PE subsystem version field, part 2

14 Feb 2017

In the last installment, I mentioned that the PE subsystem field, among other things, enforces the minimum version of Windows that a program will run on.

One consequence of this is it's sometimes possible to make a program run on an earlier version of Windows by just updating this field to a lower value. Below shows what happens if a program (in this case, sdir), is compiled with Visual C++ 2012 and run on Windows NT 4. Visual C++ 2012 defaults to generating programs that require Vista or newer. But so long as the program isn't using any newer functions, updating the header is all that's needed to make it work:

Although it wouldn't be terribly hard to write, the above screenshot uses the verfix.exe utility that shipped with the NT 3.1 SDK. I don't know the history behind this tool, but since it shipped with the first version of NT, I assume some tools from around that time hadn't been updated to mark binaries as 3.10, so this tool was needed to make those programs work.