174 Sentences With "executable file" | Random Sentence Generator

It was "executable file paths" — evidence of programs — that didn't belong there.

The payload is an executable file that downloads the encryptor and a small obfuscated file that serves no clear purpose.

The TSx could be hacked because its executable file, which controls the machine's operation, was connected to a local network — a known vulnerability.

The researchers created a proof-of-concept executable file that easily exploits the vulnerability, and produced a brief video to demonstrate it in action.

A 2001 Network World article highlighted how the file created major strain issues on networks far and wide because numerous copies of the executable file were being created.

When most of us think about a computer "program" we probably think about the things we install on our computers and then run by clicking on an executable file.

These buttons are designed to look like legitimate links to upgrade common software like Adobe Flash: Clicking on these buttons typically downloads malware in the form executable file directly to the user's download directory.

That's because the executable file would be printed in binary zeros and ones on a chip, and then anyone could use standard techniques from that executable in binary to reverse-engineer to the source code.

To find the program's executable file, either press the Windows logo on your keyboard or press the icon at the bottom left of your screen, and search for the name application you want to make a shortcut of.

Installing and uninstalling software would be dramatically easier for users (rather than requiring a user to download an executable file, install it, and hope that the developer included some kind of uninstaller for when they want to get rid of it).

A plist is a key-value list (like a Python dictionary) where the keys are the names of different job properties, such as the file-system path to the executable file to be run; the arguments the executable needs to run properly; the id of the user asking for the program to run; and, if applicable, a future date and time for when the program is to run.

COM files. MS-DOS version 1.0 added a more advanced relocatable .EXE executable file format.

Conversely, Integer BASIC was now removed from ROM and turned into an executable file on the DOS 3.3 disk.

It is hidden in the .dmg file under General.rtf. The .rtf is actually a Mach-O format executable file packed with UPX 3.91.

On June 19, 2006, FaceTime Security Labs' security researchers Christopher Boyd and Wayne Porter discovered a worm, dubbed MW.Orc. The worm steals users' banking details, usernames and passwords by propagating through Orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that caused the infection installed two additional files on the user's computer.

NET applications may be distributed as a shared object (in Unix and Linux), a Dynamic Link Library (in Windows), or as an executable file.

Dependency Walker or depends.exe is a free program for Microsoft Windows used to list the imported and exported functions of a portable executable file. It also displays a recursive tree of all the dependencies of the executable file (all the files it requires to run). Dependency Walker was included in Microsoft Visual Studio until Visual Studio 2005 (Version 8.0) and Windows XP SP2 support tools.

Another benefit of static builds is their portability: once the final executable file has been compiled, it is no longer necessary to keep the library files that the program references, since all the relevant parts are copied into the executable file. As a result, when installing a statically- built program on a computer, the user doesn't have to download and install additional libraries: the program is ready to run.

Novell ZENworks Application Virtualization is an application virtualization and portable application creation console by Novell that allows a user to build applications that run like an executable file.

Despite the misleading extension, MediaFire successfully identified the malicious image as an .exe- file. The malicious Shikara Code poses as a .jpeg image but is indeed an executable file.

Monster AI and armor classes are fixed for example. Older DeHackEd patches use a binary format of data to be applied to an executable file using the DeHackEd patching utility. Later versions of DeHackEd save their patches in a human-readable plain text format that can be edited with any text editor. Boom included the ability to load DeHackEd patches and effect changes to the game upon startup without any modification to the executable file.

Object files can in turn be linked to form an executable file or library file. In order to be used, object code must either be placed in an executable file, a library file, or an object file. Object code is a portion of machine code that has not yet been linked into a complete program. It is the machine code for one particular library or module that will make up the completed product.

A compiler developed by LightSpeed Software for a subset of the C programming language. C/65 outputs assembly source code. An assembler like MAC/65 is needed to create an executable file.

Listener receives requests for new connections from clients and assigns them to an available working thread. Listener plays an intermediate role between clients and working threads using an independent executable file, tblistener.

Compiled programs will typically use building blocks (functions) kept in a library of such object code modules. A linker is used to combine (pre-made) library files with the object file(s) of the application to form a single executable file. The object files that are used to generate an executable file are thus often produced at different times, and sometimes even by different languages (capable of generating the same object format). A simple interpreter written in a low level language (e.g.

A compression virus is an example of a benevolent computer virus, invented by Fred Cohen. It searches for an uninfected executable file, compresses the file and prepends itself to it. The virus can be described in pseudo code1984, Computer Viruses - Theory and Experiments program compression-virus:= {01234567; subroutine infect-executable:= {loop:file = get-random-executable-file; if first-line-of-file = 01234567 then goto loop; compress file; prepend compression-virus to file; } main-program:= {if ask-permission then infect-executable; uncompress the-rest-of-this-file into tmpfile; run tmpfile;} } The 01234567 is the virus signature, and is used to make sure (if first-line- of-file = 01234567) the file is not already infected. The virus then asks for permission (ask-permission) to infect a random executable (get-random- executable-file).

The Neko virtual machine is used to execute a Neko bytecode file, the VM also has the option to convert a bytecode file into an executable file (output changes depending on the target operating system).

Both the 1260 and Vienna infect .COM files in the current or PATH directories upon execution. Changing an authenticated executable file is detected by most modern computer operating systems.McAfee Labs Threat Center, Details and results of V2PX virus analysis.

The integrated development environment could run a BASIC program internally for traditional BASIC debugging (see sample below), or generate an MS-DOS stand-alone executable file that could be run on other systems without the Turbo Basic product or runtime libraries.

Multigrain targets specifically the Windows point of sale system, which has a multi.exe executable file."NewPosThings back as Multigrain, says Fireeye" If Multigrain gets into a POS system that does not have multi.exe then it deletes itself without leaving any trace.

Intelligent Updater is an alternate delivery method for virus definitions, which consists of an executable file that can be downloaded and run manually. It is used to update virus definitions only. To install other updates a user must run LiveUpdate.

A shared library or shared object is a file that is intended to be shared by executable files and further shared object files. Modules used by a program are loaded from individual shared objects into memory at load time or runtime, rather than being copied by a linker when it creates a single monolithic executable file for the program. Shared libraries can be statically linked during compile-time, meaning that references to the library modules are resolved and the modules are allocated memory when the executable file is created. But often linking of shared libraries is postponed until they are loaded.

Cameyo itself is a portable virtual application that does not need to be installed on the computer. It can be deleted once the virtualization is completed as a single file without leaving any traces in the registry. Cameyo essentially reduces all the files, folders, registry items, and binaries of the application that needs to be virtualized into a single executable file that can run without installation as a single file from any storage device on any computer. This single executable file can be carried in a USB device or be uploaded in a cloud storage system.

In addition to stealing personal information, the malware could also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs. The initial executable file (Minhasfotos.exe) created two additional files when activated, winlogon_.jpg and wzip32.

Typical computer programs have a separate binary (executable) file for each application. BusyBox is a single binary, which is a conglomerate of many applications, each of which can be accessed by calling the single BusyBox binary with various names (supported by having a symbolic link or hard link for each different name) in a specific manner with appropriate arguments. BusyBox benefits from the single binary approach, as it reduces the overhead introduced by the executable file format (typically ELF), and it allows code to be shared between multiple applications without requiring a library. This technique is similar to what is provided by the crunchgencrunchgen man page at freebsd.

Photo slideshow software is computer software used to display a range of digital photos, images and video clips in a predefined order. In most cases the output file is a standard video file or an executable file which contains all the sound and images for display.

This Fortran program is compiled into an executable file (.EXE) and executed. The executable program reads parameter values from input files, performs the simulation and writes requested calculated values into another file. When it terminates, SIMCOS takes control again and can display results as a graphic plot.

