- 1 year ago
How to detect architecture of an LE (linear executable) file?
To detect the architecture of a linear executable (LE) file, you can examine the file's header information. The LE file format is specific to the Windows 16-bit operating systems (Windows 3.x), which supported two architectures: Intel x86 (16-bit) and Intel 286+ (16-bit or 32-bit).
Here's a general approach to detecting the architecture of an LE file:
Read the DOS header: The DOS header is the initial section of the LE file and contains information about the DOS executable format. The
e_magic
field at the beginning of the DOS header should be set to the valueMZ
(ASCII codes for 'M' and 'Z').Read the NE header: After the DOS header, the NE (New Executable) header follows. The offset to the NE header is specified by the
e_lfanew
field in the DOS header. Read the NE header to access the necessary information.Check the architecture: The architecture information can be determined by examining the
ne_exetyp
field in the NE header. This field specifies the type of the executable and can have the following values:- 0x1 - Intel 286 or later (16-bit)
- 0x2 - Intel 286 or later (32-bit)
- 0x4 - Intel 8086 or Intel 8088 (16-bit)
By examining the ne_exetyp
field, you can determine the architecture of the LE file.
Please note that the LE file format is quite old and no longer in widespread use. Modern Windows operating systems do not support executing LE files natively. This information is provided for historical purposes or for situations where you may encounter legacy LE files.