is a resource that a computer can use to control its behavior. As with all information in computing, it is data, but distinct from data that does not imply a flow of control.[2] Terms such as executable code, executable file, executable program, and executable image describe forms in which the information is represented and stored. A native executable is machine code and is directly executable at the instruction level of a CPU.[3][4] A script is also executable although indirectly via an interpreter. Intermediate executable code (such as bytecode) may be interpreted or converted to native code at runtime via just-in-time compilation.

Native executable

[edit]

Even though it is technically possible to write a native executable directly in machine language, it is generally not done. It is far more convenient to develop software as human readable source code and to automate the generation of machine code via a build toolchain. Today, most source code is a high-level language although it is still possible to use assembly language which is closely associated with machine code instructions. Many toolchains consist of a compiler that generates native code as a set of object files and a linker that generates a native executable from the object and other files. For assembly language, typically the translation tool is called an assembler instead of a compiler.

Object files are typically stored in a digital container format that supports structure in the machine code – such as Executable and Linkable Format (ELF) or Portable Executable (PE), depending on the computing context.[5] The format may support segregating code into sections such as .text (executable code), .data (initialized global and static variables), and .rodata (read-only data, such as constants and strings).

Executable files typically include a runtime system, which implements runtime language features (such as task scheduling, exception handling, calling static constructors and destructors, etc.) and interactions with the operating system, notably passing arguments, environment, and returning an exit status, together with other startup and shutdown features such as releasing resources like file handles. For C, this is done by linking in the crt0 object, which contains the actual entry point and does setup and shutdown by calling the runtime library.[6] Executable files thus may contain significant code beyond that directly generated from the source code. In some cases, it is desirable to omit this, for example for embedded systems. In C, this can be done by omitting the usual runtime, and instead explicitly specifying a linker script, which generates the entry point and handles startup and shutdown, such as calling main to start and returning exit status to the kernel at the end.[7]

To be executable, a file must conform to the system's application binary interface (ABI). In simple interfaces, a file is executed by loading it into memory and jumping to the start of the address space and executing from there.[8] In more complicated interfaces, executable files have additional metadata, which may specify relocations to be performed when the program is loaded, or the entry point address at which to start execution.[9]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Executable

View on Grokipedia
from Grokipedia
In , an executable is a file that contains a program, consisting of machine-readable instructions and that can be loaded into and directly executed by a computer's operating or processor. These files instruct the to perform specific tasks, such as running applications or processes, and are typically inert until invoked. Executables take the form of compiled binary files, which hold optimized for a particular . Executable files are essential components of and execution across operating systems, with standardized formats ensuring compatibility and efficient loading. For Microsoft Windows, the (PE) format structures these files to include headers, code sections, and resources, allowing the system to map them into process address space. On Unix-like systems such as , the (ELF) serves a similar role, organizing object code, symbols, and relocation data for dynamic linking and execution. Apple's macOS uses the format, which supports both executables and shared libraries with provisions for fat binaries that run on multiple architectures. The PE format evolved from the earlier Common Object File Format (COFF), while ELF and Mach-O have distinct historical developments. Beyond technical structure, executables play a critical role in and portability, as they must be verified for integrity before execution to prevent infection. Operating systems employ mechanisms like digital signatures and to authenticate executables, reducing risks from unauthorized or tampered files. As computing has advanced, executables have adapted to support , , and cross-platform execution, enabling software to run seamlessly across diverse hardware and environments.

Definition and Fundamentals

Core Concept

An executable is a file or program segment containing or that a (CPU) or can directly execute to perform specified tasks, in contrast to which must be processed further or scripts which require an interpreter at runtime. This form encodes instructions in a binary format native to the hardware or a managed runtime environment, allowing the computer to carry out operations without additional translation steps during execution. Executables differ from non-executable files, such as or data files, by being pre-processed into a ready-to-run state that includes structural elements like headers for metadata, entry points, and dependency information, enabling direct loading into for execution. Unlike human-readable , which is written in high-level languages and requires compilation or interpretation, or plain-text scripts that are executed line-by-line by an interpreter, executables represent a compiled or assembled output optimized for efficient hardware-level processing. In the software lifecycle, an executable serves as the final output of the build process, transforming developer-written into a standalone artifact that can be distributed and run independently on compatible systems. This role enables programs to operate without needing the original source or development tools present, facilitating deployment across environments. For example, a basic "Hello World" program assembled from low-level instructions produces a compact binary executable that outputs the message upon running, whereas an equivalent Python script remains as interpreted text requiring a runtime environment like the Python interpreter to execute.

