search

mentebinaria / readpe

The PE file analysis toolkit
GNU General Public License v2.0
676 stars 128 forks source link

Support for NE files #201

Open GoGoOtaku opened 12 months ago

GoGoOtaku commented 12 months ago

As reported in #200 NE executables are not actually supported. This would only affect executables for Windows 1.01 through 3.xx

NE (New Executable) is a 16 Bit proto PE format and support has been dropped on 64 bit releases of Windows. More info can be found here: https://wiki.osdev.org/NE

Since this is highly niche this is currently very low priority. If this is a feature people have actual interest in I would appreciate a comment below.

Pull requests with this feature are obviously always welcome.

pali commented 12 months ago

NE (New Executable) is a 16 Bit proto PE format

No, it is not PE format. It is completely different format (called NE), and in this repository there is no support for parsing NE structures.

NE format is even not based on the COFF (like PE), so it means that there is nothing common in readpe and NE. So support for NE format would mean to write completely new library and then completely new tool for it, because current libpe library does not have structures and functions for NE.

Note that NE format is used by 16-bit Windows (1.01 - 3.11, 95, 98, ME), OS/2 1.x, some DOS extenders and rare European Multitasking MS-DOS.

GoGoOtaku commented 12 months ago

I didn't say it was PE. I said "proto PE" as it is clearly the first step into creating a more versatile format than MZ. Ultimately they created PE but looking at the header of NE there is clearly some overlap in ideas. (Ideas not actually any structures)

But yes obviously it would require a lot of development for a very niche purpose. Furthermore even if there was overlap I would have argued for a separate libne or something anyway.

I am aware of all of this hence why I said this is unlikely to happen. Yet I don't think supporting a niche grandfather format would be outside of the scope of this project. Hence why I made the issue for housekeeping.

pali commented 12 months ago

Ok! In case somebody is interested in libne, let me know. All documents on internet which describe NE format are incomplete because MS had not published full specification and also because MS linker generated slightly different format than what MS spec say. I collected available information about NE and reconstructed the real C structure and meaning of almost all bit values.