When I began the project I'm working on to convert EXE file formats, I started with the NE file. Working on that, I slowly came to understand the purpose of many decisions and how file formats work to a degree I never did before.
Before I began, I had had a few brushes with the PE file format, and thought it was pretty cool. Now, however, I HATE IT.
NE files may have had limitations, but they were pretty straightforward - they always used offsets based on positions in the file, and the worst you ever had to do was a bit-shift with a provided value.
PE files address the shortcomings of the NE format, but then go one step further to make things a headache. Everything uses relative virtual addresses, or "RVAs", which sounds great, but wait - not everything uses them after all. Some things use file offsets, some things use RVAs, some things use values that are RVAs disguised as offsets but you need to do some math to *HEAD EXPLODES*
The fuck were they thinking?
Starting with the COFF format wasn't the worst idea, but they did far more than "bastardize" it, they hijacked it and took it on a ride to force it to become something it wasn't.
Oh, and 64-bit PE files? There's some fun. To work with an executable easily, one will generally "apply" the structures to the file and read the data in - somewhat like a coin machine sorts coins (if a coin machine knew the first few coins would be XYZ and those coins could help it predict future coins, but that part of things isn't relevant to our analogy, so stfu!).
This means that, much like that coin machine, different structures have different sizes and shapes which identify them. Great, right? Well, someone at Microsoft didn't think so, so they made various structures in the PE file vary in size between 32-bit and 64-bit PE files. This means that you need a whole other system in place to detect and handle 64-bit PE files just because they made one structure bigger.
I've only just begun to work with executable formats and already I know I could do better. I've always wanted to make my own OS, maybe I should, and just start by making my own EXE format..
