От: | Cynic | ||
Дата: | 05.05.15 22:46 | ||
Оценка: |
Вывод dumpbin /all | |
Microsoft (R) COFF/PE Dumper Version 11.00.61030.0 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file e:\test\sample1.exe PE signature found File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (x86) 2 number of sections 55452857 time date stamp Sat May 02 22:41:11 2015 0 file pointer to symbol table 0 number of symbols E0 size of optional header 102 characteristics Executable 32 bit word machine OPTIONAL HEADER VALUES 10B magic # (PE32) 11.00 linker version 400 size of code 200 size of initialized data 0 size of uninitialized data 238E entry point (0040238E) 2000 base of code 4000 base of data 400000 image base (00400000 to 00405FFF) 2000 section alignment 200 file alignment 4.00 operating system version 0.00 image version 4.00 subsystem version 0 Win32 version 6000 size of image 200 size of headers 0 checksum 3 subsystem (Windows CUI) 8540 DLL characteristics Dynamic base NX compatible No structured exception handler Terminal Server Aware 100000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit 0 loader flags 10 number of directories 0 [ 0] RVA [size] of Export Directory 2334 [ 57] RVA [size] of Import Directory 0 [ 0] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 4000 [ C] RVA [size] of Base Relocation Directory 0 [ 0] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory 0 [ 0] RVA [size] of Thread Storage Directory 0 [ 0] RVA [size] of Load Configuration Directory 0 [ 0] RVA [size] of Bound Import Directory 2000 [ 8] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 2008 [ 48] RVA [size] of COM Descriptor Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 .text name 394 virtual size 2000 virtual address (00402000 to 00402393) 400 size of raw data 200 file pointer to raw data (00000200 to 000005FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60000020 flags Code Execute Read RAW DATA #1 00402000: 70 23 00 00 00 00 00 00 48 00 00 00 02 00 05 00 p#......H....... 00402010: F4 20 00 00 40 02 00 00 01 00 00 00 03 00 00 06 o ..@........... 00402020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00402030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00402040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00402050: 13 30 03 00 0F 00 00 00 00 00 00 00 02 25 03 7D .0...........%.} 00402060: 01 00 00 04 04 7D 02 00 00 04 2A 00 13 30 03 00 .....}....*..0.. 00402070: 31 00 00 00 00 00 00 00 FE 0A 00 00 7B 01 00 00 1.......?...{... 00402080: 04 FE 0A 01 00 7B 01 00 00 04 59 25 5A FE 0A 00 .?...{....Y%Z?.. 00402090: 00 7B 02 00 00 04 FE 0A 01 00 7B 02 00 00 04 59 .{....?...{....Y 004020A0: 25 5A 58 28 01 00 00 0A 2A 00 00 00 13 30 03 00 %ZX(....*....0.. 004020B0: 39 00 00 00 00 00 00 00 23 00 00 00 00 00 00 00 9.......#....... 004020C0: 00 23 00 00 00 00 00 00 00 00 73 01 00 00 06 23 .#........s....# 004020D0: 00 00 00 00 00 00 F0 3F 23 00 00 00 00 00 00 F0 ......??#......? 004020E0: 3F 73 01 00 00 06 28 02 00 00 06 28 02 00 00 0A ?s....(....(.... 004020F0: 2A 00 00 00 42 53 4A 42 01 00 01 00 00 00 00 00 *...BSJB........ 00402100: 0C 00 00 00 76 34 2E 30 2E 33 30 33 31 39 00 00 ....v4.0.30319.. 00402110: 00 00 05 00 6C 00 00 00 10 01 00 00 23 7E 00 00 ....l.......#~.. 00402120: 7C 01 00 00 8C 00 00 00 23 53 74 72 69 6E 67 73 |.......#Strings 00402130: 00 00 00 00 08 02 00 00 08 00 00 00 23 55 53 00 ............#US. 00402140: 10 02 00 00 10 00 00 00 23 47 55 49 44 00 00 00 ........#GUID... 00402150: 20 02 00 00 20 00 00 00 23 42 6C 6F 62 00 00 00 ... ...#Blob... 00402160: 00 00 00 00 02 00 00 01 57 05 00 00 09 00 00 00 ........W....... 00402170: 00 FA 25 33 00 16 00 00 01 00 00 00 04 00 00 00 .u%3............ 00402180: 03 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 ................ 00402190: 02 00 00 00 01 00 00 00 01 00 00 00 00 00 3E 00 ..............