Difference between pages "Text File (TXT)" and "Executable"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
(DBG, PDB)
 
Line 1: Line 1:
'''Text file formats''' usually have the '''.txt''' extension.
+
{{expand}}
  
These files contain 8- or 16-bit characters that use printable characters along with some control data such as tabs and line feeds. [http://en.wikipedia.org/wiki/Text_file] Text files are split into several major types:
+
An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.
* DOS/Windows format ends each line using Carriage Return (CR) or char(13) and a Line Feed (LF) char(10) byte sequence, 
+
* Unix format includes only the Carriage Return (CR) or char (13) at the end of the line.
+
* Unicode includes an optional encoding in the first two bytes Byte Order Mark (BOM) that identifies the unicode encoding. This is mainly used to identify little endian or big endian byte order.
+
* EBCIDIC used char(15) for a new line. [http://en.wikipedia.org/wiki/EBCDIC]
+
  
They are usually [[ASCII]] encoded, although other encodings are possible to allow various language scripts to be used. Other encodings include EBCIDIC from the old IBM mainframe. Text files can have the [[MIME type]] "text/plain", often with suffixes indicating an encoding (e.g. "text/plain;charset=UTF-8".) Any basic text reader can be used to view the contents of a simple text file, however some (notably Notepad) have issues with certain less popular encodings. Wordpad is included with windows and may display the files properly.
+
There are multiple families of executable files:
 +
* Scripts; e.g. shell scripts, batch scripts (.bat)
 +
* DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
 +
* ELF
 +
* Mach-O
  
Translation of a DOS/Windows text file to Unix is performed by removing the Carriage Return from the end of the line.
+
== External Links ==
The reverse is simply the addition of the Carriage Return to the Line Feed. Files that have double spaces between the lines may have been improperly translated from one system to another.
+
* [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable]
  
A number of file formats is actually "text files", but bears diffrent extensions. For example is web documents ([[HTML]]-files) text files but is written with a speciffic syntax so the applications the files are designed to work with can read i correctly. Other kinds of files that can be seen as text files are source code files, xml, etc.
+
=== MZ, PE/COFF ===
 +
* [http://en.wikipedia.org/wiki/Portable_Executable Wikipedia: Portable Executable]
 +
* [http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx Microsoft PE and COFF Specification]
 +
* [https://googledrive.com/host/0B3fBvzttpiiSd1dKQVU0WGVESlU/Executable%20(EXE)%20file%20format.pdf MZ, PE-COFF executable file format (EXE)], by the [[libexe|libexe project]], October 2011
 +
* [http://seclists.org/fulldisclosure/2013/Oct/157 The Internal of Reloc .text], Full Disclosure Mailing list, October 21, 2013
  
[[Category:File Formats]]
+
=== DBG, PDB ===
 +
* [http://en.wikipedia.org/wiki/Program_database Wikipedia: Program database]
 +
* [http://www.debuginfo.com/articles/debuginfomatch.html Matching Debug Information], by debuginfo.com
 +
* [http://support.microsoft.com/kb/121366 Description of the .PDB files and of the .DBG files], by [[Microsoft]]
 +
* [http://msdn.microsoft.com/en-us/library/ff553493(v=vs.85).aspx Public and Private Symbols], by [[Microsoft]]
 +
* [http://msdn.microsoft.com/en-us/library/windows/desktop/ms679293(v=vs.85).aspx DbgHelp Structures], by [[Microsoft]]
 +
* [http://web.archive.org/web/20070915060650/http://www.x86.org/ftp/manuals/tools/sym.pdf Internet Archive: Microsoft Symbol and Type Information], by [[Microsoft]]
 +
* [https://code.google.com/p/pdbparse/wiki/StreamDescriptions Stream Descriptions], [https://code.google.com/p/pdbparse/ pdbparse project]
 +
* [https://code.google.com/p/google-breakpad/source/browse/trunk/src/google_breakpad/common/minidump_format.h minidump_format.h]
 +
* [http://moyix.blogspot.ch/2007/10/types-stream.html The Types Stream], by [[Brendan Dolan-Gavitt]], October 4, 2007
 +
 
 +
=== Mach-O ===
 +
* [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O]
 +
 
 +
== Tools ==
 +
 
 +
=== MZ, PE/COFF ===
 +
* [https://code.google.com/p/pefile/ pefile], multi-platform Python module to read and work with Portable Executable (aka PE) files
 +
 
 +
=== PDB ===
 +
* [https://code.google.com/p/pdbparse/ pdbparse], Open-source parser for Microsoft debug symbols (PDB files)

Revision as of 06:42, 2 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.

There are multiple families of executable files:

  • Scripts; e.g. shell scripts, batch scripts (.bat)
  • DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
  • ELF
  • Mach-O

Contents

External Links

MZ, PE/COFF

DBG, PDB

Mach-O

Tools

MZ, PE/COFF

  • pefile, multi-platform Python module to read and work with Portable Executable (aka PE) files

PDB

  • pdbparse, Open-source parser for Microsoft debug symbols (PDB files)