A manifest file is a metadata file contained within a JAR. It defines extension and package-related data. It contains name-value pairs organized in sections. If a JAR file is intended to be used as an executable file, the manifest file specifies the main class of the application.

's Mac 68k emulator for PowerPC. For application development, AMOS used a proprietary BASIC-like language called AlphaBASIC (though several other languages, including Assembler, FORTRAN, Pascal, and COBOL, were available). Older versions interpreted a tokenized executable file. Later versions translate the tokenized executable into x86 code for performance.

For online distribution, the Director can publish projects for embedding in websites using the Shockwave plugin. Shockwave files have a .dcr file extension. Other publishing options include a stand-alone executable file called projectors, supported on Macintosh and Windows operating systems, and with Director 12, output for iOS.

Mark "Zibo" Joseph Zbikowski (born March 21, 1956) is a former Microsoft Architect and an early computer hacker. He started working at the company only a few years after its inception, leading efforts in MS-DOS, OS/2, Cairo and Windows NT. In 2006 he was honored for 25 years of service with the company, the third employee to reach this milestone, after Bill Gates and Steve Ballmer. He was the designer of the MS-DOS executable file format, and the headers of that file format start with his initials: the ASCII characters 'MZ' (0x4D, 0x5A).Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format – MSDN Magazine, February 2002.

Dynamic linking or late binding is linking performed while a program is being loaded (load time) or executed (runtime), rather than when the executable file is created. A dynamically linked library (dynamic-link library, or DLL, under Windows and OS/2; dynamic shared object, or DSO, under Unix-like systems) is a library intended for dynamic linking. Only a minimal amount of work is done by the linker when the executable file is created; it only records what library routines the program needs and the index names or numbers of the routines in the library. The majority of the work of linking is done at the time the application is loaded (load time) or during execution (runtime).

While Multiboot defines a header as a struct, which needs to be present in the image file as a whole, in Multiboot2, fields or group of fields have a type tag, which allows them to be omitted from the Multiboot2 header. Within the OS image file, the header must be in the first 8192 (2¹³) bytes for Multiboot and 32768 (2¹⁵) bytes for Multiboot2. The loader searches for a magic number to find the header, which is 0x1BADB002 for Multiboot and 0xE85250D6 for Multiboot2. In the header, `entry_addr` points to the code where control is handed over to the OS. This allows different executable file formats (see Comparison of executable file formats).

The first Stick Soldiers game proved to be a major hit at Gamedev.net, where its production was enthusiastically observed. It used modifiable bitmap images and supported deathmatch with a primitive one-way CTF mode, later receiving (as a separate download) a red-vs.-blue Team version as another executable file.

In 1997 the app was changed and renamed as Outlook Express and bundled with Internet Explorer 4. The Windows executable file for Outlook Express, msimn.exe, is a holdover from the Internet Mail and News era. Like Internet Explorer, Outlook Express 4 can run on Mac System 7, OS 8, and OS 9.

It is possible to make a USB drive or an optical medium bootable in order to start HDClone from it, independently of Windows. This also allows it to copy operating systems on which the HDClone executable file can't be started. It uses either Miray Symobi or Linux as the host operating system.

Linux also supports mandatory locking through the special `-o mand` parameter for file system mounting (``), but this is rarely used. Some Unix-like operating systems prevent attempts to open the executable file of a running program for writing; this is a third form of locking, separate from those provided by `fcntl` and `flock`.

SYS` was loaded into memory, while `DUP.SYS` contained the disk utilities and was loaded only when the user exited to DOS. In addition to bug fixes, DOS 2.0S featured improved `NOTE/POINT` support and the ability to automatically run an Atari executable file named `AUTORUN.SYS`. Since user memory was erased when `DUP.

The executable program of the package is called mpsolve. It can be run from command line in console. The executable file for the graphical user interface is called xmpsolve, and the MATLAB and Octave functions are called mps_roots. They behave similarly to the function roots that is already included in these software packages.

In 2009 Richard Lewis would leak a program to the public. The program, a small executable file called vent.exe was a cheat, disguised as being part of a popular VOiP software called Ventrilo. Similar to today's Discord or Teamspeak, it was widely used in the gaming world by teams to communicate during games.

The DOS MZ executable format is the executable file format used for .EXE files in DOS. The file can be identified by the ASCII string "MZ" (hexadecimal: 4D 5A) at the beginning of the file (the "magic number"). "MZ" are the initials of Mark Zbikowski, one of leading developers of MS-DOS.

A disadvantage of self-extracting archives is that running executables of unverified reliability, for example when sent as an email attachment or downloaded from the Internet, may be a security risk. An executable file described as a self-extracting archive may actually be a malicious program. One protection against this is to open it with an archive manager instead of executing it (losing the minor advantage of self- extraction); the archive manager will either report the file as not an archive or will show the underlying metadata of the executable file - a strong indication that the file is not actually a self-extracting archive. Additionally, some systems for distributing files do not accept executable files in order to prevent the transmission of malicious programs.

The `setuid` and `setgid` flags have different effects, depending on whether they are applied to a file, to a directory or binary executable or non binary executable file. The `setuid` and `setgid` flags only have effect on binary executable files. Setting these bits on scripts like bash, perl or python does not have any effect.

C2flash is short for "c/c++ to flash". It is a tool that converts an executable file compiled from c/c++ to Flash as code. C2flash first disassembles the PE file into assembler code, and then generates Flash 3.0 code that simulates a 386 CPU. The virtual machine runs the assembler code in Flash Player.

This enables malware authors to add ".scr" to the name of any win32 executable file, and thereby increase likelihood that users of Microsoft Windows will run it unintentionally. In addition, this program should support the following command line parameters: With no parameter – shows the Settings dialog box or do nothing. ScreenSaver.scr `/s` Runs the screensaver. ScreenSaver.

Unicorn is a CPU emulation framework based on QEMU's "TCG" CPU emulator. Unlike QEMU, Unicorn focuses on the CPU only: no emulation of any peripherials are provided and raw binary code (outside of the context of an executable file or a system image) can be run directly. Unicorn is thread-safe and has multiple bindings and instrumentation interfaces.

1, on August 8, 2003. (English tr.) Another major change was the removal of the Send- Receive Messaging Module from the core into a plugin, SRMM. This reduced the size of the executable file and encouraged rapid development of messaging modules. During this period many variations (including SRAMM, SRMM_mod, etc.) offered different new features and improvements over the standard implementation. ZDNet.

KoKo Virus is a memory resident computer virus created in March 1991. KoKo's name came from the creator himself, which was a nickname used by his friends. Many on-line virus databases refer to KoKo as Koko.1780. KoKo is written in the Assembly programming language and the executable file usually has an approximate file size of around 1780 bytes.

Later versions also added control structures, such as multiline conditional statements and loop blocks. Microsoft's "PC BASIC Compiler" was included for compiling programs into DOS executables. Beginning with version 4.0, the editor included an interpreter that allowed the programmer to run the program without leaving the editor. The interpreter was used to debug a program before creating an executable file.

The Standard edition allows the user to create a slideshow as an executable file for Windows and Mac and AVI video file. The Deluxe version also allows HD video (MP4 H.264 file), DVD and to export on YouTube, Facebook, or iPhone/iPad. The quality output of this slideshow program can be said to be excellent for both executable files and video output.

A brief review and interview with the developer appeared in Libre Graphics World in 2013. This review praises SolveSpace for its small executable file size, its advanced constraints solver and range of output formats. The same review notes some drawbacks, mainly its slow and limited processing of NURBS booleans and lack of native Linux support. However, native Linux support has since been added.

