Why reading EXE as text is showing 'MZ' when printed

Question

String inputFile = "C:\\Users\\Neil\\Desktop\\DCR\\file.exe";
Byte[] bytes = File.ReadAllBytes(inputFile);
String content = Encoding.Default.GetString(bytes);
Console.WriteLine(content);

Output of

MZ?

and when I attempt to do it to another file I get

MZP

What does this mean?

Check out http://stackoverflow.com/questions/2426190/how-to-read-file-binary-in-c. There is really no practical reason to convert arbitrary bytes to a string. — Alexei Levenkov, Jan 20 '16 at 03:53
@NeilDerno By merge do you mean you want a C.EXE that when run will execute A.EXE and B.EXE? If so just add both of A.EXE and B.EXE as resources, execute them both as explained [here](http://stackoverflow.com/questions/15470090/run-exe-file-as-an-embedded-resource-in-c-sharp) — Martheen, Jan 20 '16 at 04:58

score 4 · Accepted Answer · edited Jul 02 '18 at 13:19

4

The first few bytes of a windows exe is the DOS header, which has the structure:

struct DOS_Header 
 {
     char signature[2] = "MZ";
     short lastsize;
     short nblocks;
     short nreloc;
     short hdrsize;
     short minalloc;
     short maxalloc;
     void *ss;
     void *sp;
     short checksum;
     void *ip;
     void *cs;
     short relocpos;
     short noverlay;
     short reserved1[4];
     short oem_id;
     short oem_info;
     short reserved2[10];
     long  e_lfanew;
 }

Reading the file as a string will start with MZ and then vary based on how the following 16 bit integers are interpreted by your encoding. If the high byte on any of those words is 0, that will also null terminate the string, which explains why you get 3 characters of output and nothing else.

Specifically, the output MZ? will occur when lastsize has a value of 0x3F and MZP when lastsize has a value of 0x50.

edited Jul 02 '18 at 13:19

David Conrad

15,432
2
42
54

answered Jan 20 '16 at 03:26

casey

6,855
1
24
37

How would I get past this? – Neil Derno Jan 20 '16 at 03:30
@NeilDerno for starters you'll need to fully understand the binary format you are working with and then how to read binary data in C#. Encoding wont come into play though, you are working with binary data, not ASCII or UTF-8 or some other textual encoding. – casey Jan 20 '16 at 03:32
If it's binary. Then it would be better to not use encoding, right? Rather Conversion to convert it to a readable Base64 string? – Neil Derno Jan 20 '16 at 03:57
1

@NeilDerno unless you want to stare at bytes I see no reason to convert it to Base64, even than HEX (base16) is more frequently used to represent binary as printable text. You may want to stop for a second and think what you are trying to achieve... Maybe something existing like ZIP archive would be better solution to your problem. – Alexei Levenkov Jan 20 '16 at 04:01
2

If anyone is curious, "MZ" comes from the name Mark Zbikowski, who is credited for creating the header format. – vcsjones Jan 20 '16 at 04:09
@AlexeiLevenkov I've rolled back your edit. The PE header begins later in the file (pointed to at offset 0x3C in the dos header) and starts with the letters `PE`. – casey Jan 20 '16 at 04:22

Why reading EXE as text is showing 'MZ' when printed

1 Answers1