EXE file structure



I'll try to explain how a structure file extension .EXE. EXE is a common file extension indicates an executable file (program) in the DOS, OpenVMS, Microsoft Windows, Symbian, and others. In addition to the executable program, many EXE files contain other components called resources, such as bitmaps and icons which the executable program to be able to use its graphical user interface.
There are several main executable file formats:

DOS
 
  • 16-bit DOS MZ executable: Dos can be identified by the letters "MZ" at the beginning of the file in ASCII.
  • 16-bit New Executable: Introduced with Multitasking MS-DOS 4.0, it can be identified by the "NE" in ASCII.This file is rarely used and can not be run by other versions of DOS, but can usually be run by Windows 16/32-bit

Windows

  • 32-bit Portable Executable: first introduced in Windows NT, this is the most complex and can be identified by a "PE" in ASCII, but usually not at the beginning, different from the DOS. It can be run by all versions of Windows and DOS. DOS using HX DOS Extender can load the NE and the PE.
  • 64-bit Portable Executable (PE32 +): Introduced by a 64-bit versions of Windows, this is a PE file with a wider field. In most cases, you can write code that works just fine as a file PE 32 and 64-bit. 
 
 The following are the Register when opening an EXE file:


 for the following picture is a structure that can be used to replace or represent the header of the EXE and aya use assumptions LSB 16-bit machine:

struct EXE {
  unsigned short signature; /* == 0x5a4D */
  unsigned short bytes_in_last_block;
  unsigned short blocks_in_file;
  unsigned short num_relocs;
  unsigned short header_paragraphs;
  unsigned short min_extra_paragraphs;
  unsigned short max_extra_paragraphs;
  unsigned short ss;
  unsigned short sp;
  unsigned short checksum;
  unsigned short ip;
  unsigned short cs;
  unsigned short reloc_table_offset;
  unsigned short overlay_number;
};

struct EXE_RELOC {
  unsigned short offset;
  unsigned short segment;
};

to be continue ^_^

Comments

Post a Comment

Popular posts from this blog

Filesystem Structure

Image
For this time I will explain about a system file structure there are some that I will explain , among others, are : FAT16 FAT32 NTFS EXT2 EXT3 starting from the first , which is FAT16   FAT16 we start from the first FAT . What is FAT ? FAT File System that is used in Windows Operating System . FAT 's name comes from the use of tables that focus on areas where information is empty or may not be used . To limit the size of the table , the disk space allocated to files in hardware sector groups are adjacent , so-called developing cluster. When disk drive , the maximum number of clusters also
Read more

Introduction Maltego

Image
What is maltego ? Maltego are tools for OSINT (Open Source Intelligence Gathering ) , so OSINT is a method of searching the information available to the public and then analyzed and used for certain purposes maltego also an open- source intelligence and forensics application . This allows for the mining and gathering information and presenting this information in a meaningful way .
Read more