LiveCode project files are binary-compatible across platforms. They inherit each platform's look-and-feel and behaviors. Buttons, scroll bars, progress bars and menus behave as expected on the target platform without any intervention on the part of the one authoring a LiveCode application. Compiling a LiveCode "standalone" produces a single, executable file (minimum size ~1.5MB) for each platform targeted.

Small programs could ignore the segmentation and just use plain 16-bit addressing. This allows 8-bit software to be quite easily ported to the 8086. The authors of most DOS implementations took advantage of this by providing an Application Programming Interface very similar to CP/M as well as including the simple .com executable file format, identical to CP/M.

The Perl virtual machine is a stack-based process virtual machine implemented as an opcodes interpreter which runs previously compiled programs written in the Perl language. The opcodes interpreter is a part of the Perl interpreter, which also contains a compiler (lexer, parser and optimizer) in one executable file, commonly /usr/bin/perl on various Unix-like systems or perl.exe on Microsoft Windows systems.

The GNU linker (or GNU ld) is the GNU Project's implementation of the Unix command ld. GNU ld runs the linker, which creates an executable file (or a library) from object files created during compilation of a software project. A linker script may be passed to GNU ld to exercise greater control over the linking process. The GNU linker is part of the GNU Binary Utilities (binutils).

Static linking must be performed when any modules are recompiled. All of the modules required by a program are sometimes statically linked and copied into the executable file. This process, and the resulting stand-alone file, is known as a static build of the program. A static build may not need any further relocation if virtual memory is used and no address space layout randomization is desired.

Hunk is the executable file format of tools and programs of the Amiga Operating System based on Motorola 68000 CPU and other processors of the same family. This kind of executable got its name from the fact that the software programmed on Amiga is divided in its internal structure into many pieces called hunks, in which every portion could contain either code or data.

In computer science, pointer swizzling is the conversion of references based on name or position to direct pointer references. It is typically performed during the deserialization (loading) of a relocatable object from disk, such as an executable file or pointer-based data structure. The reverse operation, replacing pointers with position-independent symbols or positions, is sometimes referred to as unswizzling, and is performed during serialization (saving).

Resource Monitor includes an improved RAM usage display and supports display of TCP/IP ports being listened to, filtering processes using networking, filtering processes with disk activity and listing and searching process handles (e.g. files used by a process) and loaded modules (files required by an executable file, e.g. DLL files). Microsoft Magnifier, an accessibility utility for low vision users has been dramatically improved.

Upon startup, CleanSweep loads three components, each of which tracks and logs changes made to aid in uninstallation. If the program has not been monitored CleanSweep can be pointed to the main executable file or the main program group. It also comprises several "wizards" to simplify common PC tuneup activities. The "Smart Sweep" module takes care of monitoring all the setup programs being run.

Devnull is the name of a computer worm for the Linux operating system that has been named after , Unix's null device. This worm was found on 30 September 2002. This worm, once the host has been compromised, downloads and executes a shell script from a web server. This script downloads a gzipped executable file named from the same address, and then decompresses and runs the file.

OSX.Keydnap is initially downloaded as a Zip archive. This archive contains a single Mach-O file and a Resource fork containing an icon for the executable file, which is typically a JPEG or text file image. Additionally, the dropper takes advantage of how OS X handles file extensions by putting a space behind the extension of the file name for example – as “keydnap.jpg ” instead of “keydnap.jpg”.

In this way it may be called from the command line or via an executable file, and its editing functions, such as buffers and movement commands are available to the program just as in the normal mode. No user interface is presented when Emacs is started in batch mode; it simply executes the passed-in script and exits, displaying any output from the script.

Noncopylefted free software comes from the author with permission to redistribute and modify and to add license restrictions. If a program is free but not copylefted, then some copies or modified versions may not be free. A software company can compile the program, with or without modifications, and distribute the executable file as a proprietary software product. The X Window System illustrates this approach.

The Windows 98 Style of Microsoft Minesweeper In early versions of the game, a cheat code let players peek beneath the tiles. By the year 2000, the game had been given the name of Flower Field instead of Minesweeper in some translations of Windows 2000 (like the Italian version), featuring flowers instead of mines. Flower Fields gameplay was otherwise unchanged, as was the executable file name.

In the early days of the Longhorn project, an experimental sidebar, with plugins similar to taskbar plugins and a notifications history was built into the shell. However, when Longhorn was reset the integrated sidebar was discarded in favor of a separate executable file, sidebar.exe, which provided Web-enabled gadgets, thus replacing Active Desktop. Windows Vista introduced a searchable Start menu and live taskbar previews to the Windows shell.

SmartDrive (or SMARTDRV) is a disk caching program shipped with MS-DOS versions 4.01 through 6.22 and Windows 3.0 through Windows 3.11. It improves data transfer rates by storing frequently accessed data in random-access memory (RAM). Early versions of SmartDrive were loaded through a device driver named . Versions 4.0 and later were loaded through an executable file named , which could be run at user's discretion or at boot time via .

Many new gameplay features included in Creatures 2 not present in the original game include a new physics model and a global weather system, along with brand new applets and a world twice the size of the Creatures 1 world. The executable file for the game was in fact an interpreter for its scripting language, thus allowing users to make total conversions or derivative works from the game.

Such an approach saves FASM sources from compiling problems often present in many assembly projects. On the other hand, it makes it harder to maintain a project that consists of multiple separately compiled source files or mixed-language projects. However, there exists a Win32 wrapper called FA, which mitigates this problem. FASM projects can be built from one source file directly into an executable file without a linking stage.

In computing, rpath designates the run-time search path hard-coded in an executable file or library. Dynamic linking loaders use the rpath to find required libraries. Specifically, it encodes a path to shared libraries into the header of an executable (or another shared library). This RPATH header value (so named in the Executable and Linkable Format header standards) may either override or supplement the system default dynamic linking search paths.

RavMonE is a worm written in the Python scripting language and was converted into a Windows executable file using the Py2Exe tool. It attempts to spread by copying itself to mapped and removable storage drives. It can be transmitted by opening infected email attachments and downloading infected files from the Internet. It can also be spread through removable media, such as CD-ROMs, flash memory, digital cameras and multimedia players.

LS-DYNA consists of a single executable file and is entirely command-line driven. Therefore, all that is required to run LS-DYNA is a command shell, the executable, an input file, and enough free disk space to run the calculation. All input files are in simple ASCII format and thus can be prepared using any text editor. Input files can also be prepared with the aid of a graphical preprocessor.

It also includes a multithreaded build engine (MSBuild) to compile multiple source files (and build the executable file) in a project across multiple threads simultaneously. It also includes support for compiling icon resources in PNG format, introduced in Windows Vista. An updated XML Schema designer was released separately some time after the release of Visual Studio 2008. Visual Studio Debugger includes features targeting easier debugging of multi-threaded applications.

Otherwise it would attempt to find an executable file on the currently logged disk drive and (in later versions) user area, load it, and pass it any additional parameters from the command line. These were referred to as "transient" programs. On completion, CP/M would reload the part of the CCP that had been overwritten by application programs — this allowed transient programs a larger memory space. The commands themselves could sometimes be obscure.

DOS/32 is an advanced 32-bit DOS extender created for replacing DOS/4GW extender and compatibles.TOOLS:DOS32A - DOSBoxWiki This extender can be used in various environments, from embedded systems to DOS emulators, by both developers and end users alike.About DOS/32 Advanced DOS Extender Unlike DOS/4GW, DOS/32 is free, open-source and can be extended to create a unique executable file that incorporates the extender memory tool and main application code.

