p p ⥩ ⥪  ..

Appendix K: Segmented (New) .EXE File Header Format
Charles Petzold


Microsoft Windows p    䠩,  ᮤp  p
.EXE executable file  MS-DOS. pp, Windows 㦤  㪠
p ᥣ⮢ pp  ᥣ⮢   , pp
㭪権,  p ppᮢ pp (, pp,   p.). Windows
 ⠪ p dynamically linkable library modules ᮤp騥
p楤p, 㯭 p㣨 .   ᮮp Windows ᯮ
expanded .EXE header format 뢠 New Executable file header.  
ᯮ pp Windows, Windows library modules,  resource-only
䠩  Windows font resource files.


The Old Executable Header

New Executable file header 砥 騩 MS-DOS exe file header.
᪨ 砫 New Executable   MS-DOS .EXE header. 4 
 ᬥ饭 3CH 㪠뢠  New Executable header.

Offset Length (bytes) Contents

00H 2 ᨣp MZ
3CH 4 Offset of New Executable header from beginning of file

 ⮬ MS-DOS .EXE   p  non-Windows MS-DOS program p
p  .EXE file p  Windows program.  pp ᪠ 
pp p  MS-DOS command line. 設⢮ Windows programmers
ᯮ ⠭p pp, p   This program requires
Microsoft Windows.


The New Executable Header

砫 New Executable file header ᮤp   pᯮ  
p ⠡. (饭  New Executable header.)

Offset Length (bytes) Contents

00H 2 ᨣp NE
02H 2 LINK version number : LINK revision number
04H 2 ᬥ饭 entry table  New Executable header
06H 2  entry table
08H 4 32-bit checksum contents of file, using zero for these 4 bytes
0CH 2 Module flag word (see below)
0EH 2 Segment number of automatic data segment
(0 if neither SINGLEDATA nor MULTIPLEDATA flag is set in flag word)
10H 2 Initial size of local heap to be added to
automatic data segment (0 if there is no local heap)
12H 2 Initial size of stack to be added to
automatic data segment (0 for library modules)
14H 2 Initial value of instruction pointer (IP)
register on entry to program
16H 2 Initial segment number for setting code
segment (CS) register on entry to
program
18H 2 Initial value of stack pointer (SP)
register on entry to program (0 if stack
segment is automatic data segment; stack
should be set above static data area and
below local heap in automatic data
segment)
1AH 2 Segment number for setting stack segment
(SS) register on entry to program (0 for library modules)
1CH 2 Number of entries in segment table
1EH 2 Number of entries in module reference table
20H 2 Number of bytes in nonresident names table
22H 2 Offset of beginning of segment table
relative to beginning of New Executable header
24H 2 Offset of beginning of resource table
relative to beginning of New Executable header
26H 2 Offset of beginning of resident names
table relative to beginning of New Executable header
28H 2 Offset of beginning of module reference
table relative to beginning of New Executable header
2AH 2 Offset of beginning of imported names
table relative to beginning of New Executable header
2CH 4 Offset of nonresident names table
relative to beginning of file
30H 2 Number of movable entry points listed in entry table
32H 2 Alignment shift count (0 is equivalent to 9)
34H 12 Reserved for expansion

The module flag word at offset 0CH in the New Executable header is
defined as shown in Figure K-1.

Ŀ
FEDCBA9876543210

                          1 if SINGLEDATA (library module)
                            0 if NOAUTODATA (library module)
                         1 if MULTIPLEDATA (program module)
                        
                        1 if module runs in real mode
                       
                       1 if module runs in protected mode
  
  1 if module is nonconforming
  (valid stack is not maintained
 
 1 if library module
                                 0 if program module

Figure K-1. The module flag word.


The segment table

 ⠡ ᮤp 8-byte record   ᥣ   
pp  ⥪.  ᥣ  樨p   p.
pp, p  p 1.  p ᯮ  뫮  ᥣ
 p㣨 ᥪ権 New Executable file.