Key Characteristics

Executables feature a modular internal structure designed to facilitate loading and execution by the operating system. At the core is a header that provides essential metadata, including a magic number to identify the —such as 0x7F 'E' 'L' 'F' for ELF files or the "PE\0\0" signature for Portable Executable (PE) files—along with details on the file's , , and layout of subsequent sections. Following the header, the file is divided into sections, each serving a distinct purpose: the .text section contains the instructions, marked as read-only to prevent modification; the .data section holds initialized global and static variables; the .bss section reserves space for uninitialized variables, which are zeroed at runtime; and a symbol table section stores references to functions and variables for linking and . This segmented organization allows tools like linkers and loaders to efficiently parse and map the file into memory. Portability of executables is inherently limited by dependencies on the target CPU architecture and operating system. For instance, binaries compiled for x86 architectures use a different instruction set than those for , rendering them incompatible without recompilation or emulation. Additionally, operating system variations introduce challenges such as —where x86 systems typically employ little-endian byte ordering while some others use big-endian—and differing calling conventions that dictate how function parameters are passed between caller and callee. These factors necessitate architecture-specific and OS-specific builds to ensure correct execution, as mismatches can lead to crashes or . Key attributes of executables include mechanisms that enhance security and stability during runtime. The (.text) is configured with read-only and executable permissions, preventing accidental or malicious writes to instructions while allowing the CPU to fetch and execute them. In contrast, data segments (.data and .bss) are granted read-write permissions for variable modifications but are non-executable to mitigate risks. Runtime memory is further segregated into stack and heap regions: the stack, used for local variables and function calls, operates on a last-in-first-out basis with automatic allocation and deallocation; the heap, for dynamic allocations via functions like malloc, grows as needed and requires explicit management to avoid leaks or overflows. This separation ensures efficient resource use and isolation of execution contexts. The size of an executable binary is influenced by optimization techniques applied during compilation and linking, which balance performance, functionality, and efficiency. , a common optimization, removes unused functions, variables, and instructions that are never reached, directly reducing the final and improving load times— for example, interprocedural can significantly reduce code size in large programs by identifying unreferenced sections. Other factors include the inclusion of debug symbols (which can be stripped post-build), alignment padding for hardware requirements, and the embedding of runtime libraries, all of which contribute to variability in binary footprint across builds. These optimizations prioritize minimalism without sacrificing correctness, making executables more suitable for distribution and deployment.

Creation Process

Compilation and Linking

The compilation phase of creating an executable begins with translating high-level , such as or C++, into machine-readable object files using a like the GNU Compiler Collection (GCC). This process involves multiple sub-phases in the 's frontend: , where the source code is scanned to identify tokens such as keywords, identifiers, and operators while ignoring whitespace and comments; syntax analysis or , which checks the token sequence against the language's grammar to build a representing the program's structure; and semantic analysis, which verifies type compatibility, scope rules, and other meaning-related aspects to ensure the code is valid beyond syntax. Following these, the generates intermediate code, applies optimizations to improve efficiency (such as or ), and produces target-specific assembly code through the backend's code generation phase. The assembly step converts the generated assembly code into relocatable object files, typically using the GNU Assembler (as), which translates low-level instructions into binary while preserving relocation information for unresolved addresses and symbols. These object files contain the program's segments, data, and symbol tables but are not yet executable, as external references (like function calls to libraries) remain unresolved. In the linking phase, a linker such as GNU ld combines multiple object files and libraries into a single executable image by resolving symbols—mapping references to their definitions—and assigning final memory addresses. Static linking embeds the entire contents of required libraries directly into the executable, resulting in a self-contained file that includes all necessary code at build time, which increases file size but eliminates runtime dependencies. In contrast, dynamic linking incorporates only stubs or references to external libraries, deferring full resolution to runtime via a dynamic linker, which allows shared libraries to be loaded once and reused across programs but requires the libraries to be present on the target system. The linker also handles relocation, adjusting addresses in the object code to fit the final layout, and produces formats like ELF for Unix-like systems.