Numbered Panda continued to target Taiwan with spear phishing email campaigns with malicious attachments. Attached Microsoft Word documents exploited the vulnerability to help propagate HighTide. FireEye found that compromised Taiwanese government employee email accounts were used in some of the spear phishing. HighTide differs from Etumbot in that its HTTP GET request changed the User Agent, the format and structure of the HTTP Uniform Resource Identifier, the executable file location, and the image base address.

DVD Shrink is designed to be easy to use. It is contained within a single executable file that is one megabyte in size. The program features a DeCSS decryption algorithm, enabling it to open and decrypt many currently available DVDs, although it is defeated by some newer copy protection techniques. As well as this, it can open DVD files contained in a VIDEO_TS folder or a disk image (ISO, IMG, NRG or MDS/Ixx).

If the disk is not accessible, an error window is displayed. It uses a combination of encryption software and an optical mark on the surface of the disk. The protection code is embedded into an executable file on the disk using a proprietary tool. This file, which is responsible for searching for the physical mark on the disk, is encrypted and gets multiple layers of protection against code analysis to impede reverse engineering.

Linux kernel boot and decompression process On Linux systems, `vmlinux` is a statically linked executable file that contains the Linux kernel in one of the object file formats supported by Linux, which includes ELF, COFF and a.out. The `vmlinux` file might be required for kernel debugging, symbol table generation or other operations, but must be made bootable before being used as an operating system kernel by adding a multiboot header, bootsector and setup routines.

Enhanced Doom Gaming Engine, or EDGE, is a port derived from DOSDoom. EDGE was first released on June 20, 2000. The most attractive feature of EDGE is its DDF system, which describes all game behavior inside text files external to the executable file. As a result, it is popular among modders, who use the extensibility to add many new weapons and features with far fewer of the limits present in other source ports.

There are several advantages to statically linking libraries with an executable instead of dynamically linking them. The most significant advantage is that the application can be certain that all its libraries are present and that they are the correct version. This avoids dependency problems, known colloquially as DLL Hell or more generally dependency hell. Static linking can also allow the application to be contained in a single executable file, simplifying distribution and installation.

All terrain tiles, some landscape features, all monsters and objects, and some spell/effect graphics take the form of Windows 3.1 icons and were done by Paul Canniff. Multi-tile graphics, such as ball spells and town buildings, are bitmaps included in the executable file. No graphics use colors other than the Windows-standard 16-color palette, plus transparency. They exist in monochrome versions as well, meaning that the game will display well on monochrome monitors.

A number of COM files in IBM PC DOS 1.0 A COM file is a type of simple executable file. On the Digital Equipment operating systems of the 1970s, `.COM` was used as a filename extension for text files containing commands to be issued to the operating system (similar to a batch file). With the introduction of CP/M (a microcomputer operating system), the type of files commonly associated with COM extension changed to that of executable files.

There is a particular sequence of bytes in the file header, yielding the hexadecimal value $000003f3. This sequence, which signifies an executable file and lets it be self-running, is called a magic cookie (from the magic cookies in Alice's Adventures in Wonderland by Lewis Carroll). This kind of solution to identify executables on the Amiga was taken from similar solutions which were adopted by UNIX/Unix-like operating systems, where magic cookies are called magic numbers.

CIL code is verified for safety during runtime, providing better security and reliability than natively compiled executable files. The execution process looks like this: #Source code is converted to CIL bytecode and a CLI assembly is created. #Upon execution of a CIL assembly, its code is passed through the runtime's JIT compiler to generate native code. Ahead-of-time compilation may also be used, which eliminates this step, but at the cost of executable-file portability.

PMODE/W is a version of PMODE for the Watcom C/C++ compilers. It was developed by Charles "Daredevil" Scheffold and Thomas Pytel. Its footprint in the final executable file is slightly larger than that of the original PMODE because of the added functionality, but it is still less than 12 kilobytes according to its own documentation. PMODE/DJ is a DOS extender derived from PMODE 3.07 by Matthias Grimrath for use with the DJGPP compilers.

An application that employs SxS must have a manifest. Manifests are typically a section embedded in the application's executable file but may also be an external file. When the operating system loads the application and detects the presence of a manifest, the operating system DLL loader is directed to the version of the DLL corresponding to that listed in the manifest. If there is no manifest, the DLL loader loads a default version of all DLL dependencies.

The game was not made available to Asian and Australian players, with the official Black Prophecy website preventing residents of these regions from downloading the client executable file and signing up for beta access. The game used the Freemium model, featuring a premium shop where players could buy various in-game items, such as weapons and armors. On 29 August 2012 the game developers announced that the game will be "closing its doors" on 26 September 2012.

CryptoLocker typically propagated as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by a legitimate company. A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. CryptoLocker was also propagated using the Gameover ZeuS trojan and botnet.

In computing, exec is a functionality of an operating system that runs an executable file in the context of an already existing process, replacing the previous executable. This act is also referred to as an overlay. It is especially important in Unix-like systems, although exists elsewhere. As a new process is not created, the process identifier (PID) does not change, but the machine code, data, heap, and stack of the process are replaced by those of the new program.

An illustration of the linking process. Object files and static libraries are assembled into a new library or executable In computing, a linker or link editor is a computer system program that takes one or more object files (generated by a compiler or an assembler) and combines them into a single executable file, library file, or another "object" file. A simpler version that writes its output directly to memory is called the loader, though loading is typically considered a separate process.

The graphics stack has several peculiarities unusual for a web browser. The fonts displayed by Links are not derived from the system, but compiled into the binary as grayscale bitmaps in Portable Network Graphics (PNG) format. This allows the browser to be one executable file independent of the system libraries. However this increases the size of the executable to about 5 MB. The fonts are anti-aliased without hinting and for small line pitch an artificial sharpening is employed to increase legibility.

If the permission is granted, it compresses the executable (infect-executable), prepends itself to it (prepend), uncompresses the current executable file (uncompress the-rest-of-this-file) into a temporary file (tmpfile) and runs it (run tmpfile). Cruncher is an example of a compression virus,Mark A. Ludwig 1995, Giant Black Book of Computer Viruses p.10 a strain of which - Cruncher.2092 is described by McAfee as memory-resident virus that infects all but small com files, making them smaller.

In Microsoft Windows, software that relies on Windows Side-by-Side (WinSxS) needs an application manifest, which is an XML document that is either embedded in an executable file or contained in a separate XML file that accompanies it. It bears name, version, trust information, privileges required for execution and dependencies on other components. An assembly manifest is very similar to an application manifest but describes the identity of components known as "assemblies". These assemblies are referred to in the application manifest.

Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as "runtime packers", "software packers", "software protectors" (or even "polymorphic packers" and "obfuscating tools").

The Bourne shell (`sh`) is a shell, or command-line interpreter, for computer operating systems. The Bourne shell was the default shell for Version 7 Unix. Unix-like systems continue to have `/bin/sh`—which will be the Bourne shell, or a symbolic link or hard link to a compatible shell—even when other shells are used by most users. Developed by Stephen Bourne at Bell Labs, it was a replacement for the Thompson shell, whose executable file had the same name—`sh`.

Once a matching executable file is found, the system spawns a new process which runs it. The PATH variable makes it easy to run commonly used programs located in their own folders. If used unwisely, however, the value of the PATH variable can slow down the operating system by searching too many locations, or invalid locations. Invalid locations can also stop services from running altogether, especially the 'Server' service which is usually a dependency for other services within a Windows Server environment.

Libraries are important in the program linking or binding process, which resolves references known as links or symbols to library modules. The linking process is usually automatically done by a linker or binder program that searches a set of libraries and other modules in a given order. Usually it is not considered an error if a link target can be found multiple times in a given set of libraries. Linking may be done when an executable file is created, or whenever the program is used at runtime.

