What does the "MZ" listed at the beginning of executable code mean?

Asked

Viewed 327 times

7

In the good times of MS-DOS I executed the command type <nome-do-arquivo> in archives .EXE and a lot of ASCII (binary code code code code) characters started by the acronym MZ.

I always wondered what that was MZ, but I never had the curiosity to go after it. Maybe Sopt kills my curiosity.

To make the answer complete, I would like an explanation of what the initial instructions of the archive do .EXE. The MZ has any use? Are the following characters responsible for what type of startup (read: there is a header)? Or no boot occurs, only the program is moved to memory and put to run from its first instruction?

windows .exe ms-of
  • 4

    Long way to answer all this, you would have to study Microsoft’s PE format. About MZ, it’s the initials of Mark Zbikowski, a developer of MS-DOS, and he’s only on EXE as a 16-bit subsystem compatibility indicator (if you try to run a modern executable on MS-DOS you will receive the message that the application cannot be run on DOS, and this warning is the only "functionality" of the "DOS part" of the executable) - MZ differentiates . exe do . com on 16 bit systems.

1 answer

8


It is an executable signature. It is a simple and naive way to check if the executable is in a given format. If everything is right works, but it can be something forged or coincident, it is unlikely, but it can happen, and of course it has other validations, but this is the first that is made, if you do not find it already know that this format is not.

According to the Wikipedia is short for Mark Zbikowski, the guy he created participated in the creation.

The bytes you see below are more significant and begin to inform the composition of this specific executable. In this type of format there is a very complex treatment to initialize and prepare the memory, only a very old format that can go straight to the memory without specific treatment.

The case of being an MZ, ie an old DOS executable has little specific information following, other formats (PE) are much richer.

The newer executables still contain the "MZ" for compatibility reasons so there is no error if you call a modern executable in an old system, it will give a more specific error that the executable itself provides. This is interesting because older systems do not understand new formats and would give a generic error.

  • One listing of how it can be composed.
  • The Osdev has a well simplified form.
  • And there’s a Wikibook with a slightly larger summary of how is the format of the modern PE that I find more interesting.
  • Microsoft documentation.
  • And a code if you want to write an executable in hand.

Anyway it seems quite broad try to describe everything here.

See the diagram of Wikipedia:

Diagrama do formato do PE

Browser other questions tagged windows .exe ms-of

You are not signed in. Login or sign up in order to post.