Source to Executable Conversion

The transformation from high-level , such as or C++ files, to a runnable executable follows a structured that ensures the is processed into machine-readable instructions compatible with the target system. This end-to-end begins with preprocessing and progresses through compilation, assembly, and linking, automating the conversion while resolving dependencies and optimizing for execution. Preprocessing is the initial stage, where the compiler's preprocessor expands macros, resolves include directives to incorporate header files, and handles conditional compilation based on directives like #ifdef. This step modifies the source code to produce an intermediate form ready for further processing, often expanding files like .c or .cpp without altering the core logic. The output is then fed into compilation, where the compiler translates the preprocessed code into , generating human-readable instructions specific to the target architecture. Assembly follows immediately, converting this assembly code into object files (typically .o or .obj) that contain relocatable segments. Finally, linking combines these object files with required libraries, resolving external references to form a cohesive executable file, such as a.out on systems or an .exe on Windows. To automate and scale this pipeline across complex projects involving multiple source files, build systems play a crucial role in managing dependencies, incremental builds, and platform variations. Makefiles, part of the GNU Make tool, define rules specifying targets (e.g., the executable), prerequisites (e.g., object files), and shell commands (recipes) to execute the stages, using file timestamps to recompile only modified components. , a cross-platform meta-build system, generates native build files (e.g., Makefiles or projects) from a high-level CMakeLists.txt script, using commands like add_executable() to define the output and target_link_libraries() to handle linking dependencies. Integrated development environments (IDEs), such as or , often integrate these tools or provide built-in builders to streamline the workflow within a graphical interface. Cross-compilation extends this pipeline to produce executables for architectures different from the host machine, enabling development on powerful desktops for embedded or remote targets. For instance, using GCC, developers specify the target triple (e.g., arm-linux-gnueabi-gcc) to configure the , ensuring preprocessing, compilation, and assembly generate code for the desired platform, such as building Windows executables on a host. This requires matching libraries and headers for the target, often managed by build systems like through toolchain files that override default settings. Throughout the conversion, handling is essential to identify issues early and maintain integrity. During compilation, type mismatches—such as incompatible pointer assignments or implicit conversions that alter values—trigger warnings or errors, configurable via flags like -Wconversion or -Wincompatible-pointer-types to enforce strict type checking. In the linking phase, unresolved symbols occur when references to functions or variables lack corresponding definitions in the object files or libraries, leading to linker errors that halt the build unless suppressed with options like --unresolved-symbols=ignore-all. These issues, often stemming from missing includes, incorrect library paths, or mismatched declarations across files, demand iterative to ensure a successful executable output.

Types and Formats

Native vs. Managed Executables

Native executables are programs compiled directly into machine code tailored to a specific CPU architecture, allowing the operating system to execute them without additional interpretation or translation layers. This direct compilation, often from languages like C or C++, results in binaries such as ELF files on Linux or PE files on Windows, with no runtime overhead during execution beyond the OS loader. In contrast, they require recompilation for different platforms, limiting portability, and place the burden of memory management and error handling on the developer, which can lead to issues like buffer overflows if not implemented carefully. Managed executables, on the other hand, are compiled into an intermediate representation, such as (CIL) in .NET or in , which is not directly executable by the hardware. These executables rely on a — like the (CLR) for .NET or the (JVM)—to perform just-in-time (JIT) compilation at runtime, converting the intermediate code to native machine instructions as needed. Examples include .NET assemblies (.dll or .exe files containing CIL, structured in the PE format on Windows) and Java class files (.class files containing , typically packaged in JAR archives based on the ZIP format). The primary advantages of native executables lie in their performance and efficiency: they execute at full hardware speed with minimal startup latency and no ongoing runtime costs, making them ideal for resource-constrained or high-performance applications like . However, their platform specificity reduces cross-architecture portability, requiring separate builds for each target environment, such as x86 versus . Managed executables offer enhanced portability, as the same intermediate code can run on any platform with the appropriate , facilitating "" development. They also provide built-in security features, such as automatic via garbage collection and enforced by the runtime, reducing common vulnerabilities like memory leaks. Drawbacks include dependency on the runtime environment, which adds installation requirements and potential performance overhead from compilation, though optimizations mitigate this in modern implementations. Hybrid approaches bridge these paradigms by applying ahead-of-time (AOT) compilation to managed code, producing native executables from intermediate representations without at runtime. In .NET, Native AOT compiles CIL directly to during the build process, yielding self-contained binaries with faster startup times and smaller memory footprints compared to traditional JIT-managed executables, while retaining managed benefits like garbage collection. This method enhances deployment scenarios, such as cloud-native applications or mobile apps, by reducing runtime dependencies, though it may limit dynamic features like reflection.

Common File Formats

Executable file formats standardize the structure of binaries across operating systems, enabling loaders to map code, data, and metadata into memory for execution. Major formats include the for Windows, the for systems, and for Apple platforms, each defining headers, sections, and linking information tailored to their ecosystems. Additional formats like the legacy Common Object File Format (COFF) and the binary format (WASM) address specialized or emerging use cases, such as object files and web-native execution. The (PE) format serves as the standard for executable files on Windows and Win32/Win64 systems, encompassing applications (.exe files) and dynamic-link libraries (.dll files). It begins with a DOS header for compatibility with , followed by a PE signature, COFF file header, optional header with subsystem information and data directories (such as imports and exports), and an array of section headers that define the layout of segments like .text for executable code, .data for initialized data, .rdata for read-only data, and .bss for uninitialized data. This structure allows the Windows loader to relocate the image, resolve imports, and initialize the process environment, supporting features like (ASLR) for security. PE files are extensible, accommodating debug information, resources, and certificates in dedicated sections. The (ELF) is the predominant format for executables, object files, shared libraries, and core dumps on operating systems, including and Solaris. Defined by the Tool Interface Standard, an ELF file starts with an ELF header specifying the file class (32-bit or 64-bit), , ABI version, and , followed by optional program header tables that describe loadable segments (e.g., PT_LOAD for code and data) and section header tables that organize content into sections like .text for code, .data for initialized variables, .rodata for constants, and .symtab for symbols. Program headers guide the dynamic loader in mapping segments into , while sections facilitate linking and ; shared objects (.so files) use ELF to enable dynamic linking at runtime. ELF's flexibility supports multiple architectures and processor-specific features, such as note sections for auxiliary information. Mach-O, short for Mach Object, is the executable format used in macOS, , , and , organizing binaries into a header, load commands, and segments containing sections for efficient loading by the dyld . The header identifies the CPU type, file type (e.g., MH_EXECUTE for executables or MH_DYLIB for libraries), and number of load commands, which specify details like segment permissions, symbol tables, and dynamic library paths. Segments such as __TEXT (for code and read-only data) and __DATA (for writable data) group related sections, with __LINKEDIT holding linking information; supports "fat" binaries that embed multiple architectures (e.g., x86_64 and arm64) in one file, allowing universal execution across devices like Intel-based Macs and . This format integrates with Apple's code-signing system, embedding entitlements and signatures directly in the binary. Other notable formats include the Common Object File Format (COFF), a legacy predecessor to PE used primarily for object files (.obj) in Windows toolchains and older Unix systems, featuring a file header with machine type and section count, followed by optional headers, section tables, and raw section data for relocatable code and symbols. COFF lacks the full executable portability of PE but remains relevant in build processes for its simplicity in handling intermediate compilation outputs. In contrast, WebAssembly (WASM) provides a platform-independent binary format for high-performance execution in web browsers and standalone runtimes, encoding modules as a sequence of typed instructions in a compact, linear structure with sections for code, data, types, functions, and imports/exports, compiled from languages like or to run sandboxed at near-native speeds without traditional OS dependencies.

Execution Mechanism

Loading and Running

The loading of an executable into memory begins when the operating system kernel receives a request to execute a program file, typically through system calls that initiate process creation. The kernel first reads the executable's header to verify its format and extract metadata about memory layout, such as segment sizes and permissions. For instance, in systems using the format, the kernel's load_elf_binary() function parses the ELF header and program header table to identify loadable segments like code, data, and BSS. Similarly, in Windows with the PE format, the loader examines the header, NT headers, and optional header to determine the image base and section alignments. Once headers are parsed, the kernel maps the executable's segments into the process's , allocating memory pages as needed without immediately loading all physical pages to support demand paging. Read-only segments like code are mapped with execute permissions, while data segments receive read-write access; the segment, representing uninitialized data, is zero-filled by allocating fresh pages. The kernel also establishes the stack and heap regions: the stack grows downward from a high virtual address, often with (ASLR) for security, while the heap starts just after the and expands via system calls like brk() or mmap(). In , setup_arg_pages() configures the initial stack size and adjusts memory accounting for argument pages. Windows performs analogous mappings through the Ntdll.dll loader, reserving for sections and committing pages on demand. Process creation integrates loading in operating system-specific models. In Unix-like systems such as Linux, the common approach uses the fork-exec paradigm: the fork() system call duplicates the parent process to create a child, sharing the address space initially via copy-on-write, after which the child invokes execve() to replace its image with the new executable. The execve() call triggers the kernel to load the binary, clear the old address space via flush_old_exec(), and set up the new one, returning control to the child only on success. In contrast, Windows employs the CreateProcess() API, which atomically creates a new process object, allocates its virtual address space, loads the specified executable, and starts its primary thread in a single operation, inheriting the parent's environment unless overridden. After loading, execution begins at the designated entry point, with the kernel performing final initializations. In Linux ELF executables, the kernel jumps to the entry address from the ELF header (or the dynamic linker's if present) via start_thread(), having populated the stack with the argument count argc, an array of argument pointers argv (with argv[0] typically the program name), environment pointers envp, and an auxiliary vector containing metadata like the entry point and page size. The actual entry symbol _start, provided by the C runtime (e.g., in glibc's crt1.o), receives these via the stack or registers, initializes the runtime environment (such as constructors and global variables), and invokes __libc_start_main() to call the user's main(int argc, char *argv[]) function. For Windows PE executables, the loader computes the entry point by adding the AddressOfEntryPoint RVA from the optional header to the image base, then starts the primary thread there; the C runtime entry (e.g., mainCRTStartup) similarly sets up argc and argv from the command line before calling main. Process termination occurs when the program calls an exit function, such as exit() , which sets an exit code and triggers cleanup. The exit code, an integer typically 0 for success and non-zero for failure, is returned to the ; in , the least significant byte of the status is passed via wait() or waitpid(), while the kernel reaps the process, freeing its mappings, closing file descriptors, and releasing other resources to prevent leaks. If the parent ignores SIGCHLD or has set SA_NOCLDWAIT, the child is immediately reaped without becoming a . In Windows, ExitProcess() sets the exit code (queryable via GetExitCodeProcess()) and notifies loaded DLLs, terminates all threads, unmaps the image from , and closes kernel handles, though persistent objects like files may remain if referenced elsewhere. Forced termination via signals (e.g., SIGKILL in Unix) or TerminateProcess() in Windows bypasses runtime cleanup but still reclaims system resources.