During that time, others had found the game and it was distributed widely across the network, which had surprised Crowther on his return. Though titled in-game as Colossal Cave Adventure, its executable file was simply named ADVENT, which led to this becoming an alternate name for the game. One of those that had discovered the game was Don Woods, a graduate student at Stanford University in 1976. Woods wanted to expand upon the game and contacted Crowther to gain access to the source code.

It incorporates an executable file module, a module used to run uncompressed files from compressed files. Such a compressed file does not require an external program to decompress the contents of the self-extracting file, and it can run the operation itself. However, WinRAR can still treat self-extracting files as any other compressed files. So if you are unwilling to run the self-extracting file you received (for example, when it may contain a virus), you can use WinRAR to view or decompress its content.

Jerusalem is a logic bomb DOS virus first detected at Hebrew University of Jerusalem, in October 1987. On infection, the Jerusalem virus becomes memory resident (using 2kb of memory), and then infects every executable file run, except for COMMAND.COM. COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. Executable files grow by 1,808 to 1,823 bytes each time they are infected, and are then re-infected each time the files are loaded until they are too large to load into memory.

Lotus Freelance Graphics is an information graphics and presentation program developed by Lotus Software (formerly Lotus Development Corp.) following its acquisition of Graphic Communications Inc in 1986. It was first released for DOS and OS/2 operating systems, then later released as part of the Lotus SmartSuite for Microsoft Windows. (In a reference to its original developer, Graphic Communications Inc., Freelance's executable file was named GCIFL.) Pre-Windows versions of Lotus Freelance Graphics included mouse support (provided a mouse driver for the OS had also been installed).

On older versions self- extracting archives were vulnerable to arbitrary code execution through DLL hijacking: they load and run a DLL named UXTheme.dll, if it is in the same folder as the executable file. 7-Zip 16.03 Release notes say that the installer and SFX modules have added protection against DLL preloading attack. Versions of 7-Zip prior to 18.05 contain an arbitrary code execution vulnerability in the module for extracting files from RAR archives (), a vulnerability that was fixed on 30 April 2018.

A 64K intro is a demo where the size of the executable file is limited to 64 kibibytes, or 65,536 bytes. At demo parties there is a category for this kind of demo, where the one that gives the best impression wins. 64K intros generally apply many techniques to be able to fit in the given size, usually including procedural generation, sound synthesis and executable compression. The size of 64 kibibytes is a traditional limit which was inherited from the maximum size of a COM file.

An executable file starting with an interpreter directive is simply called a script, often prefaced with the name or general classification of the intended interpreter. The name shebang for the distinctive two characters may have come from an inexact contraction of SHArp bang or haSH bang, referring to the two typical Unix names for them. Another theory on the sh in shebang is that it is from the default shell sh, usually invoked with shebang. This usage was current by December 1989, and probably earlier.

A compressed executable can be considered a self-extracting archive, where a compressed executable is packaged along with the relevant decompression code in an executable file. Some compressed executables can be decompressed to reconstruct the original program file without being directly executed. Two programs that can be used to do this are CUP386 and UNP. Most compressed executables decompress the original code in memory and most require slightly more memory to run (because they need to store the decompressor code, the compressed data and the decompressed code).

Crt0 generally takes the form of an object file called , often written in assembly language, which is automatically included by the linker into every executable file it builds. contains the most basic parts of the runtime library. As such, the exact work it performs depends on the program's compiler, operating system and C standard library implementation. Beside the initialization work required by the environment and toolchain, can perform additional operations defined by the programmer, such as executing C++ global constructors and C functions carrying GCC's attribute.

DOS is not a multitasking operating system, but replacing the previous executable image has a great merit there due to harsh primary memory limitations and lack of virtual memory. The same API is used for overlaying programs in DOS and it has effects similar to ones on POSIX systems. MS-DOS exec functions always load the new program into memory as if the "maximum allocation" in the program's executable file header is set to default value 0xFFFF. The EXEHDR utility can be used to change the maximum allocation field of a program.

The original variant used a fake installer of Adobe Flash Player to install the malware, hence the name "Flashback". A later variant targeted a Java vulnerability on Mac OS X. The system was infected after the user was redirected to a compromised bogus site, where JavaScript code caused an applet containing an exploit to load. An executable file was saved on the local machine, which was used to download and run malicious code from a remote location. The malware also switched between various servers for optimized load balancing.

GW-BASIC, launched in 1983, is a disk- based Microsoft product that was distributed with non-IBM MS-DOS computers, and supports all the graphics modes and features of BASICA on computers that do not have IBM Cassette BASIC. The successor to BASICA for MS-DOS and PC DOS versions, now discontinued, is QBasic, launched in 1991. It is a stripped-down version of the Microsoft QuickBASIC compiler: QBasic is an interpreter and cannot compile source files, while QuickBASIC can compile and save the programs in the .EXE executable file format.

Most Unix-like systems have a "search path" specifying file-system directories in which to look for dynamic libraries. Some systems specify the default path in a configuration file, others hard-code it into the dynamic loader. Some executable file formats can specify additional directories in which to search for libraries for a particular program. This can usually be overridden with an environment variable, although it is disabled for setuid and setgid programs, so that a user can't force such a program to run arbitrary code with root permissions.

Entry points apply both to source code and to executable files. However, in day-to-day software development, programmers specify the entry points only in source code, which makes them much better known. Entry points in executable files depend on the application binary interface (ABI) of the actual operating system, and are generated by the compiler or linker (if not fixed by the ABI). Other linked object files may also have entry points, which are used later by the linker when generating entry points of an executable file.

COM, the primary user interface of MS-DOS, produces this error message when the first word of a command could not be interpreted. For MS-DOS, this word must be the name of an internal command, executable file or batch file, so the error message provided an accurate description of the problem but easily confused novices. Though the source of the error was often a mistyped command, the wording gave the impression that files named in later words were damaged or had illegal filenames. Later, the wording of the error message was changed for clarity.

In computer systems a loader is the part of an operating system that is responsible for loading programs and libraries. It is one of the essential stages in the process of starting a program, as it places programs into memory and prepares them for execution. Loading a program involves reading the contents of the executable file containing the program instructions into memory, and then carrying out other required preparatory tasks to prepare the executable for running. Once loading is complete, the operating system starts the program by passing control to the loaded program code.

The hunks in an Amiga executable file could exist in various types. There are 32-bit hunks, 16-bit hunks, and even some 8-bit hunks. Types of hunks were standardized in AmigaOS, and well documented in The AmigaDOS Manual edited by Commodore to explain to programmers how to code on the Amiga, during the years in which Commodore manufactured Amiga computers. Their structure was officially codified and could be changed only by a Commodore committee, which then communicated the modifications to the developers for new releases of the Amiga operating system.

BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with interfaces provided by the Linux kernel. It was specifically created for embedded operating systems with very limited resources. The authors dubbed it "The Swiss Army knife of Embedded Linux",The slogan for 'The Swiss Army Knife of Embedded Linux' source as the single executable replaces basic functions of more than 300 common commands.

4701 on an executable file owned by 'root' and the group 'root' A user named 'thompson' attempts to execute the file. The executable permission for all users is set (the '1') so 'thompson' can execute the file. The file owner is 'root' and the SUID permission is set (the '4') - so the file is executed as 'root'. The reason an executable would be run as 'root' is so that it can modify specific files that the user would not normally be allowed to, without giving the user full root access.

In NeXTSTEP, OPENSTEP, GNUstep, and their lineal descendants macOS and iOS, a bundle is a file directory with a defined structure and file extension, allowing related files to be grouped together as a conceptually single item. Examples of bundles that contain executable code include applications, frameworks, and plugins. This kind of bundle usually contains one file representing executable code, and files that represent resources such as nibs, templates, images, sounds, and other media. On some other systems, such as Microsoft Windows, these resources are usually included directly in the executable file itself at compile time.

