Having trouble figuring out what a dos exe file is? You’re not alone. Many of us still have trouble figuring out what this file is, and we’d love to know what makes it so special. Here’s some information you can use to decipher dos exe files. First, what is the MZ header? It contains a regular DOS-Mz application that’s written in assembly. You can extract the code from this header by removing the PE only content.
In DOS, a program’s executable file’s header contains information about the file’s code and data. It is generally stored in memory before the program’s load module. It’s typically 256 bytes in size, but may be absent on some systems. Also, the first 1CH bytes are known as the “formatted header.” This area contains optional information, such as the relocation pointer table. The rest of the file contains data, code, and symbols.
A DOS exe has a special label in its header that serves as its entry point. This label tells the program loader where to begin executing when the program is loaded into memory. After the program’s main program loads the DS, it calls the DOS print-string function. Finally, it terminates the program by using a DOS system call. However, dos exe files may still be corrupted, as they contain information that may not be required.
In Windows 8.1, you can also run command-line programs with the DOS prompt. However, most vintage EXE files are incompatible with Windows, and a DOS emulator recreates the environment of early x86 computers. In DOS, you can enter the same commands as in Windows command prompt, but you must mount a Windows directory to access files. For more information, read Chapter 3 on using fixed disks to run programs.
Besides the name, this format also refers to the file’s size. In DOS/Windows, a DOS exe file should have an MZ header. This is because the first two characters in the EXE header are MZ, which stands for Mark Zbikowski. The next two bytes are the size of the executable file. When you inspect the file in a hex editor, you’ll notice the MZ header, which is another DOS exe format.
Moreover, there’s a limit to how much a DOS exe file can contain. If the exe file is written in the MZ format, the size limit is 256 bytes. Using the PECOFF format, the size limit is much higher. When MS-DOS loads the executable, the size limit will be bigger, which means it will take up more memory. And if you have a PECOFF format exe file, the size limit is higher than that.
Besides the file extension, DOS exe files also contain relocation parameters. Unlike other files, a DOS exe file has no fixed starting point. It simply follows the program it has been created with. This means that it’s easy to find and locate a file that matches your requirements. If you’re unable to figure out how to decipher a DOS exe file, you can use the COM extension as a guide.
DOS e_magic variable
The first member of a DOS header is the e_magic variable. It occupies two bytes and has a fixed value of 0x5A4D. The e_lfanew value, meanwhile, occupies two bytes and holds an offset to the start of the NT header. The e_lfanew value is important for the PE loader on Windows. These two fields contain information about a DOS executable, which are essential to its execution.
The most common type of virus that infects a DOS exe file is called a ‘DOS stub’. Unlike the DOS stub program, this’stub’ virus relies on standard MS-DOS services to run. To execute a DOS program, you must run it from a Windows environment. Otherwise, it will infect all EXE files in your current directory.
Windows new executable (PE)
The Windows new executable, the PE file format is an extension of the MSDOS EXE BFF and is used by Microsoft Windows operating system. Unlike the BFF format, NE contains extra information to enable Windows applications and dynamic-link libraries to run on Windows systems. The old MSDOS header is included in the new NE structure. The NE format is similar to a Stub message. A DOS executable is also a binary file.
The SHGFI_ICON function
Another function in a DOS exe is called SHGFI_ICON. It retrieves a small icon from the system image list. To do so, it needs to set the SHGFI_SYSICONINDEX flag. This flag copies the index of the system image list icon to the iIcon member of psfi. The iIcon member of psfi is accessed only if the icon is valid. If it is not, it causes undefined behavior.