WSL procedure for executing native windows executables.

log.strace

...
...
execve("/mnt/c/Windows/explorer.exe", ["./test"], NULL) = 0
arch_prctl(ARCH_SET_FS, 0x29c800)       = 0
set_tid_address(0x29c838)               = 1514
brk(NULL)                               = 0x218f000
brk(0x2190000)                          = 0x2190000
sched_getaffinity(0, 128, [0, 1, 2, 3]) = 32
getpid()                                = 1514
getcwd("/home/david/wsl_testing/execve_PE", 4096) = 34
uname({sysname="Linux", nodename="DAVID", ...}) = 0
getcwd("/home/david/wsl_testing/execve_PE", 4096) = 34
open("/mnt/c/Windows/explorer.exe", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_PATH) = 3
readlink("/proc/self/fd/3", "/mnt/c/Windows/explorer.exe", 4095) = 27
fstat(3, {st_mode=S_IFREG|0555, st_size=4708328, ...}) = 0
stat("/mnt/c/Windows/explorer.exe", {st_mode=S_IFREG|0555, st_size=4708328, ...}) = 0
close(3)                                = 0
open("/proc/self/mountinfo", O_RDONLY)  = 3
readv(3, [{iov_base="", iov_len=0}, {iov_base="33 24 8:16 / / rw,relatime - ext"..., iov_len=1024}], 2) = 1024
readv(3, [{iov_base="", iov_len=0}, {iov_base="=755\n46 45 0:28 / /sys/fs/cgroup"..., iov_len=1024}], 2) = 1024
readv(3, [{iov_base="", iov_len=0}, {iov_base="oup cgroup rw,net_prio\n57 45 0:3"..., iov_len=1024}], 2) = 622
readv(3, [{iov_base="", iov_len=0}, {iov_base="", iov_len=1024}], 2) = 0
close(3)                                = 0
getcwd("/home/david/wsl_testing/execve_PE", 4096) = 34
open("/proc/self/mountinfo", O_RDONLY)  = 3
readv(3, [{iov_base="", iov_len=0}, {iov_base="33 24 8:16 / / rw,relatime - ext"..., iov_len=1024}], 2) = 1024
readv(3, [{iov_base="", iov_len=0}, {iov_base="=755\n46 45 0:28 / /sys/fs/cgroup"..., iov_len=1024}], 2) = 1024
readv(3, [{iov_base="", iov_len=0}, {iov_base="oup cgroup rw,net_prio\n57 45 0:3"..., iov_len=1024}], 2) = 622
readv(3, [{iov_base="", iov_len=0}, {iov_base="", iov_len=1024}], 2) = 0
close(3)                                = 0
getppid()                               = 1511
access("/run/WSL/1511_interop", F_OK)   = -1 ENOENT (No such file or directory)
open("/proc/1511/stat", O_RDONLY)       = 3
readv(3, [{iov_base="", iov_len=0}, {iov_base="1511 (strace) S 387 1511 387 348"..., iov_len=1024}], 2) = 320
close(3)                                = 0
access("/run/WSL/387_interop", F_OK)    = -1 ENOENT (No such file or directory)
open("/proc/387/stat", O_RDONLY)        = 3
readv(3, [{iov_base="", iov_len=0}, {iov_base="387 (zsh) S 386 387 387 34816 15"..., iov_len=1024}], 2) = 340
close(3)                                = 0
access("/run/WSL/386_interop", F_OK)    = 0
socket(AF_UNIX, SOCK_SEQPACKET, 0)      = 3
connect(3, {sa_family=AF_UNIX, sun_path="/run/WSL/386_interop"}, 110) = 0
write(3, "\22\0\0\0\10\0\0\0", 8)       = 8
read(3, "Ubuntu-20.04", 256)            = 12
close(3)                                = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, TIOCGPGRP, [1511])             = 0
getpgid(0)                              = 1511
fstat(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
