: As this is an exe file, a windows based disassembler may be the best way to
: work on it. If you would rather work on it under Linux, try ndisasm which
: comes as part of the NASM package. It is a very powerful disassembler, but
: some knowledge of the format of the file you are trying to disassemble. I
: am not sure what the format of a .exe file is. Any pointers anyone?
:
The format of setup1.exe for the toshiba 1200 is an MZ header DOS executable.
This is the original DOS format for .exe files, the other being .com files, raw
binary images. Any DOS disassembler will work for MZ header files. The
16 bit windows file format is known as NE (new executable). This format
uses a real-mode MZ header with a special value at offset 18h to indicate the
location of the new header. Meanwhile, the windows 32 bit exe file is known as
PE format, which is a modified COFF file.
Following is the format of an MZ header .exe file:
MZ EXE Format
Intel byte order
The old EXE files are the EXE files executed directly by MS-DOS. They were a
major improvement over the old 64K COM files, since EXE files can span multiple
segments. An EXE file consists of three different parts, the header, the
relocation table and the binary code.
The header is expanded by a lot of programs to store their copyright information
in the executable, some extensions are documented below.
The format of the header is as follows :
OFFSET Count TYPE Description
0000h 2 char ID='MZ'
ID='ZM'
0002h 1 word Number of bytes in last 512-byte page
of executable
0004h 1 word Total number of 512-byte pages in executable
(including the last page)
0006h 1 word Number of relocation entries
0008h 1 word Header size in paragraphs
000Ah 1 word Minimum paragraphs of memory allocated in
addition to the code size
000Ch 1 word Maximum number of paragraphs allocated in
addition to the code size
000Eh 1 word Initial SS relative to start of executable
0010h 1 word Initial SP
0012h 1 word Checksum (or 0) of executable
0014h 1 dword CS:IP relative to start of executable
(entry point)
0018h 1 word Offset of relocation table;
40h for new-(NE,LE,LX,W3,PE etc.) executable
001Ah 1 word Overlay number (0h = main program)
Greg
