tags:

views:

1227

answers:

6
Q: 

What is the MZ signature in a PE file for?

I'm working on a program that will parse a PE object for various pieces of information.

Reading the specifications though, I cannot find out why the MZ bytes are there, as I cannot find this on the list of machine types that these 2 bytes are supposed to represent.

Can anyone clarify?

A: 

It's the "magic number" of dos executable. Legacy stuff you can ignore.

Dos executable

abababa22  2009-06-05 17:20:53
+2  A: 

As I see it, by reading the wikipedia article and Iczelion's PE Tutorial, it is there just to keep up compatibility and enable dos or HX DOS Extender to execute certain code next to the MZ header.

From devsource one can find more information like MZ stands for Mark Zbikowski, one of MS-DOS's developers. And how the operating system behaves and handles the data from the MZ header.

Daniel Persson  2009-06-05 17:22:46
A: 

Check out this

Nick D  2009-06-05 17:23:06
+2  A: 

Thety are the initials of a Microsoft programmer and identify the file as a DOS executable see http://en.wikipedia.org/wiki/DOS_executable for a bit more info.

anon  2009-06-05 17:23:20
+4  A: 

The MZ signature is a signature used by the MS-DOS relocatable 16-bit EXE format.

The reason a PE binary contains an MZ header is for backwards compatibility. If the executable is run on a DOS-based system it will run the MZ version (which is nearly always just stub that says you need to run the program on a Win32 system).

Of course this is not as useful nowadays as it was back when the world was transitioning from DOS to whatever would come after it.

Back then there were a few programs that would actually bind together a DOS version and a Win32 version in a single binary.

And as with most things dealing with Windows history, Raymond Chen has some interesting articles about this subject:

Michael Burr  2009-06-05 17:34:31
For some historic info on the origins of the MZ header (initials of Mark Zbikowski, an MS-DOS developer), you may want to check out wikipedia: http://en.wikipedia.org/wiki/DOS_executable
none  2009-06-05 20:59:01
A: 

Mark Zbikowski put his initials into the original MS-DOS exe format. This signature was necessary to distinguish .EXE files from the much simpler .COM format on DOS.

Every PE file also contains a 16-bit DOS program and thus starts with this .EXE header. This DOS program would typically print out "This program requires Microsoft Windows" or similar. I don't know if modern compilers still produce the DOS stub, but the PE standard still says a PE starts with a 16-bit EXE header.

Michael  2009-06-05 17:41:28
If it doesn't have a dos stub, it's not a valid PE/COFF as there's a field in the DOS header that tells where the PE header starts.
Rob K  2009-06-05 18:52:03

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS