Initially, I attempted to develop a program that could differentiate between 16-bit DOS and 32/64-bit Windows executables.

After reading another answer, I learned that an executable could be categorized based on its first two bytes, which are typically “MZ/…”.

However, when I compared various executables that I had created in assembly and compiled using TASM for 16-bit, and ones from my computer’s C:\Windows\System32 for 32/64-bit, I discovered that they all began with “MZ”.

I am wondering if there is a specific explanation for this or if I am doing something incorrectly. Additionally, I am curious if there is a more precise method for identifying an executable.

Askify Moderator Edited question April 23, 2023