Format of ntdos404.sys RRS feed

  • Question

  • X:/WINDOWS/system32/ntdos404.sys does not have a DOS or PE header.
    What type of file is it?

    L. Spiro

    • Moved by Baron Bi Tuesday, August 22, 2017 7:35 AM Not about development
    Monday, August 7, 2017 2:36 AM

All replies

  • Your question is not development related. You may ask here:


    Best regards


    Note: Posted code pieces may not have a good programming style and may not perfect. It is also possible that they do not work in all situations. Code pieces are only indended to explain something particualar.

    • Proposed as answer by Guido Franzke Monday, August 7, 2017 5:44 AM
    Monday, August 7, 2017 4:42 AM
  • Malware?
    Monday, August 7, 2017 9:12 AM
  • X:/WINDOWS/system32/ntdos404.sys does not have a DOS or PE header.
    What type of file is it?

    I suspect that only Dell can give you a definitive answer to that question.
    The format is probably proprietary.

    See the description here:

    How To Fix Ntdos404.sys Blue Screen Errors (BSOD)

    As others have noted, this has nothing to do with C++ development so
    is off-topic here.

    - Wayne

    Monday, August 7, 2017 6:58 PM
  • My question is entirely development-related.

    I’m writing a PE explorer in C++.  What other reason would I have for posting in the development section (while mentioning header formats for a clearly technical discussion)?

    I parse out, manually unpack, apply relocations, etc. to PE most files, but these and other .sys files seem to be a different format.  I’m guessing they are COFF OBJ files?

    Please move my topic back to the correct section where I originally posted it.  I am looking for technical answers with specifications and pointers to C++ header structures.

    L. Spiro

    Wednesday, August 23, 2017 2:57 AM
  • This file most probably is not a sincere valid PE, so there's no point to support it in your PE explorer, period. The best you can do is detect invalid format and gracefully refuse to take it.  IMHO a sys file cannot be a COFF object file. Whether this is a real-mode DOS sys or something malicious, is a different question.


    Wednesday, August 30, 2017 7:46 PM