Int 21 Fn 4B - Dos 2+ - "exec" - Load And/or Execute Program (Cont.)
32h WORD file alignment size shift count
0 is equivalent to 9 (default 512-byte pages)
34h WORD number of resource table entries
36h BYTE target operating system
00h unknown
01h OS/2
02h Windows
03h European MS-DOS 4.x
04h Windows 386
05h BOSS (Borland Operating System Services)
81h PharLap 286|DOS-Extender, OS/2
82h PharLap 286|DOS-Extender, Windows
37h BYTE other EXE flags (see #1285)
38h WORD offset to return thunks or start of gangload area
3Ah WORD offset to segment reference thunks or length of gangload area
3Ch WORD minimum code swap area size
3Eh 2 BYTEs expected Windows version (minor version first)
Note: this header is documented in detail in the Windows 3.1 SDK Programmer's
Reference, Vol 4.
See Also: #1280
Bitfields for new executable program flags:
Bit(s) Description (Table 1283)
0-1 DGROUP type
0 = none
1 = single shared
2 = multiple (unshared)
3 = (null)
2 global initialization
3 protected mode only
4 8086 instructions
5 80286 instructions
6 80386 instructions
7 80x87 instructions
Bitfields for new executable application flags:
Bit(s) Description (Table 1284)
0-2 application type
001 full screen (not aware of Windows/P.M. API)
010 compatible with Windows/P.M. API
011 uses Windows/P.M. API
3 is a Family Application (OS/2)
5 0=executable, 1=errors in image
6 non-conforming program (valid stack is not maintained)
7 DLL or driver rather than application
(SS:SP info invalid, CS:IP points at FAR init routine called with
AX=module handle which returns AX=0000h on failure, AX nonzero on
successful initialization)
Bitfields for other new .EXE flags:
Bit(s) Description (Table 1285)
0 supports long filenames
1 2.X protected mode
2 2.X proportional font
3 gangload area
Format of Codeview trailer (at end of executable):
Offset Size Description (Table 1286)
00h WORD signature 4E42h ('NB')
02h WORD Microsoft debug info version number
04h DWORD Codeview header offset
See Also: #1310
Format of new executable segment table record:
Offset Size Description (Table 1287)
00h WORD offset in file (shift left by alignment shift to get byte offs)
02h WORD length of image in file (0000h = 64K)
04h WORD segment attributes (see #1288)
06h WORD number of bytes to allocate for segment (0000h = 64K)
Note: the first segment table entry is entry number 1
See Also: #1290
Bitfields for segment attributes:
Bit(s) Description (Table 1288)
0 data segment rather than code segment
1 unused???
2 real mode
3 iterated
4 movable
5 sharable
6 preloaded rather than demand-loaded
7 execute-only (code) or read-only (data)
8 relocations (directly following code for this segment)
9 debug info present
10,11 80286 DPL bits
12 discardable
13-15 discard priority
Format of new executable entry table item (list):
Offset Size Description (Table 1289)
00h BYTE number of entry points (00h if end of entry table list)
01h BYTE segment number (00h if end of entry table list)
02h 3N BYTEs entry records
Offset Size Description
00h BYTE flags
bit 0: exported
bit 1: single data
bits 2-7: unused???
01h WORD offset within segment
Format of new executable relocation data (immediately follows segment image):
Offset Size Description (Table 1290)
00h WORD number of relocation items
02h 8N BYTEs relocation items
Offset Size Description
00h BYTE relocation type
00h LOBYTE
02h BASE
03h PTR
05h OFFS
0Bh PTR48
0Dh OFFS32
01h BYTE flags
bit 2: additive
02h WORD offset within segment
04h WORD target address segment
06h WORD target address offset
See Also: #1287,#1291
Format of new executable resource data:
Offset Size Description (Table 1291)
00h WORD alignment shift count for resource data
02h N RECORDs resources
Format of resource record:
Offset Size Description
00h WORD type ID
0000h if end of resource records
>= 8000h if integer type
else offset from start of resource table to type string
02h WORD number of resources of this type
04h DWORD reserved for runtime use
08h N Resources (see #1292)
Note: resource type and name strings are stored immediately following the
resource table, and are not null-terminated
See Also: #1292
Format of new executable resource entry:
Offset Size Description (Table 1292)
00h WORD offset in alignment units from start of file to contents of
the resource data
02h WORD length of resource image in bytes
04h WORD flags
bit 4: moveable
bit 5: shareable
bit 6: preloaded
06h WORD resource ID
>= 8000h if integer resource
else offset from start of resource table to resource string
08h DWORD reserved for runtime use
Notes: resource type and name strings are stored immediately following the
resource table, and are not null-terminated
strings are counted strings, with a string of length 0 indicating the
end of the resource table
See Also: #1291,#1293
Format of new executable module reference table [one bundle of entries]:
Offset Size Description (Table 1293)
00h BYTE number of records in this bundle (00h if end of table)
01h BYTE segment indicator
00h unused
FFh movable segment, segment number is in entry
else segment number of fixed segment
02h N RECORDs
Format of segment record
Offset Size Description
00h BYTE flags
bit 0: entry is exported
bit 1: entry uses global (shared) data
bits 7-3: number of parameter words