Dynamic Linking and Libraries

Dynamic linking allows executables to reference external shared libraries at runtime rather than embedding all code during compilation, enabling modular program design where libraries like .dll files on Windows or .so files on Unix-like systems are loaded on demand. This process relies on symbol tables within the executable and library files, which contain unresolved references to functions and variables; the runtime system resolves these symbols by searching for matching exports in loaded libraries, often using a dynamic symbol table for efficient lookups. Lazy loading defers the actual loading of a library until the first reference to one of its symbols is encountered, optimizing memory usage by avoiding unnecessary loads for unused components. The runtime loader, such as dyld on macOS or ld.so on , manages this linking process by handling resolution, applying relocations to adjust addresses based on the library's load position, and enforcing versioning to ensure compatibility between executable and library versions. For instance, ld.so on uses a dependency tree to load prerequisite libraries recursively and performs global resolution to bind imports across modules. Versioning mechanisms, like sonames in ELF files, prevent conflicts by specifying minimum required library versions, allowing multiple variants to coexist on the system. One key advantage of dynamic linking is the reduction in executable file size, as shared code is stored once in libraries and reused across multiple programs, which also facilitates easier updates to libraries without recompiling dependent executables. However, it introduces challenges such as dependency conflicts, colloquially known as "DLL hell" on Windows, where mismatched library versions can cause runtime failures if the system loads an incompatible variant. To support dynamic linking effectively, executables and shared libraries often employ (PIC), which compiles instructions to be relocatable without fixed addresses, using techniques like relative addressing and GOT/PLT tables to defer address resolution until runtime. This enables libraries to be loaded at arbitrary memory locations and shared among processes, enhancing system efficiency, though it may incur a slight performance overhead due to indirect jumps. In contrast to static linking, where all library code is incorporated at build time, dynamic linking promotes resource sharing but requires careful management of dependencies.

Security Considerations

Vulnerabilities and Protections

Executables are susceptible to vulnerabilities, where programs write more data to a fixed-length buffer than it can hold, potentially overwriting adjacent regions such as return addresses on the stack. This occurs due to the intermixing of data storage areas and control data in , allowing malformed inputs to alter program and enable . Stack smashing attacks exemplify this risk, exploiting stack-based buffer overflows in C programs by using functions like strcpy() to copy excessive data, overwriting the return address to redirect execution to injected . Code injection vulnerabilities further compound these threats, arising when executables fail to neutralize special elements in externally influenced inputs, permitting attackers to insert and execute malicious code. For instance, unvalidated user inputs can be interpreted as executable commands in languages like PHP or Python, leading to unauthorized actions such as system calls. To mitigate these exploits, operating systems implement protections like Address Space Layout Randomization (ASLR), which randomly relocates key areas of a process's virtual address space—including stacks, heaps, and loaded modules—at runtime to thwart address prediction by attackers. Complementing ASLR, Data Execution Prevention (DEP) uses the processor's NX (No eXecute) bit to mark certain memory pages as non-executable, preventing buffer overflow payloads from running code in data regions like the stack or heap. If execution is attempted on non-executable memory, DEP triggers an access violation, terminating the process to block exploitation. Executables also serve as primary vectors for , including viruses that attach to legitimate files and activate upon execution, spreading via shared disks or networks. Trojans similarly masquerade as benign executables, such as attachments or downloads, tricking users into running them to grant attackers backdoor access or capabilities. detection often relies on methods, which analyze runtime behaviors in simulated environments to identify suspicious actions like , even for unknown variants without matching signatures. Best practices for securing executables emphasize input validation, where data is checked early against allowlists for format, length, and semantics to block malformed inputs that could trigger overflows or injections. Additionally, least privilege execution restricts processes to minimal necessary permissions, confining potential damage from compromised executables by elevating privileges only when required and dropping them immediately afterward.

