- SimpleSection.c文件
-
int printf(const char* format,...); int global_int_var = 84; int global_unint_var; void func1(int i) { printf("%d\n",i); } int main(void) { static int static_var = 85; static int static_var2; int a = 1; int b; func1(static_var + static_var2 + a + b); return 0; }
-
- cl /c SimpleSection.c ---->SimpleSection.obj
- dumpbin /all SimpleSection.obj
-
Microsoft (R) COFF/PE Dumper Version 8.00.50727.762 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file simplesection.obj File Type: COFF OBJECT FILE HEADER VALUES 14C machine (x86) 5 number of sections 4E43414B time date stamp Thu Aug 11 10:41:15 2011 1F2 file pointer to symbol table 14 number of symbols 0 size of optional header 0 characteristics SECTION HEADER #1 .drectve name 0 physical address 0 virtual address 2F size of raw data DC file pointer to raw data (000000DC to 0000010A) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 100A00 flags Info Remove 1 byte align RAW DATA #1 00000000: 20 20 20 2F 44 45 46 41 55 4C 54 4C 49 42 3A 22 /DEFAULTLIB:" 00000010: 4C 49 42 43 4D 54 22 20 2F 44 45 46 41 55 4C 54 LIBCMT" /DEFAULT 00000020: 4C 49 42 3A 22 4F 4C 44 4E 41 4D 45 53 22 20 LIB:"OLDNAMES" Linker Directives ----------------- /DEFAULTLIB:"LIBCMT" /DEFAULTLIB:"OLDNAMES" SECTION HEADER #2 .debug$S name 0 physical address 0 virtual address 5B size of raw data 10B file pointer to raw data (0000010B to 00000165) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42100040 flags Initialized Data Discardable 1 byte align Read Only RAW DATA #2 00000000: 02 00 00 00 1B 00 09 00 00 00 00 00 14 45 3A 5C .............E:\ 00000010: 73 69 6D 70 6C 65 73 65 63 74 69 6F 6E 2E 6F 62 simplesection.ob 00000020: 6A 38 00 13 10 00 22 00 00 07 00 0E 00 00 00 27 j8...."........' 00000030: C6 0E 00 00 00 27 C6 21 4D 69 63 72 6F 73 6F 66 ?....'?!Microsof 00000040: 74 20 28 52 29 20 4F 70 74 69 6D 69 7A 69 6E 67 t (R) Optimizing 00000050: 20 43 6F 6D 70 69 6C 65 72 00 00 Compiler.. SECTION HEADER #3 .data name 0 physical address 0 virtual address C size of raw data 166 file pointer to raw data (00000166 to 00000171) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300040 flags Initialized Data 4 byte align Read Write RAW DATA #3 00000000: 54 00 00 00 25 64 0A 00 55 00 00 00 T...%d..U... SECTION HEADER #4 .text name 0 physical address 0 virtual address 4E size of raw data 172 file pointer to raw data (00000172 to 000001BF) 1C0 file pointer to relocation table 0 file pointer to line numbers 5 number of relocations 0 number of line numbers 60500020 flags Code 16 byte align Execute Read RAW DATA #4 00000000: 55 8B EC 8B 45 08 50 68 00 00 00 00 E8 00 00 00 U.ì.E.Ph....è... 00000010: 00 83 C4 08 5D C3 CC CC CC CC CC CC CC CC CC CC ..?.]?ìììììììììì 00000020: 55 8B EC 83 EC 08 C7 45 FC 01 00 00 00 A1 00 00 U.ì.ì.?Eü....?.. 00000030: 00 00 03 05 00 00 00 00 03 45 FC 03 45 F8 50 E8 .........Eü.E?Pè 00000040: 00 00 00 00 83 C4 04 8B 45 FC 8B E5 5D C3 .....?..Eü.?]? RELOCATIONS #4 Symbol Symbol Offset Type Applied To Index Name -------- ---------------- ----------------- -------- ------ 00000008 DIR32 00000000 A $SG612 0000000D REL32 00000000 F _printf 0000002E DIR32 00000000 B ?static_var@?1??main@@9@9 (`main'::`2'::static_var) 00000034 DIR32 00000000 13 ?static_var2@?1??main@@9@9 (`main'::`2'::static_var2) 00000040 REL32 00000000 E _func1 SECTION HEADER #5 .bss name 0 physical address 0 virtual address 4 size of raw data 0 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300080 flags Uninitialized Data 4 byte align Read Write COFF SYMBOL TABLE 000 006DC627 ABS notype Static | @comp.id 001 00000001 ABS notype Static | @feat.00 002 00000000 SECT1 notype Static | .drectve Section length 2F, #relocs 0, #linenums 0, checksum 0 004 00000000 SECT2 notype Static | .debug$S Section length 5B, #relocs 0, #linenums 0, checksum 0 006 00000004 UNDEF notype External | _global_unint_var 007 00000000 SECT3 notype Static | .data Section length C, #relocs 0, #linenums 0, checksum AC5AB941 009 00000000 SECT3 notype External | _global_int_var 00A 00000004 SECT3 notype Static | $SG612 00B 00000008 SECT3 notype Static | ?static_var@?1??main@@9@9 (`main'::`2'::static_var) 00C 00000000 SECT4 notype Static | .text Section length 4E, #relocs 5, #linenums 0, checksum CC61DB94 00E 00000000 SECT4 notype () External | _func1 00F 00000000 UNDEF notype () External | _printf 010 00000020 SECT4 notype () External | _main 011 00000000 SECT5 notype Static | .bss Section length 4, #relocs 0, #linenums 0, checksum 0 013 00000000 SECT5 notype Static | ?static_var2@?1??main@@9@9 (`main'::`2'::static_var2) String Table Size = 0x5B bytes Summary 4 .bss C .data 5B .debug$S 2F .drectve 4E .text