>. 004021A0: 01 00 00 00 00 00 06 00 11 00 0A 00 06 00 1B 00 ................ 004021B0: 0A 00 06 00 25 00 0A 00 06 00 2C 00 0A 00 00 00 ....%.....,..... 004021C0: 00 00 01 00 00 00 00 00 01 00 01 00 01 01 00 00 ................ 004021D0: 53 00 00 00 05 00 01 00 01 00 01 00 00 00 59 00 S.............Y. 004021E0: 00 00 0D 00 03 00 03 00 06 00 65 00 0B 00 06 00 ..........e..... 004021F0: 67 00 0B 00 50 20 00 00 00 00 06 18 69 00 0E 00 g...P ......i... 00402200: 01 00 6C 20 00 00 00 00 16 00 6F 00 14 00 03 00 ..l ......o..... 00402210: AC 20 00 00 00 00 16 00 7C 00 1C 00 05 00 00 00 ┐ ......|....... 00402220: 01 00 65 00 00 00 02 00 67 00 00 00 01 00 78 00 ..e.....g.....x. 00402230: 00 00 02 00 7A 00 11 00 20 00 01 00 21 00 34 00 ....z... ...!.4. 00402240: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00402250: 00 00 00 00 81 00 00 00 00 00 00 00 00 00 00 00 ................ 00402260: 00 00 00 00 00 00 4A 00 00 00 00 00 00 00 00 00 ......J......... 00402270: 00 3C 4D 6F 64 75 6C 65 3E 00 53 79 73 74 65 6D .<Module>.System 00402280: 00 56 61 6C 75 65 54 79 70 65 00 4D 61 74 68 00 .ValueType.Math. 00402290: 53 71 72 74 00 4F 62 6A 65 63 74 00 43 6F 6E 73 Sqrt.Object.Cons 004022A0: 6F 6C 65 00 57 72 69 74 65 4C 69 6E 65 00 73 61 ole.WriteLine.sa 004022B0: 6D 70 6C 65 31 2E 65 78 65 00 6D 73 63 6F 72 6C mple1.exe.mscorl 004022C0: 69 62 00 50 6F 69 6E 74 00 53 61 6D 70 6C 65 43 ib.Point.SampleC 004022D0: 6C 61 73 73 00 78 00 79 00 2E 63 74 6F 72 00 44 lass.x.y..ctor.D 004022E0: 69 73 74 61 6E 63 65 00 61 00 62 00 44 65 6D 6F istance.a.b.Demo 004022F0: 00 53 61 6D 70 6C 65 31 00 00 00 00 00 03 20 00 .Sample1...... . 00402300: 00 00 00 00 1F 4C F9 F5 E3 F2 A9 48 B9 3F 12 A8 .....LuoaocH??.? 00402310: 03 C7 4F 84 00 04 00 01 0D 0D 04 00 01 01 0D 02 .CO............. 00402320: 06 0D 05 20 02 01 0D 0D 07 00 02 0D 11 08 11 08 ... ............ 00402330: 03 00 00 01 5C 23 00 00 00 00 00 00 00 00 00 00 ....\#.......... 00402340: 7E 23 00 00 00 20 00 00 00 00 00 00 00 00 00 00 ~#... .......... 00402350: 00 00 00 00 00 00 00 00 00 00 00 00 70 23 00 00 ............p#.. 00402360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00402370: 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 .._CorExeMain.ms 00402380: 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 coree.dll.....y% 00402390: 00 20 40 00 . @. clr Header: 48 cb 2.05 runtime version 20F4 [ 240] RVA [size] of MetaData Directory 1 flags IL Only 6000003 entry point token 0 [ 0] RVA [size] of Resources Directory 0 [ 0] RVA [size] of StrongNameSignature Directory 0 [ 0] RVA [size] of CodeManagerTable Directory 0 [ 0] RVA [size] of VTableFixups Directory 0 [ 0] RVA [size] of ExportAddressTableJumps Directory 0 [ 0] RVA [size] of ManagedNativeHeader Directory Section contains the following imports: mscoree.dll 402000 Import Address Table 40235C Import Name Table 0 time date stamp 0 Index of first forwarder reference 0 _CorExeMain SECTION HEADER #2 .reloc name C virtual size 4000 virtual address (00404000 to 0040400B) 200 size of raw data 600 file pointer to raw data (00000600 to 000007FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42000040 flags Initialized Data Discardable Read Only RAW DATA #2 00404000: 00 20 00 00 0C 00 00 00 90 33 00 00 . .......3.. BASE RELOCATIONS #2 2000 RVA, C SizeOfBlock 390 HIGHLOW 00402000 0 ABS Summary 2000 .reloc 2000 .text | |
400 size of raw data
200 file pointer to raw data (00000200 to 000005FF)
Поле cb (4 байта) - 48 00 00 00
Поле MajorRuntimeVersion (2 байта) - 02 00
Поле MinorRuntimeVersion (2 байта) - 05 00
и т.д.
От: | kochetkov.vladimir | https://kochetkov.github.io | |
Дата: | 06.05.15 08:18 | ||
Оценка: |
От: | Cynic | ||
Дата: | 06.05.15 09:47 | ||
Оценка: |
2000 [ 8] RVA [size] of Import Address Table Directory