Signing and Verification

Code signing is a cryptographic process that attaches a to an executable file, ensuring its and authenticity by verifying that it has not been altered since signing and originates from a trusted publisher. This is achieved using digital certificates, typically in the format, issued by trusted certificate authorities (CAs). The signature is generated by hashing the executable—commonly with SHA-256—and encrypting the hash with the developer's private key, which is embedded in the certificate along with the corresponding public key for later verification. Developers obtain an certificate from a CA after undergoing identity validation, then use platform-specific tools to apply the signature. On Windows, the SignTool utility (signtool.exe) from the Windows SDK signs executables or catalog files by computing a SHA-256 hash of the file contents, signing it with the private key, and embedding the result in a structure within the PE () file format. Similarly, on macOS, the codesign command-line tool signs executables and bundles, creating a CodeResources file that includes SHA-256 hashes of resources and the signature, stored in the bundle's _CodeSignature directory. For distribution outside app stores, employs Authenticode as its standard, which supports dual-signing with both and SHA-256 for broader compatibility, while Apple uses Developer ID certificates to enable verification for non-App Store software. During loading or execution, the operating system verifies the to enforce trust. The process involves recomputing the SHA-256 hash of the executable and decrypting the embedded with the public key from the certificate to obtain the original hash; if they match, the file is deemed untampered. The certificate chain is then validated against trusted root CAs to confirm the publisher's identity, often requiring online checks for revocation status via Certificate Revocation Lists (CRLs) published by the CA. On Windows, Authenticode verification occurs via the WinVerifyTrust , which chains to roots in the system's trusted store and blocks execution if the is invalid or revoked. macOS uses the framework for similar checks during Gatekeeper assessment, ensuring the Developer ID aligns with Apple's notarization ticket if applicable. The primary purposes of signing and verification are to prevent tampering by detecting unauthorized modifications and to establish a chain of trust from the developer to the end user through CA-anchored certificates, thereby reducing risks from malware masquerading as legitimate software. Revocation mechanisms, such as CRLs, allow CAs to invalidate compromised certificates before expiration by listing their serial numbers, prompting systems to deny verification and halt execution of affected executables; this is critical for code signing, where revoked certificates remain on CRLs indefinitely to maintain long-term protection. Standards like Microsoft's Authenticode and Apple's Developer ID ensure interoperability and enforce these practices across ecosystems.

Historical Development

Early Executables

The earliest forms of executables emerged in the pre-1950s era through physical media like punch cards and magnetic tapes, which enabled direct machine execution on pioneering computers. The , completed in 1945 as the first general-purpose electronic digital computer, relied on punch cards for input via an integrated card reader, allowing programs to be loaded and executed by configuring the machine's wiring and switches based on the card data. These punch cards, perforated with holes representing binary instructions, served as the primary medium for storing and inputting both data and rudimentary programs, marking the transition from manual calculations to automated execution. Magnetic tapes began supplementing punch cards in the late 1940s, offering higher capacity for sequential program storage and execution on systems like the (1951), where tapes could be read directly to initiate computations without intermediate transcription. In the and , executables evolved with the advent of s on mainframe computers, facilitating more . The , introduced in 1952 as one of the first commercial scientific computers, used where programmers encoded instructions in symbolic form, translated into stored on punch cards or tape for loading into . This period also saw the development of the first loaders for relocatable code, enabling programs to be assembled independently and then positioned in at runtime; Grace Hopper's for the in 1952 implemented an early linking loader that combined subroutines from separate modules into a single executable. These loaders addressed the rigidity of absolute addressing in earlier systems, allowing code to be moved without full reprogramming, though execution still required manual intervention to set addresses. A key milestone in executable management came with the operating system in 1967, which introduced file permissions specifically for executables to enhance in a multi-user environment. segmented files with access controls, including an "execute" permission bit that restricted direct execution of data segments and enforced protection rings to isolate user programs from system resources. This innovation, part of ' hierarchical file system, was the first to systematically apply permissions to executable files, preventing unauthorized access or modification during shared computing sessions. Early executables were hampered by significant limitations, including the absence of automated linking mechanisms and reliance on . Programmers had to explicitly calculate and adjust addresses for each load, with no dynamic resolution of external references, leading to error-prone setups on mainframes like the IBM 701. Memory allocation was entirely manual, requiring operators to track available space and avoid overlaps, which constrained program size and portability across sessions.

