step-by-step execution of the executable files in windows RRS feed

  • Question

  • Hi,

    Can you give me the step-by-step processes that are involved when i click on an executable file till its execution completion. I want to know this as i am currently willing to know how the ordinary executable and the executable from the .NET framework is generated and how they are differentiated and which processes handles each step.

    Friday, April 1, 2011 12:06 PM

All replies

  • Try looking up the /ps/ section of the WRK source As for .Net, I suggest you look up the ROTOR project on Microsoft, which is basically a working .Net implementation for Linux (but works on Windows as well) at archive.msdn.microsoft.com/ssclimsbuild
    Thursday, April 14, 2011 7:53 AM
  • Talking about ordinary executable files, the main stages of creating and executing a process (usually with the Windows CreateProcess function) can be summarized as follows:

    1. Validate parameters; convert Windows subsystem flags and options to their native counterparts; parse, validate and convert the attributes list to its native counterpart.
    2. Open the image file (.EXE) to be executed inside the process.
    3. Create the Windows executive process object.
    4. Create the intial thread (stack, context, and Windows executive thread object).
    5. Perform post-creation, Windows-subsystem-specific process initialization.
    6. Start execution of the intial thread (unless the CREATE_SUSPENDED flag was specified).
    7. In the context of the new process and thread, complete the initialization of the address space (such as load required DLLs) and begin execution of the program

    If you want to know more about processes, threads and jobs internals (as well as many other Windows internals topics), I suggest you to buy a copy of the book "Windows Internals, 5th Edition", by Mark Russinovich (http://blogs.technet.com/b/markrussinovich/): you can read more about this book at the following web address


    You can download the full Chapter 5 ("Processes, Threads and Jobs") from the following web address


    Talking about managed executable files, the steps are less in number: read the document at the following web address



    Luigi Bruno - Microsoft Community Contributor 2011 Award

    Friday, September 30, 2011 5:19 PM