---fixed segment---
01h WORD offset
---moveable segment---
01h 2 BYTEs INT 3F instruction (CDh 3Fh)
03h BYTE segment number
05h WORD offset
Note: table entries are numbered starting from 1
See Also: #1294
Format of new executable resident/nonresident name table entry:
Offset Size Description (Table 1294)
00h BYTE length of string (00h if end of table)
01h N BYTEs ASCII text of string
N+1 WORD ordinal number (index into entry table)
Notes: the first string in the resident name table is the module name; the
first entry in the nonresident name table is the module description
the strings are case-sensitive; if the executable was linked with
/IGNORECASE, all strings are in uppercase
See Also: #1293
Format of Linear Executable (enhanced mode executable) header:
Offset Size Description (Table 1295)
00h 2 BYTEs "LE" (4Ch 45h) signature (Windows)
"LX" (4Ch 58h) signature (OS/2)
02h BYTE byte order (00h = little-endian, nonzero = big-endian)
03h BYTE word order (00h = little-endian, nonzero = big-endian)
04h DWORD executable format level
08h WORD CPU type (see also INT 15/AH=C9h)
01h Intel 80286 or upwardly compatible
02h Intel 80386 or upwardly compatible
03h Intel 80486 or upwardly compatible
04h Intel Pentium (80586) or upwardly compatible
20h Intel i860 (N10) or compatible
21h Intel "N11" or compatible
40h MIPS Mark I (R2000, R3000) or compatible
41h MIPS Mark II (R6000) or compatible
42h MIPS Mark III (R4000) or compatible
0Ah WORD target operating system
01h OS/2
02h Windows
03h European DOS 4.0
04h Windows 386
0Ch DWORD module version
10h DWORD module type (see #1296)
14h DWORD number of memory pages
18h Initial CS:EIP
DWORD object number
DWORD offset
20h Initial SS:ESP
DWORD object number
DWORD offset
28h DWORD memory page size
2Ch DWORD (Windows LE) bytes on last page
(OS/2 LX) page offset shift count
30h DWORD fixup section size
34h DWORD fixup section checksum
38h DWORD loader section size
3Ch DWORD loader section checksum
40h DWORD offset of object table (see #1297)
44h DWORD object table entries
48h DWORD object page map table offset (see #1299)
4Ch DWORD object iterate data map offset
50h DWORD resource table offset
54h DWORD resource table entries
58h DWORD resident names table offset (see #1300)
5Ch DWORD entry table offset (see #1301,#1302)
60h DWORD module directives table offset
64h DWORD Module Directives entries
68h DWORD Fixup page table offset
6Ch DWORD Fixup record table offset (see #1304)
70h DWORD imported modules name table offset
74h DWORD imported modules count
78h DWORD imported procedures name table offset
7Ch DWORD per-page checksum table offset
80h DWORD data pages offset
84h DWORD preload page count
88h DWORD non-resident names table offset
8Ch DWORD non-resident names table length
90h DWORD non-resident names checksum
94h DWORD automatic data object
98h DWORD debug information offset
9Ch DWORD debug information length
A0h DWORD preload instance pages number
A4h DWORD demand instance pages number
A8h DWORD extra heap allocation
ACh 12 BYTEs reserved
B8h DWORD offset of VERSIONINFO resource (MS-Windows VxD only)
BCh DWORD pointer to ??? (dynamically-loadable VxDs only???)
C0h WORD device ID (MS-Windows VxD only)
C2h WORD DDK version (MS-Windows VxD only)
Note: used by EMM386.EXE, QEMM, and Windows 3.0 Enhanced Mode drivers
Bitfields for Linear Executable module type:
Bit(s) Description (Table 1296)
2 initialization (only for DLLs) 0 = global, 1 = per-process
4 no internal fixups in executable image
5 no external fixups in executable image
8-10 API compatibility
0 = unknown
1 = incompatible with PM windowing \
2 = compatible with PM windowing > (only for
3 = uses PM windowing API / programs)
13 module not loadable (only for programs)
15-17 module type
000 program
001 library (DLL)
011 protected memory library module
100 physical device driver
110 virtual device driver
30 per-process library termination
(requires valid CS:EIP, can't be set for .EXE)
Format of object table entry:
Offset Size Description (Table 1297)
00h DWORD virtual size in bytes
04h DWORD relocation base address
08h DWORD object flags (see #1298)
0Ch DWORD page map index
10h DWORD page map entries (see #1299)
14h 4 BYTEs reserved??? (apparently always zeros)
Bitfields for object flags:
Bit(s) Description (Table 1298)
0 readable
1 writable
2 executable
3 resource
4 discardable
5 shared
6 preloaded
7 invalid
8-9 type
00 normal
01 zero-filled
10 resident
11 resident and contiguous
10 resident and long-lockable
11 reserved
12 16:16 alias required
13 "BIG" (Huge: 32-bit)
14 conforming
15 "OBJECT_I/O_PRIVILEGE_LEVEL"
16-31 reserved
Format of object page map table entry:
Offset Size Description (Table 1299)
00h BYTE ??? (usually 00h)
01h WORD (big-endian) index to fixup table
0000h if no relocation info
03h BYTE type (00h hard copy in file, 03h some relocation needed)
Format of resident names table entry:
Offset Size Description (Table 1300)
00h BYTE length of name
01h N BYTEs name
N+1 3 BYTEs ???
Format of LE linear executable entry table:
Offset Size Description (Table 1301)
00h BYTE number of entries in table
01h 10 BYTEs per entry
Offset Size Description
00h BYTE bit flags
.NG limit reached, continued in next section...