ioctl(0, TIOCGWINSZ, {ws_row=63, ws_col=274, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 -opost -isig -icanon -echo ...}) = 0
dup(0)                                  = 3
socket(AF_VSOCK, SOCK_STREAM|SOCK_CLOEXEC, 0) = 4
bind(4, {sa_family=AF_VSOCK, sa_data="\0\0\377\377\377\377\377\377\377\377\0\0\0\0"}, 16) = 0
getsockname(4, {sa_family=AF_VSOCK, sa_data="\0\08\303^G\377\377\377\377\0\0\0\0"}, [16]) = 0
listen(4, 4)                            = 0
socket(AF_UNIX, SOCK_SEQPACKET, 0)      = 5
connect(5, {sa_family=AF_UNIX, sun_path="/run/WSL/386_interop"}, 110) = 0
write(5, "\6\0\0\0\273\0\0\08\303^G\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 187) = 187
accept4(4, {sa_family=AF_VSOCK, sa_data="\0\0#\205gY\2\0\0\0\0\0\0\0"}, [16], SOCK_CLOEXEC) = 6
accept4(4, {sa_family=AF_VSOCK, sa_data="\0\0$\205gY\2\0\0\0\0\0\0\0"}, [16], SOCK_CLOEXEC) = 7
accept4(4, {sa_family=AF_VSOCK, sa_data="\0\0%\205gY\2\0\0\0\0\0\0\0"}, [16], SOCK_CLOEXEC) = 8
accept4(4, {sa_family=AF_VSOCK, sa_data="\0\0&\205gY\2\0\0\0\0\0\0\0"}, [16], SOCK_CLOEXEC) = 9
close(4)                                = 0
rt_sigprocmask(SIG_BLOCK, [INT WINCH], NULL, 8) = 0
signalfd4(-1, [INT WINCH], 8, 0)        = 4
poll([{fd=0, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=4, events=POLLIN}], 5, -1) = 1 ([{fd=9, revents=POLLIN}])
recvfrom(9, "\t\0\0\0 \0\0\0", 8, MSG_WAITALL, NULL, NULL) = 8
brk(0x2192000)                          = 0x2192000
recvfrom(9, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0", 24, 0, NULL, NULL) = 24
ioctl(3, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
close(3)                                = 0
poll([{fd=0, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=4, events=POLLIN}], 5, -1) = 2 ([{fd=8, revents=POLLIN}, {fd=9, revents=POLLIN}])
poll([{fd=8, events=POLLIN}], 1, -1)    = 1 ([{fd=8, revents=POLLIN}])
read(8, "", 4096)                       = 0
recvfrom(9, "\7\0\0\0\f\0\0\0", 8, MSG_WAITALL, NULL, NULL) = 8
recvfrom(9, "\1\0\0\0", 4, 0, NULL, NULL) = 4
poll([{fd=0, events=POLLIN}, {fd=7, events=POLLIN}, {fd=-1}, {fd=9, events=POLLIN}, {fd=4, events=POLLIN}], 5, 0) = 2 ([{fd=7, revents=POLLIN}, {fd=9, revents=POLLIN}])
poll([{fd=7, events=POLLIN}], 1, -1)    = 1 ([{fd=7, revents=POLLIN}])
read(7, "", 4096)                       = 0
recvfrom(9, "", 8, MSG_WAITALL, NULL, NULL) = 0
poll([{fd=0, events=POLLIN}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=4, events=POLLIN}], 5, 0) = 0 (Timeout)
close(5)                                = 0
close(4)                                = 0
close(6)                                = 0
close(7)                                = 0
close(8)                                = 0
close(9)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

#include <unistd.h>

int main(int argc, char** argv)
{
    char* new_argv[] = {argv[0], NULL};

    execve("/mnt/c/Windows/explorer.exe", new_argv, NULL);
}

Running in gdb, it seems like execution is delegated to /tools/init after execve on a PE file. This executable does not seem to actually exist on the filesystem. You can dump it with cat /proc/<pid>/exe > tools_init if you freeze the process with gdb or similar. EDIT: it's just /init.