EXE
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (→Resources) |
Dan Tobias (Talk | contribs) (→Resources) |
||
| Line 15: | Line 15: | ||
* [http://www.textfiles.com/programming/FORMATS/lxexe.txt Another copy of above file (not stuck in an iframe)] | * [http://www.textfiles.com/programming/FORMATS/lxexe.txt Another copy of above file (not stuck in an iframe)] | ||
* [http://www.textfiles.com/programming/FORMATS/exefs.pro DOS EXE format] | * [http://www.textfiles.com/programming/FORMATS/exefs.pro DOS EXE format] | ||
| + | * [http://www.forensicswiki.org/wiki/Portable_Executable_Format Forensics Wiki: Portable Executable Format] | ||
Revision as of 03:18, 22 October 2013
Overview
The EXE executable format has its root in MS-DOS and is still widely used today. The first versions were pure 16 bit DOS executables, identified by either "MZ" or "ZM" as the first two bytes. Later on, lots of additional formats were added, like Windows' NE (New Executable) extension, OS/2's LE and LX (Linear Executable), and later Win32's PE executable (a variant of COFF), as well as some DOS extenders adding overlays, resources and other information into it.
Resources
- Ralf Brown's Interrupt List, INT 21h, Function 4Bh, describes lots of the "older" style EXE formats
- Microsoft has a document on the PE specification
- article on the PE format as used by Windows NT 3 by Johannes Plachy
- Linear Executable (LX) file format here (mirror here and here)
- Another copy of above file (not stuck in an iframe)
- DOS EXE format
- Forensics Wiki: Portable Executable Format