Offset Length (bytes) Contents

00H 2 Offset of segment relative to beginning of file after shifting value
left by alignment shift count
02H 2 Length of segment (0000H for segment of 65536 bytes)
04H 2 Segment flag word (see below)
06H 2 Minimum allocation size for segment; that is, amount of space Windows
reserves in memory for segment (0000H for min allocation size of 65536 bytes)


=========== The segment flag word ============================

Ŀ
FEDCBA9876543210

              1 if DATA
                        0 if CODE
                 
                 1 if segment data is ITERATED
                1 if segment is MOVABLE
                          0 if segment is FIXED
               
               1 if segment is PURE or SHAREABLE
                           0 if segment is IMPURE or NONSHAREABLE
              
              1 if segment is PRELOAD
                            0 if segment is LOADONCALL
             
             1 if code segment and EXECUTEONLY
                             0 if data segment and READONLY
            
            1 if segment has relocation information
           1 if segment has debugging information
         Reserved for protected mode
                                descriptor privilege level
    
    Priority level for discarding




============== The resource table =============================

Pp- ᥣ, ᮤp騥 ,   室騥   ᥣ
 pp.  ᯮ  p menu, dialog-box templates,
icons, cursors,  ⥪⮢ p,  ⠪  ⨯ R/O data.  直
pp  ⨯  ,   p⠢ ᫮  ASCII name.

 ppᮢ 稭  resource shift count, 㦭  p
⠫ 祭  ⠡.  ᫥   室    p㯯
ppᮢ,  뢠   ᪮쪮 ppᮢ.

{砫 ⠡}
Offset Length (bytes) Contents

00H 2 Resource shift count

{ᠭ p㯯 ppᮢ}
00H 2 ⨯ pp, 0 ᫨  ⠡, ᫨ p訩  ⠭,
 ⨯ ᮮ⢥ pp p ( .):
1 Cursor
2 Bitmap
3 Icon
4 Menu template
5 Dialog-box template
6 String table
7 Font directory
8 Font
9 Keyboard-accelerator table
᫨ p訩  type p襭,  type p p ASCII,
室饩  pﭨ type  ⠡ ppᮢ: p -
 p PASCAL-style

02H 2 Number of resources of this type
04H 4 Reserved for run-time use
08H 12 each Resource description

{ᠭ pp p⭮ p㯯}
Offset Length (bytes) Contents

00H 2 Offset of resource relative to beginning
of file after shifting left by resource shift count
02H 2 Length of resource after shifting left by
resource shift count
04H 2 Resource flag word (see below)
06H 2 Resource name
If high bit set, represented by a number;
otherwise, type is ASCII text string and this value is offset from beginning
of resource table, pointing to 1-byte value with number of bytes in string
followed by string itself.

08H 4 Reserved for run-time use
The resource flag word is defined as shown in Figure K-3.


Ŀ
FEDCBA9876543210

              
                    
                    
                    1 if resource is MOVABLE
                              0 if resource is FIXED
                   
                   1 if resource is PURE or SHAREABLE
                               0 if resource is IMPURE or NONSHAREABLE
                  
                  1 if resource is PRELOAD
                                0 if resource is LOADONCALL

Priority level for discarding

Figure K-3. The resource flag word.


================== The resident names table ==========================

p ᯨ᮪ p ASCII. p - ,   module definition
file. p㣨 p-  exported functions p᫥  module
definition file that were not given explicit ordinal numbers or that were
explicitly specified in the file as resident names. (Exported functions with
explicit ordinal numbers in the module definition file are listed in the
nonresident names table.)

 砫  p   ( ),      (᫮)
뫠   entry table, 稭  1.  ᫥ module name
p 0.

Offset Length (bytes) Contents

00H 1 Number of bytes in string (0 if end of table)
01H n ASCII string, not null-terminated
n+1 2 Index into entry table

==================== The module reference table ===============

 ᮤp  2    譨 , ᯮ㥬
pp, 2   ᬥ饭  imported names table.

===================== The imported names table =================

Imported names table ᮤp ᯨ᮪ p ASCII.   
 p㣨 㫥, 㪠뢠 (referenced) p⢮ imported functions.
p 稭 ⮬ .

設⢮ p Windows ᮤp  imported names table  KERNEL,
USER,  GDI,   ⠪ 室  p㣨 㫥, ⠪  KEYBOARD
 SOUND. (饭  砫 .)

Offset Length (bytes) Contents

00H 1  
01H n ASCII p,  砥 \0

p 易⥫쭮 稭  砫 imported names table;
the names are referenced by offsets specified in the module reference table.

