DOS MZ Exe misidentified as NE exe
powerbf opened this issue · comments
powerbf commented
OS: Linux Mint 19
Output of 'boomerang-cli --version' boomerang-cli v0.4.0-alpha-114-gfc67dfb2
My DOS MZ EXE was incorrectly identified as an NE EXE because it happens to have reloc table offset = 40h in the header
Steps to reproduce:
- boomerang-cli hello.exe
Expected/desired behaviour
Should be identified as DOS MZ exe
Actual behaviour
Identified as NE exe
Additional comments
Checking for reloc table offset = 0x40 is not a realiable way to identify NE Exes.
A more reliable way is to check whether the word at 0x3C contains the offset of a NE header (which starts with the signature 'NE').
Ref: https://www.fileformat.info/format/exe/corion-mz.htm