Evolution in Modern Systems

In the 1980s and 1990s, executable formats evolved significantly alongside the growth of personal computing and systems. The operating system, released by in 1981, introduced the .COM format for simple, memory-resident programs limited to 64 KB, followed by the more advanced .EXE format in 1.0, which supported relocatable code and larger programs through a header-based structure known as MZ after its designer. Concurrently, systems saw the rise of dynamic linking, first implemented in 4.0 in late 1988, enabling shared libraries to be loaded at runtime for efficient memory use and easier updates, building on advancements. By the 1990s, the (ELF) emerged as a standardized alternative to older formats like a.out, with initial specifications published by Unix System Laboratories in 1990 and the Tool Interface Standard (TIS) version 1.2 released in May 1995, facilitating portable executables across variants such as Solaris and . The 2000s marked a shift toward managed code environments, prioritizing portability and security over native binaries. released Java in May 1995, introducing as an executed by the (JVM), which handled and automatically. Microsoft followed with the .NET Framework in February 2002, featuring the (CLR) for executing (CIL) code, enabling cross-language interoperability and just-in-time (JIT) compilation for platform independence. Early previews of also appeared, with introducing Jails in 2000 to isolate processes, filesystems, and networks within a single kernel, laying groundwork for resource partitioning in shared environments. From the 2010s onward, executables adapted to diverse architectures, web integration, and heightened security demands in cloud and mobile ecosystems. Apple announced Universal 2 binaries in June 2020 to support the transition to (ARM64), allowing single files to contain both x86-64 and ARM code for seamless execution across hardware. (Wasm), released by the W3C in March 2017, emerged as a compact, binary instruction format for high-performance, cross-platform code execution in browsers and beyond, compiling from languages like C++ and without traditional plugins. Security enhancements, such as OS-level sandboxing, gained prominence; for instance, Windows introduced AppContainer in (2012) to restrict executable access to resources via mandatory integrity control, while macOS expanded sandboxing in 2012 to limit app privileges by default. Looking ahead, hybrid just-in-time (JIT) and ahead-of-time (AOT) compilation strategies are gaining traction to balance startup speed and runtime optimization, as seen in tools like GraalVM for Java, which combines AOT for initial execution with JIT for adaptive improvements. Executable compression techniques, such as those in UPX, continue to evolve for efficient distribution, reducing file sizes by 50-70% through algorithms like LZMA while preserving fast decompression, aiding bandwidth-constrained mobile and cloud deployments.