=================== The entry table =========================

 ⠡ ᮤp     窨 室, .. 类 public
FAR function  procedure.   p 稭  1.  p
ᯮ ⠡栬 p  p .
LINK versions 4.0 and later p㯯p (bundle) 窨 室.  p㯯
᭠ :
Offset Length (bytes) Contents

00H 1 ⢮ 祪 室  離 (0 ᫨  ⠡)
01H 1 Segment number of entry if entry in bundle are in single fixed segment;
0FFH if entry points in bundle are in movable segments
! ᫨ p ᥣ =0,   Null Entry, 㦭 ⮫쪮 㢥
p p 窨 室  p  ᫥饩 離

 離, ᮤp饩 entry points in fixed segments,  窠 室
p 3 :

Offset Length (bytes) Contents

00H 1 Entry-point flag byte (see below)
01H 2 Offset of entry point in segment

 離, ᮤp饩 entry points in movable segments,  窠 室
p 6 :

Offset Length (bytes) Contents

00H 1 Entry-point flag byte (see below)
01H 2 Interrupt 3FH instruction: CDH 3FH
03H 1 Segment number of entry point
04H 2 Offset of entry-point segment

The entry-point flag byte is defined as shown in Figure K-4.


Ŀ
76543210

   
             
             1 if entry is exported
            1 if entry uses single data
                   (library module)
      
      Number of parameter words

Figure K-4. The entry-point flag.


================= The nonresident names table =============

 ⠡ ᮤp ᯨ᮪ p ASCII. p - ᠭ   module
definition file. ⠫ p    exported functions
p᫥  module definition file, p  p, 樨p
 .  (Exported functions  p  module
definition file p᫥  resident names table.)

 p 稭 ⮬- p  p蠥 ᫮ (2
) referencing a member of the entry table, beginning at 1.  p
module description ᫥ 0.

 Offset Length (bytes) Contents

00H 1 Number of bytes in string (0 if end of table)
01H n ASCII string, not null-terminated
n+1 2 Index into entry table

==================== The code and data segment ===============

᫥  p묨 ⠡栬  New Executable pᯮ ᥣ
   pp  筮 . ᫨  ᫮ ᠭ
ᥣ  祭  ITERATED,   p ᫥.
(饭 㪠  砫 ᥣ.)

Offset Length (bytes) Contents

00H 2 Number of iterations of data
02H 2 Number of bytes of data
04H n Data

, pp  ᥣ 㪠   length  ⠡ ᥣ⮢.

᫨ ᥣ ᠭ  ᫮ ᠭ ᥣ  ᮤp騩 relocation
information,  relocation table 稭 p⢥ ᫥ 
ᥣ. Windows ᯮ relocation table  pp襭 뫮 
ᥣ  㭪樨 p㣨 ᥣ⮢ ⮣   pp 㭪権 
p㣨 .  (饭 㪠  砫 ⠡.)


Offset Length (bytes) Contents

00H 2 ᫮ ⮢ relocation  8   (. )


Offset Length (bytes) Contents

00H 1 Type of address to insert in segment:
        1 Offset only, 2 Segment only, 3 Segment and offset
01H 1 Relocation type:
        0 Internal reference, 1 Imported ordinal, 2 Imported name

If bit 2 set, relocation type is additive (see below)

02H 2 Offset of relocation item within segment

騥 4    relocation type. ᫨  p 뫪
 ᥣ ⮣  ,   p,  ᠭ . (Offsets are
from the beginning of the relocation item.)

Offset Length (bytes) Contents

04H 1 Segment number for fixed segment; 0FFH for movable segment
05H 1 0
06H 2 If MOVABLE segment, ordinal number
referenced in entry table; if FIXED
segment, offset into segment

᫨ relocation type - imported ordinal  p㣮 㫥,   
᫥饥. (Offsets are from the beginning of the relocation item.)

Offset Length (bytes) Contents

04H 2 Index into module reference table
06H 2 Function ordinal number

, ᫨ relocation type  imported name of a function in another
module,   ᫥饥. (Offsets are from the beginning of the
relocation item.)

Offset Length (bytes) Contents

04H 2 Index into module reference table
06H 2 Offset within imported names table to
name of imported function

᫨ 䫠 ADDITIVE  relocation type ⠭,  p 譥 㭪樨 is
added  ᮤp of the address in the target segment. ᫨ 䫠 ADDITIVE
p襭,  target contains an offset to another target within the same
segment that requires the same relocation address. This defines a chain of
target addresses that get the same address.  The chain is terminated with a -1
entry.

Charles Petzold
