{"rsdb":{"rid":"153536","subhead":"","postdate":"0","aid":"115356","fid":"55","uid":"1","topic":"1","content":"
\n

1 Understand \u5206\u6790\u7684\u56fe\u8868<\/h1> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

\"\\\"<\/p> \n

<\/p> \n

2 PE\u7ed3\u6784\u89e3\u6790\u7684\u4e3b\u8981\u4ee3\u7801\u7b80\u8981\u5206\u6790<\/h1> \n

\u9996\u5148\u770b\u4e0bPE\u7ed3\u6784\u4f53\u7684\u5b9a\u4e49\uff1b\u4e0ePE\u6587\u4ef6\u7ed3\u6784\u4e00\u81f4\uff1b<\/p> \n

<\/p> \n

\r\n\/************************************************************************\/\r\n\/* \u5b9a\u4e49PE\u6587\u4ef6\u7684\u7ed3\u6784\u4f53\r\n2011-08-30 Wizard~ZL*\/\r\n\/************************************************************************\/\r\n#ifndef _PESTRUCT_H_\r\n#define _PESTRUCT_H_\r\n\r\n\/\/PE\u6587\u4ef6\u6700\u5f00\u59cb\u662f\u4e00\u4e2a _IMAGE_DOS_HEADER   \u4e5f\u5c31\u662fMS_DOS\r\nstruct   stMS_DOS\r\n{\t\r\n\tWORD e_magic;\/\/magic number DOS\u5934\u6807\u8bb0              00h\r\n\tWORD e_cblp; \/\/ Bytes on last page of file\t\t   02h\r\n\tWORD e_cp;\t\/\/pages in file\t\t\t\t\t\t   04h\r\n\tWORD e_crlc;\/\/ Relocations\t\t\t\t\t\t   06h\r\n\tWORD e_cparhdr;\/\/ Size of header in paragraphs\t   08h\r\n\tWORD e_minalloc;\/\/ Minimum extra paragraphs needed 0ah\r\n\tWORD e_maxalloc;\/\/ Maximum extra paragraphs needed 0ch\r\n\tWORD e_ss;\t\/\/  Initial (relative) SS value        0eh\r\n\tWORD e_sp;\t\/\/  Initial SPvalue\t\t\t\t\t   10h\r\n\tWORD e_csum;\/\/check sum\t\t\t\t\t\t\t   12h\r\n\tWORD e_ip; \/\/Initial IP value\t\t\t\t\t   14h\r\n\tWORD e_cs;\/\/ Initial (relative) CS value\t\t   16h\r\n\tWORD e_lfarlc;\/\/ File address of relocation table  18h\r\n\tWORD e_ovno;  \/\/ Overlay number\t\t\t\t\t   1ah\r\n\tWORD e_res[4];\/\/ Reserved words\t\t\t\t\t   1ch\r\n\tWORD e_oemid;\/\/ OEM identifier (for e_oeminfo)\t   24h\r\n\tWORD e_oeminfo;\/\/OEM information; e_oemid specific 26h\r\n\tWORD e_res2[10];\/\/ Reserved words\t\t\t\t   28h\t\r\n\tlong e_lfanew;\t\/\/File address of new exe header   3ch     **\u6307\u5411PE\u5934\u90e8\r\n};\r\n\r\n\/\/IMAGE_DOS_HEADER\u4e4b\u540e\u662f\u4e00\u4e2a _IMAGE_NT_HEADERS \r\n struct stPE_HEADER\r\n{\r\n\tDWORD Signature;\t\t\/\/\u5b9a\u4e49PE\u6807\u5fd7\u4fe1\u606f \t\t    00h         \u5728\u6709\u6548\u7684PE\u6587\u4ef6\u4e2d\u503c\u662f 00 00 45 50\t\r\n\r\n\t\/*\u6620\u50cf\u6587\u4ef6\u5934 PE\u6587\u4ef6\u7684\u57fa\u672c\u4fe1\u606f\r\n\tIMAGE_FILE_HEADER \u5f00\u59cb*\/\r\n\tWORD  Machine;\t\t\/\/\t\t\t\t\t\t\t\t04h\t  \t\t\r\n\tWORD  NumberOfSections;\t\/\/\t\t\t\t\t\t\t06h\t\t\/\/pe\u6587\u4ef6\u4e2d\u533a\u5757\u7684\u6570\u91cf\r\n\tDWORD TimeDateStamp;\/\/\t\t\t\t\t\t\t\t08h\t\t\/\/\u6587\u4ef6\u65e5\u671f\u65f6\u95f4\u6233,\u6307\u8fd9\u4e2ape\u6587\u4ef6\u751f\u6210\u7684\u65f6\u95f4,\u5b83\u7684\u503c\u662f\u4ece1969\u5e7412\u670831\u65e516:00:00\u4ee5\u6765\u7684\u79d2\u6570.\r\n\tDWORD PointerToSymbolTable;\/\/\t\t\t\t\t\t0ch\t\t\/\/Coff\u8c03\u8bd5\u7b26\u53f7\u8868\u7684\u504f\u79fb\u5730\u5740.\r\n\tDWORD NumberOfSymbols;\/\/\t\t\t\t\t\t\t10h\t\t\/\/Coff\u7b26\u53f7\u8868\u4e2d\u7b26\u53f7\u7684\u4e2a\u6570. \u8fd9\u4e2a\u57df\u548c\u524d\u4e2a\u57df\u5728release\u7248\u672c\u7684\u7a0b\u5e8f\u91cc\u662f0.\r\n\tWORD  SizeOfOptionalHeader;\/\/IMAGE_OPTON_HEADER\u5927\u5c0f 14h\t\t\/\/IMAGE_OPTIONAL_HEADER32\u7ed3\u6784\u7684\u5927\u5c0f(\u5373\u591a\u5c11\u5b57\u8282).\r\n\tWORD  Characteristics;\/\/\t\t\t\t\t\t\t16h\t\t\/\/\u8fd9\u4e2a\u57df\u63cf\u8ff0pe\u6587\u4ef6\u7684\u4e00\u4e9b\u5c5e\u6027\u4fe1\u606f,\u6bd4\u5982\u662f\u5426\u53ef\u6267\u884c,\u662f\u5426\u662f\u4e00\u4e2a\u52a8\u6001\u8fde\u63a5\u5e93\u7b49\r\n\t\/*IMAGE_FILE_HEADER \u7ed3\u675f*\/\r\n\r\n\t\/\/IMAGE_OPTIONAL_HEADER32 option_header;\r\n\t\/\/\u8fd9\u4e2aIMAGE_OPTION_HEADER32\u7ed3\u6784\u653e\u5165PE_EXTHEADER\u4e2d\r\n};\r\n\r\n \/\/\u6620\u50cf\u53ef\u9009\u5934 \r\n struct stPE_ExtHeader\r\n {\r\n\t \/*_IMAGE_OPTIONAL_HEADER\u5f00\u59cb*\/\r\n\t \/\/ Standard fields\r\n\t \/\/Magic\u7528\u6765\u6807\u8bb0\u53ef\u6267\u884c\u6587\u4ef6\u662fRom\u955c\u50cf\u8fd8\u662f\u666e\u901a\u53ef\u6267\u884c\u7a0b\u5e8f \u5982\u679c\u662f\u4e00\u822c\u7684\u53ef\u6267\u884c\u7a0b\u5e8f\u5219\u662f010Bh \u5982\u679c\u662fPE32+ \u537364\u4f4d\u662f 020Bh\r\n\t WORD    Magic;\/\/\t\t\t\t\t\t\t\t\t18h\t\t\/\/\u5e7b\u6570,32\u4f4dpe\u6587\u4ef6\u603b\u4e3a010bh\r\n\t BYTE    MajorLinkerVersion;\/\/\t\t\t\t\t\t1ah\t\t\/\/\u8fde\u63a5\u5668\u4e3b\u7248\u672c\u53f7\r\n\t BYTE    MinorLinkerVersion;\/\/\t\t\t\t\t\t1bh\t\t\/\/\u8fde\u63a5\u5668\u526f\u7248\u672c\u53f7\r\n\t DWORD   SizeOfCode;\/\/\t\t\t\t\t\t\t\t1ch\t\t\/\/\u4ee3\u7801\u6bb5\u603b\u5927\u5c0f\r\n\t DWORD   SizeOfInitializedData;\/\/\t\t\t\t\t20h\t\t\/\/\u5df2\u521d\u59cb\u5316\u6570\u636e\u6bb5\u603b\u5927\u5c0f\r\n\t DWORD   SizeOfUninitializedData;\/\/\t\t\t\t\t24h\t\t\/\/\u672a\u521d\u59cb\u5316\u6570\u636e\u6bb5\u603b\u5927\u5c0f\r\n\t