A hex dump of an executable real mode loader In computing, executable code, executable file, or executable program, sometimes simply referred to as an executable or binary, causes a computer "to perform indicated tasks according to encoded instructions", as opposed to a data file that must be parsed by a program to be meaningful. The exact interpretation depends upon the use. "Instructions" is traditionally taken to mean machine code instructions for a physical CPU. In some contexts, a file containing bytecode or scripting instructions may also be considered executable.

In order to be executed by the system (such as an operating system, firmware, or boot loader), an executable file must conform to the system's application binary interface (ABI). In simple interfaces, a file is executed by loading it into memory and jumping to the start of the address space and executing from there. In more complicated interfaces, executable files have additional metadata specifying a separate entry point. For example, in ELF, the entry point is specified in the header's `e_entry` field, which specifies the (virtual) memory address at which to start execution.

PartXplore is a collaborative viewer for 2D and 3D CAD files. PartXplore enables the user to measure 3D parts and has analysis features allowing the user to determine undercut areas, plane surfaces, thickness, volumes, surfaces, weight and to perform dynamic cross-sectional visualization. Flat (2D) drawings are no longer necessary as it is possible to directly add dimensional and geometric measurements, annotations and labels to the 3D model. PartXplore also allowed the user to send 3D parts and assembly files to others via a standalone application which could be transmitted as an executable file.

GraalVM Native Image is an ahead-of-time compilation technology that produces executable binaries of class files. It is released as an early adopter plugin, which means it is production-ready but may include backport incompatible updates in the future releases. This functionality supports JVM-based languages, but can optionally execute dynamic languages, developed on top of GraalVM with Truffle framework. The executable file does not run on a JVM and uses necessary runtime components as thread scheduling or GC from “Substrate VM” - a trivial version of a virtual machine.

DeluxePaint II for MS-DOS (1989) Before the MS-Windows age, and with the lack of a true common GUI under MS-DOS, most graphical applications which worked with EGA, VGA and better graphic cards had proprietary built-in GUIs. One of the best known such graphical applications was Deluxe Paint, a popular painting software with a typical WIMP interface. The original Adobe Acrobat Reader executable file for MS-DOS was able to run on both the standard Windows 3.x GUI and the standard DOS command prompt.

China Chopper is a web shell which is approximately just 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface (an executable file) and the receiver host file on the compromised web server. China Chopper has many commands and control features such as a password brute-force attack option, code obfuscation, file and database management and a graphical user interface.

On the Xbox, the reason for this is that the Xbox executable file (XBE) contains a media-type flag, which specifies the type of media that the XBE is bootable from. On nearly all Xbox software, this is set such that the executable will only boot from factory produced discs so simply copying the executable to burnable media is enough to stop the execution of the software. However, since the executable is signed, simply changing the value of the flag is not possible as this alters the signature of the executable causing it to fail validation when checked.

Virut is a malware botnet that is known to be used for cybercrime activities such as DDoS attacks, spam (in collaboration with the Waledac botnet), fraud, data theft, and pay-per-install activities. It spreads through executable file infection (through infected USB sticks and other media), and more recently, through compromised HTML files (thus infecting vulnerable browsers visiting compromised websites). It has infected computers associated with at least 890,000 IP addresses in Poland. In 2012, Symantec estimated that the botnet had control of over 300,000 computers worldwide, primarily in Egypt, Pakistan and Southeast Asia (including India).

Such privilege sets are inherited from the parent as determined by the semantics of fork(). An executable file that performs a privileged function—thereby technically constituting a component of the TCB, and concomitantly termed a trusted program or trusted process—may also be marked with a set of privileges. This is a logical extension of the notions of set user ID and set group ID. The inheritance of file privileges by a process are determined by the semantics of the exec() family of system calls. The precise manner in which potential process privileges, actual process privileges, and file privileges interact can become complex.

The build process utilizes a macro assembler as well as a framework of automatic pre- and post-processing tools analyzing the temporary binaries to generate dependency and code morphing meta data to be embedded into the resulting executable file alongside the binary code and a self-discarding, relaxing and relocating loader to dynamically (re)combine, (over)load, modify, update or unload the runtime image (code and data) of the driver as requested. The complexity is hidden in a single self-contained file so that for a user the handling is the same as for a normal (semi-)monolithic driver/TSR.

In the C/C++ compilation model (formally "translation environment"), individual / source files are preprocessed into translation units, which are then translated (compiled) separately by the compiler into multiple object ( or ) files. These object files can then be linked together to create a single executable file or library. However, this leads to multiple passes being performed on common header files, and with C++, multiple template instantiations of the same templates in different translation units. The Single Compilation Unit technique uses pre-processor directives to "glue" different translation units together at compile time rather than at link time.

Because of the removal of real mode support, FAT32 going mainstream and the decreasing popularity of DriveSpace, DriveSpace in Windows ME had only limited support. DriveSpace no longer supported hard disk compression, but still supported reading and writing compressed removable media, although the only DriveSpace operation supported beside that was deleting and reallocating compressed drives. It is possible to restore full function of DriveSpace 3 (unofficially) in Windows ME, copying the executable file from a Windows 98 installation and using it to replace the executable included with Windows ME. After that, one could compress new drives as they could do on Windows 98.

Download and execute is a type of remote shellcode that downloads and executes some form of malware on the target system. This type of shellcode does not spawn a shell, but rather instructs the machine to download a certain executable file off the network, save it to disk and execute it. Nowadays, it is commonly used in drive-by download attacks, where a victim visits a malicious webpage that in turn attempts to run such a download and execute shellcode in order to install software on the victim's machine. A variation of this type of shellcode downloads and loads a library.

The usual way to tell an import library from a proper static library is by size: the import library is much smaller as it only contains symbols referring to the actual DLL, to be processed at link-time. Both nevertheless are Unix ar format files. Linking to dynamic libraries is usually handled by linking to an import library when building or linking to create an executable file. The created executable then contains an import address table (IAT) by which all DLL function calls are referenced (each referenced DLL function contains its own entry in the IAT).

A No-disc crack, No-CD crack or No-DVD crack is an executable file or a special "byte patcher" program which allows a user to circumvent certain Compact Disc and DVD copy protection schemes. They allow the user to run computer software without having to insert their required CD-ROM or DVD-ROM. This act is a form of software cracking. No-CD cracks specific to a variety of games and other software distributed on CD-ROM or DVD-ROM can be found on the Internet from various reverse engineering websites or file sharing networks.

Interpreters are the software used to play the works of interactive fiction created with a development system. Since they need to interact with the player, the "story files" created by development systems are programs in their own right. Rather than running directly on any one computer, they are programs run by Interpreters, or virtual machines, which are designed specially for IF. They may be part of the development system, or can be compiled together with the work of fiction as a standalone executable file. The Z-machine was designed by the founders of Infocom, in 1979.

The term document template used in the context of file format refers to a common feature of many software applications that define a unique non- executable file format intended specifically for that particular application. Template file formats are those whose file extension indicates that the file type is intended as a high starting point from which to create other files. Save As ... file dialog box These types of files are usually indicated on the Save As ... file dialog box of the application. For example, the word processing application Microsoft Word uses different file extensions for documents and templates: In Word 2003 the file extension `.

Others (like 7-Zip or RAR) can create self-extracting archives as regular executables in ELF format. An early example of a self-extracting archive was the Unix shar archive in which one or more text files were combined into a shell script that when executed recreated the original files. Self-extracting archives can be used to archive any number of data as well as executable files. They must be distinguished from executable compression, where the executable file contains a single executable only and running the file does not result in the uncompressed file being stored on disk, but in its code being executed in memory after decompression.

