DEBUG question about .exe files.

[OceanJeff32]

I know that .com files begin with 100h, where do .exe files begin?

And when I load a .exe file, how come the ECX register just says ZERO...shouldn't the ECX register contain the size of the file loaded?

Oh well, no one probably even uses debug anymore.

By the way, for those of you who don't know, go to command line prompt and type debug <enter>

it's the program that runs when you do the above. type q <enter> at the - and it will display list of commands.

debug is an assembler!

later,

jeff c
:U

[ToutEnMasm]

Hello,
Com files start at zero as exe and the offset 100h is the fixed code entry point.
In executable ,the PE format gives the code entry point thas isn't fixed.
the module handle give the start point of the module (400000h,zero if you open the file).
IMAGE_DOS_HEADER give (starting at 400000h or zero) give e_lfanew ,the RVA of IMAGE_NT_HEADERS with two structures in it.
It's made like that because modules can be insert in an exe

IMAGE_OPTIONAL_HEADER32 give AddressOfEntryPoint that is what you search
See PE tuts in Iczelion for complete information.
                 
                                                   ToutEnMasm

[tenkey]

The first byte of a DOS .COM file loads at CS:100H.

The reason DEBUG zeroes out ECX for an EXE file is because the load information (header + segment relocation table) is either gone or cannot be reused (assuming you can find it). You can't write back what's in memory as a proper EXE file.

[MichaelW]

Jeff,

Debug puts the size of the file, as loaded (meaning without the EXE header for an EXE), into BX:CX, and the Write command writes BX:CX bytes to the disk. But at least the later versions of Debug will refuse to write EXE or HEX files to disk.