![how does windows loader work how does windows loader work](https://sentayho.com.vn/wp-content/uploads/2020/08/windows-loader-3.jpg)
Linux has pluggable executable file formats, so it is possible to add an extra program loader which will do its own custom stuff with executable files, rather than the standard ones (ELF, shell scripts, binfmt_misc). The dynamic loader /lib/ld-linux.so.2 is also used for dynamically linked binaries - it's an example of an "interpreter" as referenced by the code in binfmt_elf.c. The loaders for various binary formats are in fs/binfmt_*.c in the Linux source ( fs/binfmt_elf.c is the loader used for executables in ELF format - ie. The loader is part of the kernal - but as you have access to all the kernal source you can play with it to your hearts content. If you want to play with this sort of thing then Linux is the best way to go. With Show Loader Snaps enabled, you can see loader trace messages by starting the application under a debugger (WinDBG).
![how does windows loader work how does windows loader work](https://image.slidesharecdn.com/windowsloader-161103134737/85/windows-loader-5-320.jpg)
You do this with gflags.exe (part of Debugging Tools for Windows). On Windows, you can get some visibility into the loader at work by enabling Loader Snaps. If you are more interested in linux and the elf format you will find all you need in google. You can use this information to write an app that starts a given executable.
#How does windows loader work portable#
An In-Depth Look into the Win32 Portable Executable File Here is a quite old but still uptodate MSDN article regarding PE files ( exe + dll ) No, in windows process creation and the user-mode loader in ntdll are tied together (PsCreateProcess will directly map in ntdll and jump to it so that it can finish resolving modules and setting up the process), you cannot replace it.īut there are resources availbable describing the format and loading of processes. I just compiled, all the answers & comments into a single post. Since each of the answers & comments is giving useful information.