Skip to content

VZL file

VZL file

32-bit PEI executables have a "VZL" header with the magic number 0x565a4c01:

    # xxd -g 1 ~/efi/rom-b02/8bceddd7-e285-4168-9b3f09af66c93ffe.001 | head
    0000000: <span style="color:red">56 5a 4c 01</span> 04 0b 78 01 6a 1c 00 00 40 02 00 00  VZL...x.j...@...
    0000010: <span style="color:blue">1c 55 f9 ff</span> 00 00 00 00 80 27 00 00 e0 01 00 00  .U.......'......
    0000020: 60 29 00 00 31 00 00 00 2e 74 65 78 74 00 00 00  `)..1....text...
    0000030: <span style="color:green">60 24 00 00</span> <span style="color:red">40 02 00 00</span> 60 24 00 00 40 02 00 00  `$..@...`$..@...
    0000040: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60  ............ ..`
    0000050: 2e 64 61 74 61 00 00 00 <span style="color:\#ffff00">e0 00 00 00</span> <span style="color:red">a0 26 00 00</span>  .data........&..
    0000060: e0 00 00 00 a0 26 00 00 00 00 00 00 00 00 00 00  .....&..........

This 10324 (0x2854) byte file is a x86-32 executable mapped at 0xfff9551c. The .text segment is 0x2460 bytes long at offset 0x240. The .data segment is 0xe0 bytes at offset 0x26a0. Entry point is ???

Reverse engineering Security 2015