He demonstrated his team's tool in court, showing 19 ways in which it is normally possible to access the web browser from the Windows platform that his team's tool rendered inaccessible. Microsoft argued that Felten's changes did not truly remove Internet Explorer but only made its functionality inaccessible to the end user by removing icons, shortcuts and the iexplore.exe executable file, and making changes to the system registry. This led to a debate as to what exactly constitutes the "web browser," since much of the core functionality of Internet Explorer is stored in a shared dynamic-link library, accessible to any program running under Windows.

Screenshot of the Syskey utility on the Windows XP operating system requesting for the user to enter a password The SAM Lock Tool, better known as Syskey (the name of its executable file) is a discontinued component of Windows NT that encrypts the Security Account Manager (SAM) database using a 128-bit RC4 encryption key. First introduced in the Q143475 hotfix which was included in Windows NT 4.0 SP3, it was removed in Windows 10 1709, due to its use of cryptography considered insecure by modern standards, and its use as part of scams as a form of ransomware. Microsoft officially recommended use of BitLocker disk encryption as an alternative.

The development of versions for DOS (MS-DOS and PC DOS 5.0 and higher), Apple Macintosh and 16-bit Windows (Windows 3.1 and higher) stopped in or before 2000. The latest released versions for DOS (3.50, released in or around June 1999)23 June 1999 is the date of the main executable file within the zip archive. and 16-bit Windows (3.12b, released on 24 November 1999) are available for download. (Version 3.12c for 16-bit Windows was in beta-testing during 2000 but has not been released.) The Mac version (2.21 from 1997) can be found on some ftp servers that in the past offered an official Pegasus mirror service.

An executable file might consist only of resources (including code segments) with an empty data fork, while a data file might have only a data fork with no resource fork. A word processor file could contain its text in the data fork and styling information in the resource fork, so that an application which doesn't recognize the styling information can still read the raw text. On the other hand, these forks would provide a challenge to interoperability with other operating systems. In copying or transferring a Mac OS file to a non-Mac system, the default implementations would simply strip the file of its resource fork.

Each Mach-O file is made up of one Mach-O header, followed by a series of load commands, followed by one or more segments, each of which contains between 0 and 255 sections. Mach-O uses the REL relocation format to handle references to symbols. When looking up symbols Mach-O uses a two-level namespace that encodes each symbol into an 'object/symbol name' pair that is then linearly searched for, first by the object and then the symbol name. The basic structure—a list of variable-length "load commands" that reference pages of data elsewhere in the file—was also used in the executable file format for Accent.

Flames of Vengeance and The Dragon Knight Saga were released in Germany in August 2010, and in all other language versions in November 2010. There was no retail United States release of The Dragon Knight Saga until it was released on the Xbox 360 on April 12, 2011, along with a soundtrack CD and an art book. For the tenth anniversary of the Divinity series and the release of the Divinity Anthology, Larian made another update to the game, calling the final version Divinity II: Developer's Cut, which included design documents, concept art, and the ability to access the developer's console in-game through a second executable file.

This was an adaptation of Concurrent CP/M-86 for the LSI-M4, LSI Octopus and CAL PC computers. These machines had both 16-bit and 8-bit processors, because in the early days of 16-bit personal computing, 8-bit software was more available and often ran faster than the corresponding 16-bit software. Concurrent CP/M-86/80 allowed users to run both CP/M (8-bit) and CP/M-86 (16-bit) applications. When a command was entered, the operating system ran the corresponding application on either the 8-bit or the 16-bit processor, depending on whether the executable file had a .

In addition to full Windows-packages, there were runtime-only versions that shipped with early Windows software from third parties and made it possible to run their Windows software on MS-DOS and without the full Windows feature set. The early versions of Windows are often thought of as graphical shells, mostly because they ran on top of MS-DOS and use it for file system services. However, even the earliest Windows versions already assumed many typical operating system functions; notably, having their own executable file format and providing their own device drivers (timer, graphics, printer, mouse, keyboard and sound). Unlike MS-DOS, Windows allowed users to execute multiple graphical applications at the same time, through cooperative multitasking.

There are several categories demos are informally classified into, the most important being the division between freeform demos and size-restricted intros, a difference visible in the competitions of nearly any demo party. The most typical competition categories for intros are the 64K intro and the 4K intro, where the size of the executable file is restricted to 65536 and 4096 bytes, respectively. In other competitions the choice of platform is restricted; only 8-bit computers like the Atari 800 or Commodore 64, or the 16-bit Amiga or Atari ST. Such restrictions provide a challenge for coders, musicians and graphics artists, to make a device do more than was intended in its original design.

DOS/4GW 1.95 was a free limited edition of DOS/4G and was included with the Watcom C compiler with a commercial re-distribution license. It was made widely popular by computer games like Doom. Initial versions of DOS/4G had trouble with secondary DMA channels on the ISA bus, which prevented 16-bit devices like Gravis Ultrasound series from normally functioning; Gravis even had to develop PREPGAME, a patch utility which updated the game executable with a new version 1.97 to fix the incompatibility. In case of problems, DOS/4G or DOS/4GW can be replaced with the newer and free DOS/32; a patch utility can even replace DOS/4G code embedded inside a compiled executable file.

A GPL linking exception modifies the GNU General Public License (GPL) in a way that enables software projects which provide library code to be "linked to" the programs that use them, without applying the full terms of the GPL to the using program. Linking is the technical process of connecting code in a library to the using code, to produce a single executable file. It is performed either at compile time or run-time in order to produce functional machine-readable code. There is a public perception, so far unsupported by any legal precedent or citation, that without applying the linking exception, a program linked to GPL library code may only be distributed under a GPL- compatible license.

In computing, the System Object Model (SOM) is a proprietary executable file format developed by Hewlett-Packard for its HP-UX and MPE/ix operating systems. In particular, SOM is the native format used for 32-bit application executables, object code, and shared libraries running under the PA-RISC family of processors. With the introduction of 64-bit processors, Hewlett Packard adopted the Executable and Linkable Format (ELF) format to represent the wider 64-bit program code, while still using SOM for applications running in 32-bit mode. Later, with the introduction of the Itanium processor family, HP-UX has abandoned the SOM format in favor of ELF for both 32-bit and 64-bit application code.

An interpreter directive is a computer language construct, that on some systems is better described as an aspect of the system's executable file format, that is used to control which interpreter parses and interprets the instructions in a computer program. In Unix, Linux and other Unix-like operating systems, the first two bytes in a file can be the characters "#!", which constitute a magic number (hexadecimal 23 and 21, the ASCII values of "#" and "!") often referred to as shebang, prefix the first line in a script, with the remainder of the line being a command usually limited to a max of 14 (when introduced) up to usually about 80 characters in 2016.

There are many different object file formats; originally each type of computer had its own unique format, but with the advent of Unix and other portable operating systems, some formats, such as COFF and ELF, have been defined and used on different kinds of systems. It is possible for the same file format to be used both as linker input and output, and thus as the library and executable file format. Some formats can contain machine code for different processors, with the correct one chosen by the operating system when the program is loaded. Some systems make a distinction between files which are directly executable and files which require processing by the linker.

Although the first version of STOS to be released in the UK (version 2.3) was released in late 1988 by Mandarin Software, a version had been released earlier in France. Version 2.3 was bundled with three complete games (Orbit, Zoltar and Bullet Train), and many accessories and utilities (such as sprite and music editors). Initially implemented as a BASIC interpreter, a compiler was soon released that enabled the user to compile the STOS Basic program into an executable file that ran a lot faster because it was compiled rather than interpreted. In order to be compatible with the compiler, STOS needed to be upgraded to version 2.4 (which came with the compiler).

