Geek Answers Handbook

What is the MZ signature in a PE file?

I am working on a program that will analyze the PE object for various pieces of information.

Reading the specifications, however, I cannot understand why the MZ bytes are, as I cannot find it in the list of machine types that these 2 bytes should represent.

Can anyone clarify?

+6
c ++ header portable-executable
source share
6 answers

The MZ signature is the signature used by the MS-DOS 16-bit EXE format.

The reason the PE binary contains the MZ header provides backward compatibility. If the executable file is launched on the basis of the DOS system, it will launch the MZ version (which almost always remains a stub, which says that you need to run the program on a Win32 system).

Of course, this is not as useful today as it was at the moment when the world was moving from DOS to everything that comes after it.

At that time, there were several programs that would actually link the DOS version and the Win32 version in one binary file.

And as in most cases related to the history of Windows, Raymond Chen has interesting articles on this subject:

+12
source share

Thety are the initials of a Microsoft programmer and identify the file as a DOS executable, see http://en.wikipedia.org/wiki/DOS_executable for more information.

+5
source share

As I can see, after reading the wikipedia article and the Iczelion PE Tutorial , you just need to maintain compatibility and allow dos or HX DOS Extender to execute certain code next to the MZ header.

You can find additional information from devsource , for example, MZ stands for Mark Zbikovsky, one of the developers of MS-DOS. And how the operating system works and processes the data from the MZ header.

+2
source share

In the early days of Microsoft® Windows, Windows ™ 1.x, 2.x and 3.xx OSs not only existed on the same volumes as Microsoft® DOS, but also worked on top of MS-DOS OS. It was not only possible, but and it is very likely that the user may try to run some of the Windows® programs under DOS. Therefore, Microsoft® programmers made sure that all Windows® programs will have a simple 16-bit DOS program located at the front of each Windows executable, which will alert the user if they try to run the Windows® program under DOS. This is all the DOS "Stub" program. resource: http://thestarman.pcministry.com/asm/debug/DOSstub.htm

+2
source share

Mark Zbikowski put his initials in the original MS-DOS exe format. This signature was necessary to distinguish .EXE files from the much simpler .COM format in DOS.

Each PE file also contains a 16-bit DOS program and thus begins with this .EXE header. This DOS program usually prints "This program requires Microsoft Windows" or similar. I don’t know if modern compilers continue to create a DOS stub, but the PE standard still says that PE starts with a 16-bit EXE header.

+1
source share

This is the magic number of the dos executable. A legacy that you can ignore.

Dos executable

0
source share

More articles:


All Articles