References

  1. https://learn.microsoft.com/en-us/windows/win32/debug/pe-format
  2. https://www.cs.cmu.edu/afs/cs/academic/class/15213-f00/docs/elf.pdf
  3. https://developer.apple.com/library/archive/documentation/Performance/Conceptual/CodeFootprint/Articles/MachOOverview.html
  4. https://learn.microsoft.com/en-us/archive/msdn-magazine/2002/february/inside-windows-win32-portable-executable-file-format-in-detail
  5. https://www.cs.swarthmore.edu/~kwebb/cs31/s15/bucs/representing_executables.html
  6. https://www.linfo.org/executable.html
  7. https://d3fend.mitre.org/dao/artifact/d3f:ExecutableFile/
  8. https://cs.lmu.edu/~ray/notes/x86assembly/
  9. https://refspecs.linuxfoundation.org/elf/elf.pdf
  10. https://www.ti.com/lit/pdf/spraao8
  11. https://unix.stackexchange.com/questions/298281/are-binaries-portable-across-different-cpu-architectures
  12. https://developer.android.com/ndk/guides/abis
  13. https://www.janeasystems.com/blog/porting-software-arm64
  14. https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-46512/index.html
  15. https://cs.gmu.edu/~zduric/cs262/Slides/teoX.pdf
  16. https://eng.libretexts.org/Bookshelves/Computer_Science/Operating_Systems/Think_OS_-_A_Brief_Introduction_to_Operating_Systems_%28Downey%29/03%253A_Virtual_memory/3.4%253A_Memory_segments
  17. https://www.intel.com/content/www/us/en/docs/dpcpp-cpp-compiler/developer-guide-reference/2024-2/methods-to-optimize-code-size.html
  18. https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
  19. https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html
  20. https://gcc.gnu.org/onlinedocs/gccint/C-and-C_002b_002b-Trees.html
  21. https://tldp.org/HOWTO/GCC-Frontend-HOWTO-2.html
  22. https://sourceware.org/binutils/docs/as.html
  23. https://www.gnu.org/software/gnuastro/manual/html_node/Linking.html
  24. https://www.gnu.org/software/make/manual/make.html
  25. https://cmake.org/cmake/help/latest/manual/cmake-buildsystem.7.html
  26. https://gcc.gnu.org/onlinedocs/gcc/Invoking-GCC.html#Target-Options
  27. https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
  28. https://sourceware.org/binutils/docs/ld.html
  29. https://learn.microsoft.com/en-us/dotnet/standard/managed-code
  30. https://learn.microsoft.com/en-us/dotnet/standard/managed-execution-process
  31. https://learn.microsoft.com/en-us/windows/uwp/dotnet-native/net-native-and-compilation
  32. https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-3.html
  33. https://www.oracle.com/java/technologies/jpl2-packages-java-archive.html
  34. https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/
  35. https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/optimizing
  36. https://webassembly.org/docs/binary-encoding/
  37. https://lwn.net/Articles/631631/
  38. https://man7.org/linux/man-pages/man2/fork.2.html
  39. https://man7.org/linux/man-pages/man2/execve.2.html
  40. https://learn.microsoft.com/en-us/windows/win32/procthread/creating-processes
  41. https://www.win.tue.nl/~aeb/linux/hh/stack-layout.html
  42. https://man7.org/linux/man-pages/man3/exit.3.html
  43. https://learn.microsoft.com/en-us/windows/win32/procthread/terminating-a-process
  44. https://www.utc.edu/sites/default/files/2021-04/buffer-overflow.pdf
  45. https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf
  46. https://cwe.mitre.org/data/definitions/94.html
  47. https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170
  48. https://learn.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
  49. https://sec.cloudapps.cisco.com/security/center/resources/virus_differences
  50. https://www.fortinet.com/resources/cyberglossary/trojan-horse-virus
  51. https://csrc.nist.gov/files/pubs/conference/2000/10/19/proceedings-of-the-23rd-nissc-2000/final/docs/papers/019.pdf
  52. https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
  53. https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/02-checklist/05-checklist
  54. https://www.sectigo.com/resource-library/what-is-code-signing
  55. https://learn.microsoft.com/en-us/windows/win32/dxtecharts/authenticode-signing-for-game-developers
  56. https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode
  57. https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html
  58. https://developer.apple.com/developer-id/
  59. https://support.apple.com/guide/security/app-code-signing-process-sec3ad8e6e53/web
  60. https://docs.digicert.com/en/certcentral/manage-certificates/code-signing-certificates/revoke-a-code-signing-certificate.html
  61. https://www.ni.com/docs/en-US/bundle/teststand/page/authenticode-signatures-for-microsoft-windows.html
  62. https://www.computerhistory.org/revolution/birth-of-the-computer/4/78
  63. https://americanhistory.si.edu/collections/object-groups/punch-cards/punch-cards-data-processing
  64. https://www.computerhistory.org/storageengine/tape-unit-developed-for-data-storage/
  65. https://retrocomputing.stackexchange.com/questions/2588/when-was-the-relocatable-object-module-invented
  66. https://ethw.org/Milestones:A-0_Compiler_and_Initial_Development_of_Automatic_Programming%2C_1951-1952
  67. https://www.cs.utexas.edu/~witchel/380L/papers/saltzer74cacm-multics.pdf
  68. https://multicians.org/protection.html
  69. https://archive.computerhistory.org/resources/access/text/2020/10/102663105-05-01-acc.pdf
  70. https://www.softwarepreservation.org/projects/FORTRAN/paper/p25-backus.pdf
  71. https://github.com/microsoft/MS-DOS
  72. https://ptgmedia.pearsoncmg.com/images/0130224960/samplechapter/0130224960.pdf
  73. https://maskray.me/blog/2024-05-26-evolution-of-elf-object-file-format
  74. https://www.tech-insider.org/java/research/acrobat/9503.pdf
  75. https://learn.microsoft.com/en-us/dotnet/standard/clr
  76. https://www.aquasec.com/blog/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016/
  77. https://www.apple.com/newsroom/2020/06/apple-announces-mac-transition-to-apple-silicon/
  78. https://www.computer.org/csdl/magazine/sp/2011/02/msp2011020079/13rRUNvya7G
  79. https://www.ittc.ku.edu/~kulkarni/CARS/papers/pgo.pdf
  80. https://upx.github.io/
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.