The software is used to create photo slideshows in executable files for PC and Mac, HD video, on DVD and for exporting on YouTube and Facebook. The program allows the ordinary user and the professional photographer to create different kinds of slideshows with the option for various transition effects, including 3D effects, comments, backgrounds and sounds. Individual slides can also be customized with animation such as the Ken Burns effect, and the show itself can be synchronized to background music or simply transition randomly from slide to slide. Creating the slideshow as a self-running executable file allows for the opportunity to password-protect the file, as well as to install security measures such as setting an expiration date or to block the print screen button.

Perhaps the most common use for a memory-mapped file is the process loader in most modern operating systems (including Microsoft Windows and Unix-like systems.) When a process is started, the operating system uses a memory mapped file to bring the executable file, along with any loadable modules, into memory for execution. Most memory-mapping systems use a technique called demand paging, where the file is loaded into physical memory in subsets (one page each), and only when that page is actually referenced."Demand Paging" In the specific case of executable files, this permits the OS to selectively load only those portions of a process image that actually need to execute. Another common use for memory-mapped files is to share memory between multiple processes.

The GNU logo The GNAT Modified General Public License (short: Modified GPL, GMGPL) is a version of the GNU General Public License specifically modified for compiled units and for the generic feature found in the Ada programming language. The modification is as follows: :As a special exception, if other files instantiate generics from this unit, or you link this unit with other files to produce an executable, this unit does not by itself cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU Public License. The GNAT Ada compiler can automate conformance checks for some GPL software license issues via a compiler directive.

In the case of operating systems that support virtual memory, the loader may not actually copy the contents of executable files into memory, but rather may simply declare to the virtual memory subsystem that there is a mapping between a region of memory allocated to contain the running program's code and the contents of the associated executable file. (See memory-mapped file.) The virtual memory subsystem is then made aware that pages with that region of memory need to be filled on demand if and when program execution actually hits those areas of unfilled memory. This may mean parts of a program's code are not actually copied into memory until they are actually used, and unused code may never be loaded into memory at all.

The filesystem had a similar set of properties to the native BeOS file system BFS, but some of the more advanced features (live queries and attributes) were either broken or non-functional in many of the Beta releases of the software. The BeOS uses ELF format executable files, much as many other operating systems. BeIA uses an extended version of ELF, the name of which is unknown but which has come to be known as CELF, from the CEL magic word within the executable header and the fact that it is derived from ELF format executables through a compression process. The CELF (Compressed ELF) files use a patented technique to compress the op codes within the executable and reduce the overall footprint of each executable file.

The shebang is actually a human-readable instance of a magic number in the executable file, the magic byte string being ', the two-character encoding in ASCII of . This magic number is detected by the "exec" family of functions, which determine whether a file is a script or an executable binary. The presence of the shebang will result in the execution of the specified executable, usually an interpreter for the script's language. It has been claimed that some old versions of Unix expect the normal shebang to be followed by a space and a slash ('), but this appears to be untrue; rather, blanks after the shebang have traditionally been allowed, and sometimes documented with a space (see the 1980 email in history section below).

When the `setuid` or `setgid` attributes are set on an executable file, then any users able to execute the file will automatically execute the file with the privileges of the file's owner (commonly root) and/or the file's group, depending upon the flags set. This allows the system designer to permit trusted programs to be run which a user would otherwise not be allowed to execute. These may not always be obvious. For example, the ping command may need access to networking privileges that a normal user cannot access; therefore it may be given the setuid flag to ensure that a user who needs to ping another system can do so, even if their own account does not have the required privilege for sending packets.

Some of the id Software staff have revealed that they were impressed by some of the WADs; John Carmack later said the following about a Star Wars-themed modification: Another particularly notable early modification is Aliens TC (see below in the conversions section), based on the movie Aliens. Even though WADs modified Doom by replacing graphics and audio, the amount of customization was somewhat limited; much of the game's behavior, including the timing and strength of weapons and enemies, was hard-coded in the Doom executable file and impossible to alter in WADs. DeHackEd, a Doom editing program created by Greg Lewis, addressed this by letting users modify parameters inside of the Doom executable itself, allowing for a greater degree of customization.

A translator using static binary translation aims to convert all of the code of an executable file into code that runs on the target architecture without having to run the code first, as is done in dynamic binary translation. This is very difficult to do correctly, since not all the code can be discovered by the translator. For example, some parts of the executable may be reachable only through indirect branches, whose value is known only at run-time. One such static binary translator uses universal superoptimizer peephole technology (developed by Sorav Bansal, and Alex Aiken from Stanford University) to perform efficient translation between possibly many source and target pairs, with considerably low development costs and high performance of the target binary.

Functioning as a highly flexible and reusable memory extension library, DOS/4G allowed programmers to access extended memory without programming specialized code. It embeds itself in the executable file at linking time and executes before main application code, so usually DOS/4G initialization messages show up at launch. It can in principle operate within MS-DOS, PC DOS, DR-DOS and other DOS clones, the DOS boxes of OS/2, Microsoft Windows, Windows NT and Windows 95, and DOS emulators such as DOSBox. However, in practice few DOS/4G games or other applications will run on non DOS based versions of Windows, including Windows NT, Windows 2000, Windows XP since none of these allow direct access to the hardware as was used for rendering video in those days.

The group has released cracks for Denuvo Anti-Tamper protected games, Yesterday Origins and Deus Ex: Mankind Divided - A Criminal Past. It is believed the former had a bad implementation of Denuvo which made it easier to reverse engineer, mostly due to a lack of support from Denuvo for protecting games written in C# and specifically games using the Unity game engine, with this lack of support having been previously demonstrated by an anonymous independent cracker having developed a crack for Syberia 3, which also used Unity. The crack for the latter was actually determined to be a modified executable file from the game Deus Ex: Breach, a free game which did not incorporate Denuvo's software, released by the same developers and utilizing the same engine, which had been modified slightly to load the assets from Deus Ex: Mankind Divided. A plurality of SKIDROW's current releases are cracked versions of games that make use of Steam licensing.

For example, it can run a Macintosh application which calls Unix system functions, or a Unix application which calls Macintosh Toolbox functions (such as QuickDraw), or a HyperCard stack graphical frontend for a command-line Unix application. A/UX's compatibility layer uses some existing Toolbox functions in the computer’s ROM, while other function calls are translated into native Unix system calls; and it cooperatively multitasks all Macintosh apps in a single address space by using a token-passing system for their access to the Toolbox. A/UX includes a utility called `Commando` (similar to a tool of the same name included with Macintosh Programmer's Workshop) to assist users with entering Unix commands. Opening a Unix executable file from the Finder opens a dialog box that allows the user to choose command-line options for the program using standard controls such as radio buttons and check boxes, and display the resulting command line argument for the user before executing the command or program.

When the Executable Space Protections are enabled, including the mprotect() restrictions, PaX guarantees that no memory mappings will be marked in any way in which they may be executed as program code after it has been possible to alter them from their original state. The effect of this is that it becomes impossible to execute memory during and after it has been possible to write to it, until that memory is destroyed; and thus, that code cannot be injected into the application, malicious or otherwise, from an internal or external source. The fact that programs cannot themselves execute data they originated as program code poses an impassable problem for applications that need to generate code at runtime as a basic function, such as just-in-time compilers for Java; however, most programs that have difficulty functioning properly under these restrictions can be debugged by the programmer and fixed so that they do not rely on this functionality. For those that simply need this functionality, or those that haven't yet been fixed, the program's executable file can be marked by the system administrator so that it does not have these restrictions applied to it.