DWORD   AddressOfEntryPoint;\/\/\t\t\t\t\t\t28h\t\t\/\/\u7a0b\u5e8f\u6267\u884c\u5165\u53e3\u5730\u5740(RVA)\r\n\t DWORD   BaseOfCode;\/\/\t\t\t\t\t\t\t\t2ch\t\t\/\/\u4ee3\u7801\u6bb5\u8d77\u59cb\u5730\u5740(RVA)\r\n\t DWORD   BaseOfData;\/\/\t\t\t\t\t\t\t\t30h\t\t\/\/\u6570\u636e\u6bb5\u8d77\u59cb\u5730\u5740(RVA)\r\n\t\r\n\t \/\/ NT additional fields.\r\n\t DWORD   ImageBase;\/\/\t\t\t\t\t\t\t\t34h\t\t\/\/\u7a0b\u5e8f\u9ed8\u8ba4\u7684\u88c5\u5165\u8d77\u59cb\u5730\u5740\r\n\t DWORD   SectionAlignment;\/\/\t\t\t\t\t\t38h\t\t\/\/\u5185\u5b58\u4e2d\u533a\u5757\u7684\u5bf9\u9f50\u5355\u4f4d\r\n\t DWORD   FileAlignment;\/\/\t\t\t\t\t\t\t3ch\t\t\/\/\u6587\u4ef6\u4e2d\u533a\u5757\u7684\u5bf9\u9f50\u5355\u4f4d\r\n\t WORD    MajorOperatingSystemVersion;\/\/\t\t\t\t40h\t\t\/\/\u6240\u9700\u64cd\u4f5c\u7cfb\u7edf\u4e3b\u7248\u672c\u53f7\r\n\t WORD    MinorOperatingSystemVersion;\/\/\t\t\t\t42h\t\t\/\/\u6240\u9700\u64cd\u4f5c\u7cfb\u7edf\u526f\u7248\u672c\u53f7\r\n\t WORD    MajorImageVersion;\/\/\t\t\t\t\t\t44h\t\t\/\/\u81ea\u5b9a\u4e49\u4e3b\u7248\u672c\u53f7\r\n\t WORD    MinorImageVersion;\/\/\t\t\t\t\t\t46h\t\t\/\/\u81ea\u5b9a\u4e49\u526f\u7248\u672c\u53f7\r\n\t WORD    MajorSubsystemVersion;\/\/\t\t","orderid":"0","title":"\u56fe\u89e3VC++\u7248PE\u6587\u4ef6\u89e3\u6790\u5668\u6e90\u7801\u5206\u6790(\u4e00)","smalltitle":"","mid":"0","fname":"windows\u7f16\u7a0b\u57fa\u7840","special_id":"0","bak_id":"0","info":"0","hits":"708","pages":"7","comments":"0","posttime":"2016-07-14 15:02:55","list":"1468479775","username":"admin","author":"","copyfrom":"","copyfromurl":"","titlecolor":"","fonttype":"0","titleicon":"0","picurl":"http:\/\/www.cppentry.com\/upload_files\/","ispic":"0","yz":"1","yzer":"","yztime":"0","levels":"0","levelstime":"0","keywords":"\u56fe\u89e3<\/A> \u6587\u4ef6<\/A> \u89e3\u6790<\/A> \u6e90\u7801<\/A> \u5206\u6790<\/A>","jumpurl":"","iframeurl":"","style":"","template":"a:3:{s:4:\"head\";s:0:\"\";s:4:\"foot\";s:0:\"\";s:8:\"bencandy\";s:0:\"\";}","target":"0","ip":"14.17.22.31","lastfid":"0","money":"0","buyuser":"","passwd":"","allowdown":"","allowview":"","editer":"","edittime":"0","begintime":"0","endtime":"0","description":"\u56fe\u89e3VC++\u7248PE\u6587\u4ef6\u89e3\u6790\u5668\u6e90\u7801\u5206\u6790","lastview":"1490190226","digg_num":"0","digg_time":"0","forbidcomment":"0","ifvote":"0","heart":"","htmlname":"","city_id":"0"},"page":"1"}