Windbg显示PE信息

最新推荐文章于 2022-05-23 00:54:24 发布

weixin_33979363

最新推荐文章于 2022-05-23 00:54:24 发布

阅读量194

点赞数

原文链接：http://www.cnblogs.com/fanzi2009/archive/2012/03/07/2383862.html

版权

!dh 命令

kd> !dh 7c800000

File Type: DLL
FILE HEADER VALUES
14C machine (i386)
4 number of sections
4121457C time date stamp Tue Aug 17 07:38:36 2004

       0 file pointer to symbol table
       0 number of symbols
      E0 size of optional header
    210E characteristics
            Executable
            Line numbers stripped
            Symbols stripped
            32 bit word machine
            DLL

OPTIONAL HEADER VALUES
     10B magic #
    7.10 linker version
   81E00 size of code
   95400 size of initialized data
       0 size of uninitialized data
    B436 address of entry point
    1000 base of code
         ----- new -----
7c800000 image base
    1000 section alignment
     200 file alignment
       3 subsystem (Windows CUI)
    5.01 operating system version
    5.01 image version
    4.00 subsystem version
11C000 size of image
     400 size of headers
1242EA checksum
00040000 size of stack reserve
00001000 size of stack commit
00100000 size of heap reserve
00001000 size of heap commit
       0 DLL characteristics
    262C [    6C7B] address [size] of Export Directory
   802DC [      28] address [size] of Import Directory
   88000 [   8D3FC] address [size] of Resource Directory
       0 [       0] address [size] of Exception Directory
       0 [       0] address [size] of Security Directory
116000 [    5BD0] address [size] of Base Relocation Directory
   82BC0 [      38] address [size] of Debug Directory
       0 [       0] address [size] of Description Directory
       0 [       0] address [size] of Special Directory
       0 [       0] address [size] of Thread Storage Directory
   4E080 [      48] address [size] of Load Configuration Directory
     280 [      1C] address [size] of Bound Import Directory
    1000 [     620] address [size] of Import Address Table Directory
       0 [       0] address [size] of Delay Import Directory
       0 [       0] address [size] of COR20 Header Directory
       0 [       0] address [size] of Reserved Directory

SECTION HEADER #1
   .text name
   81C21 virtual size
    1000 virtual address
   81E00 size of raw data
     400 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         (no align specified)
         Execute Read

Debug Directories(2)
Type Size Address Pointer
Can't read debug dir

SECTION HEADER #2
   .data name
    4180 virtual size
   83000 virtual address
    2400 size of raw data
   82200 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         (no align specified)
         Read Write

SECTION HEADER #3
   .rsrc name
   8D3FC virtual size
   88000 virtual address
   8D400 size of raw data
   84600 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         (no align specified)
         Read Only

SECTION HEADER #4
.reloc name
    5BD0 virtual size
116000 virtual address
    5C00 size of raw data
111A00 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
42000040 flags
         Initialized Data
         Discardable
         (no align specified)
         Read Only

转载于:https://www.cnblogs.com/fanzi2009/archive/2012/03/07/2383862.html