I've seen a strange value placed in an EXE header
00000000 :4D 5A 90 00 03 00 00 00 - 04 00 00 00 FF FF 00 00
00000010 :B8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00
00000020 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000030 :00 00 00 00 00 00 00 00 - 00 00 00 00 A8 00 00 00 <-
I don't know what A8 is doing at offset 3C but if I replace it with zeros my program doesn't execute.
What is that?
Could you give me a hyperlink to the full MS DOS header (spec)?
DWORD at offset 0x3c is the offset of the new EXE header, aka IMAGE_NT_HEADERS. So if you change the value there, the PE loader cannot find the new EXE header.