Question about .exe files

[Peter Swinkels]

I like to examine executable files with a viewer or the Microsoft Windows Editor (Edit.com) out of curiosity. I often see readable text which contain symbols such as %ld, %s, %d and %u. Those symbols almost always seem to appear where some variable text would appear when the text is displayed during the execution of the program. These symbols often seem to refer to file names and appear often in error messages for example.

I have tried hex editing (a copy of course) of several of these executables, changing %s to %u for example. Usually this does result in other text being displayed (that is if the executable still works) but nothing I can make sense of. Does any one know what these symbols are and what they mean? These symbols appear both in Windows and MS-DOS executables.

[dglienna]

compiled code that cannot be uncompiled.

[Peter Swinkels]

I am not talking about decompiling the .exe's code, but examining its data section(s). What I found out by examining Windows .exe files with Pe Explorer, for example contain data that can reveal interesting things and which also can be edited and replaced up to a point.

Perhaps I should have said that I think that the readable text and the symbols I mentioned are part of the .exes' data sections. I also forgot to mention that I think that those symbols are probably something specific to the programming language used to write the source code of the .exe.

I don't know much about Borland C++, but after doing some searching on the internet and the C++ forum here, I found some C++ code which seem to contain those symbols I mentioned in text passed to a function called "printf" which I assume is something similair to Visual Basic's Print method and Quick Basic's PRINT statement. One DOS executable I found those symbols in also has the words "Borland C++" in it.

[<ABX]

The Best your going to get out of a complied exe is a few misc strings and maybe a few external function names (code that resides in .dll files).

Why do you want to know?

If you are trying to 'crack'/'hack'/'patch' your not going to get much help here. If your just curious W32DASM might be something that your looking for. (look for 'string tables' in the menus)

btw: in some programming languages strings are often stored in a generic form.
eg. if i wanted to display the time at a certain time, i might use a string like:
"Hello User, The time %var!"
(i am not a c++ programmer but i think %s is what i have seen used commonly... you might want to ask in c++ forum and see if anyone would humor you.)

basicly what happens is when it need to display the time it replaces the %var with the value specified.

[Peter Swinkels]

For the most part I am just curious though I try to manipulate .exe files to see the results. I have attempted to patch old MS-DOS programs to get them to work, without success though. For the most part I do it for the fun, challenge and to learn. This thread gave me the answer I needed to my question: http://www.vbforums.com/showthread.php?t=321136

[szlamany]

The EXE file is broken up into PSECTS (that's a term from my mainframe days - not sure they call it that anymore).

PSECTS are data areas, program code areas - all kinds of stuff that got compiled from the SOURCE CODE/OBJECT CODE.

Here's a really, really simple explanation. If you were to develop a simple ASM program to add 1 to a longword for instance you would find that in the PSECT for code was an instruction (ADDL or something like that) to take a literal value - stored in memory somewhere and add it to a longword address. The ADD command would be in it's "2-byte" binary word value. In the PSECT for data would be an area where the "1" was stored - also in it's binary form, since it's being referred to as a longword.

VB programs have strings - which are stored just as you see them in the source code. ABCDEF would appear somewhere in the .EXE as exactly that - "ABCDEF" (actually more like "A B C D E F " since it's 2-byte unicode).

The problem with VB EXECUTABLES is that there is a tremendous amount of linkage to libraries, DLL's and such. All that gets in the way of seeing the simple stuff.