hargle
Veteran Member
ok, a little embarrassed to admit it, but throughout all the years I've been hacking away and programming in DOS, I've never actually studied the .exe file header information before, but I think I need to now.
I have what I believe is a very rare game "Pro Golf" by Mastertronic.
Unfortunately, it won't run at all.
Debugging through the game, it starts executing almost at the end of the 100k exe file, and starts executing 0's (data), which crash it.
I can tell there is actually executable code elsewhere in the file, like towards the top 1k of the file where I'd normally expect code to run.
It appears that the starting CS:IP of code execution comes from the .exe header, so I can blame the header for telling the game to start running bad code. If the .exe header is corrupt, is there any way to locate what the true starting CS:IP should have been?
here's the exe header in question
so it's not completely mangled, but I don't quite get why the CS:IP pointers there are shoving the starting address so far at the end of the file.
One theory I had was that this file had been infected with a virus before, which might alter the .exe file header and append its code at the end of the file. then at a later date the file was cleaned, but the .exe header was not restored, or the whole dang file is corrupt and I'm screwed.
the file itself is here: http://www.waste.org/~winkles/PROGOLF.ZIP
Getting this title resurrected would be quite a treat.
I have what I believe is a very rare game "Pro Golf" by Mastertronic.
Unfortunately, it won't run at all.
Debugging through the game, it starts executing almost at the end of the 100k exe file, and starts executing 0's (data), which crash it.
I can tell there is actually executable code elsewhere in the file, like towards the top 1k of the file where I'd normally expect code to run.
It appears that the starting CS:IP of code execution comes from the .exe header, so I can blame the header for telling the game to start running bad code. If the .exe header is corrupt, is there any way to locate what the true starting CS:IP should have been?
here's the exe header in question
Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
00000000 4D 5A 33 01 C8 00 05 00 20 00 00 00 FF FF AB 14 MZ3 È ÿÿ«
00000010 90 01 0C FC 00 40 C4 14 1E 00 00 00 01 00 00 00 � ü @Ä
00000020 00 00 02 00 00 00 04 00 00 00 06 00 00 00 06 40 @
00000030 C4 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Ä
so it's not completely mangled, but I don't quite get why the CS:IP pointers there are shoving the starting address so far at the end of the file.
One theory I had was that this file had been infected with a virus before, which might alter the .exe file header and append its code at the end of the file. then at a later date the file was cleaned, but the .exe header was not restored, or the whole dang file is corrupt and I'm screwed.
the file itself is here: http://www.waste.org/~winkles/PROGOLF.ZIP
Getting this title resurrected would be quite a treat.