What is the MZ signature in a PE file for?

Question

I'm working on a program that will parse a PE object for various pieces of information.

Reading the specifications though, I cannot find out why the MZ bytes are there, as I cannot find this on the list of machine types that these 2 bytes are supposed to represent.

Can anyone clarify?

Answer 1

The MZ signature is a signature used by the MS-DOS relocatable 16-bit EXE format.

The reason a PE binary contains an MZ header is for backwards compatibility. If the executable is run on a DOS-based system it will run the MZ version (which is nearly always just stub that says you need to run the program on a Win32 system).

Of course this is not as useful nowadays as it was back when the world was transitioning from DOS to whatever would come after it.

Back then there were a few programs that would actually bind together a DOS version and a Win32 version in a single binary.

And as with most things dealing with Windows history, Raymond Chen has some interesting articles about this subject:

• Why does a corrupted binary sometimes result in "Program too big to fit in memory"?
• What's the difference between the COM and EXE extensions?

Answer 2

Thety are the initials of a Microsoft programmer and identify the file as a DOS executable see http://en.wikipedia.org/wiki/DOS_executable for a bit more info.

Answer 3

As I see it, by reading the wikipedia article and Iczelion's PE Tutorial, it is there just to keep up compatibility and enable dos or HX DOS Extender to execute certain code next to the MZ header.

From devsource one can find more information like MZ stands for Mark Zbikowski, one of MS-DOS's developers. And how the operating system behaves and handles the data from the MZ header.

Answer 4

Mark Zbikowski put his initials into the original MS-DOS exe format. This signature was necessary to distinguish .EXE files from the much simpler .COM format on DOS.

Every PE file also contains a 16-bit DOS program and thus starts with this .EXE header. This DOS program would typically print out "This program requires Microsoft Windows" or similar. I don't know if modern compilers still produce the DOS stub, but the PE standard still says a PE starts with a 16-bit EXE header.

Answer 5

In the early days of Microsoft® Windows, The Windows™ 1.x, 2.x and 3.xx OS not only existed in the same volumes as Microsoft® DOS, but also ran on top of an MS-DOS OS. It was not only possible, but very probable that a user might attempt to run some of the Windows® programs under DOS. Therefore, Microsoft® programmers made sure all Windows® programs would have a simple 16-bit DOS program placed at the front of each Windows executable that would alert the user if they were attempting to run a Windows® program under DOS. This is all the DOS "Stub" program does. resource: http://thestarman.pcministry.com/asm/debug/DOSstub.htm

Answer 6

It's the "magic number" of dos executable. Legacy stuff you can ignore.

Dos executable