-
- 拆解SimpleSection.obj
-
====Image Header==== 4C01//machine (x86) 0500//5个段 4B41434E//时间戳 F2010000//符号表地址 14000000//符号数 0000//可选头大小 0000//标志 ====段表==== 2E64726563747665//.drectve 00000000 00000000 2F000000//段数据大小 DC000000//段数据起始位置 00000000 00000000 0000 0000 000A1000//段标志字 2E64656275672453//.debug$S 00000000 00000000 5B000000 0B010000 00000000 00000000 0000 0000 40001042 2E64617461000000//.data 00000000 00000000 0C000000 66010000 00000000 00000000 0000 0000 400030C0 2E74657874000000//.text 00000000 00000000 4E000000 72010000 C0010000//重定位数据位置 00000000 0500//重定位数据大小 0000 20005060 2E62737300000000//.bss 00000000 00000000 04000000 00000000 00000000 00000000 0000 0000 800030C0 ====RAW DATA==== //#1 2020202F44454641554C544C49423A22 4C4942434D5422202F44454641554C54 4C49423A224F4C444E414D45532220 //#2 020000001B0009000000000014453A5C 73696D706C6573656374696F6E2E6F62 6A380013100022000007000E00000027 C60E00000027C6214D6963726F736F66 7420285229204F7074696D697A696E67 20436F6D70696C65720000 //#3 5400000025640A0055000000 //#4 558BEC8B4508506800000000E8000000 0083C4085DC3CCCCCCCCCCCCCCCCCCCC 558BEC83EC08C745FC01000000A10000 00000305000000000345FC0345F850E8 0000000083C4048B45FC8BE55DC3 ====重定位表==== 08000000//重定位入口的段内偏移 0A000000//在符号表内的索引 0600//属性:重定位目标的32位虚拟地址 0D000000 0F000000//在符号表内的索引---->_printf 1400//属性:重定位目标的32位相对偏移 2E000000 0B000000 0600 34000000 13000000 0600 40000000 0E000000 1400 ====符号表====//通过符号大小和序号计算符号段内偏移地址? 40636F6D702E6964//@comp.id 27C66D00//符号大小 FFFF 0000//符号类型:变量及其他 03//可见类型:static 00 40666561742E3030//@feat.00 01000000 FFFF 0000 03 00 2E64726563747665//.drectve 00000000 0100//段号:1 0000 03 01//1个附加信息 2F0000000000000000000000000000000000 2E64656275672453//.debug$S 00000000 0200 0000 03 01 5B0000000000000000000000000000000000 00000000//为0,则后四字节为字符串偏移 04000000//字符串表偏移4--->_global_unint_var 04000000//大小为4 0000 0000//符号类型:变量及其他 02//可见类型:external 00 2E64617461000000//.data\0\0\0 00000000 0300 0000 03 01 0C0000000000000041B95AAC000000000000 00000000 16000000//字符串表偏移22--->_global_int_var 00000000//?? 0300//段号:3 0000 02//可见类型:external 00 2453473631320000//$SG612\0\0 04000000 0300 0000 03 00 000000002600000008000000030000000300 2E74657874000000//.text\0\0\0 00000000 0400 0000 03 01 4E0000000500000094DB61CC000000000000 5F66756E63310000//_func1\0\0 00000000 0400 2000//符号类型:函数 02 00 5F7072696E746600//_printf\0 00000000 0000 2000 02 00 5F6D61696E000000//_main\0\0\0 20000000//大小 0400//段号 2000//符号类型:函数 02//可见类型:external 00 2E62737300000000//.bss\0\0\0\0 00000000 0500 0000 03 01 040000000000000000000000000000000000000000004000000000000000050000000300 ====字符串表==== 5B000000 5F676C6F62616C5F756E696E745F76617200//_global_unint_var 5F676C6F62616C5F696E745F76617200//_global_int_var 3F7374617469635F766172403F313F3F6D61696E404039403900//?static_var@?1??main@@9@9 3F7374617469635F76617232403F313F3F6D61696E404039403900//?static_var2@?1??main@@9@9
-
- 数据结构
-
typedef struct _IMAGE_FILE_HEADER { WORD Machine; WORD NumberOfSections; DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; WORD Characteristics; } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; typedef struct _IMAGE_SECTION_HEADER { BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; union { DWORD PhysicalAddress; DWORD VirtualSize; } Misc; DWORD VirtualAddress; DWORD SizeOfRawData; DWORD PointerToRawData; DWORD PointerToRelocations; DWORD PointerToLinenumbers; WORD NumberOfRelocations; WORD NumberOfLinenumbers; DWORD Characteristics; } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; typedef struct _IMAGE_RELOCATION { union { DWORD VirtualAddress; DWORD RelocCount; }; DWORD SymbolTableIndex; WORD Type; } IMAGE_RELOCATION; typedef struct _IMAGE_SYMBOL { union { BYTE ShortName[8]; struct { DWORD Short; // if 0, use LongName DWORD Long; // offset into string table } Name; PBYTE LongName[2]; } N; DWORD Value; SHORT SectionNumber; WORD Type; BYTE StorageClass; BYTE NumberOfAuxSymbols; } IMAGE_SYMBOL;
-
- 参考:
转载于:https://www.cnblogs.com/dahai/archive/2011/08/12/2135828.html