• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
程式設計師的自我修養 Chapter 5
 

程式設計師的自我修養 Chapter 5

on

  • 1,092 views

 

Statistics

Views

Total Views
1,092
Views on SlideShare
1,092
Embed Views
0

Actions

Likes
0
Downloads
23
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    程式設計師的自我修養 Chapter 5 程式設計師的自我修養 Chapter 5 Presentation Transcript

    • 程式設計師的自我修養Chapter 5 Windows PE/COFF Shu-Yu Fu
    • Windows的二進位檔案格式PE/COFF PE PE+ (64-bit) COFF ELF COFF Linker PE (*.exe) (*.obj)#pragma data_seg("FOO")int global = 1;#pragma data_seg(".data")
    • PE的前身—COFF Image Header IMAGE_FILE_HEADER Section Table IMAGE_SECTION_HEADER[ ] .code / CODE / .text .data / DATA .drectve .debug$S ... other sections Symbol Table
    • PE的前身—COFFImage Header Image Header IMAGE_FILE_HEADER Section Table IMAGE_SECTION_HEADER[ ]File Type: COFF OBJECT .code / CODE / .textFILE HEADER VALUES 14C machine (x86) DATA .data / 5 number of sections 4F98DB48 time date.drectve stamp Thu Apr 26 13:21:12 2012 1E8 file pointer to symbol table .debug$S 14 number of symbols 0 size of optional header ... 0 characteristics other sections Symbol Table
    • PE的前身—COFF typedef struct _IMAGE_SECTION_HEADER { Section Header BYTE Name[8]; union { DWORD PhysicalAddress; Image Header // 載入記憶體後的大小 DWORD VirtualSize; IMAGE_FILE_HEADER } Misc; // 載入記憶體後的位置 Section Table DWORD VirtualAddress;IMAGE_SECTION_HEADER[ ] // 該區段在檔案中的大小 DWORD SizeOfRawData; .code / CODE / .text DWORD PointerToRawData; DWORD PointerToRelocations; .data / DATA DWORD PointerToLinenumbers; WORD NumberOfRelocations; .drectve WORD NumberOfLinenumbers; // 該區段的屬性 .debug$S DWORD Characteristics; } IMAGE_SECTION_HEADER; ... other sections Symbol Table
    • Image Header IMAGE_FILE_HEADER 連結指示資訊 Section Table IMAGE_SECTION_HEADER[ ] Directive .code / CODE / .text編譯器希望傳給連結器的參數 .data / DATASECTION HEADER #1 .drectve.drectve name 0 physical address .debug$S 0 virtual address 18 size of raw data ... DC file pointer to raw data (000000DC to 000000F3) other sections 0 file pointer to relocation table Symbol Table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 100A00 flags Info Remove 1 byte alignRAW DATA #1 00000000: 20 20 20 2F 44 45 46 41 55 4C 54 4C 49 42 3A 22/DEFAULTLIB:" 00000010: 4C 49 42 43 4D 54 22 20 LIBCMT" Linker Directives ----------------- /DEFAULTLIB:"LIBCMT"
    • Image Header IMAGE_FILE_HEADER Section Table除錯資訊 IMAGE_SECTION_HEADER[ ] .code / CODE / .text .data / DATA● .debug開始的區段都包含著除錯資訊,比如 .drectve● .debug$S包含的是symbol相關的除錯資訊 .debug$S● .debug$P => precompiled header files ... other sections● .debug$T => type Symbol Table● 具體格式定義在PE格式檔案標準
    • Image Header IMAGE_FILE_HEADER Section Table 大家都有符號表 IMAGE_SECTION_HEADER[ ] .code / CODE / .text .data / DATA .drectve .debug$S索引 空間 位置 類型 範圍 名稱 ...COFF SYMBOL TABLE other sections000 0083521E ABS notype Static | @comp.id001 00000001 ABS notype Static | @feat.00 Symbol Table002 00000000 SECT1 notype Static | .drectve Section length 18, #relocs 0, #linenums 0, checksum 0004 00000000 SECT2 notype Static | .debug$S Section length 68, #relocs 0, #linenums 0, checksum 0006 00000004 UNDEF notype External | _global_uninit_var007 00000000 SECT3 notype Static | .data Section length C, #relocs 0, #linenums 0, checksum 2FC02927009 00000000 SECT3 notype External | _global_init_var00A 00000004 SECT3 notype Static | $SG720 自動產生的符號00B 00000008 SECT3 notype Static | ?static_var@?1??main@@9@9 (`main::`2::static_var)00C 00000000 SECT4 notype Static | .text Section length 4E, #relocs 5, #linenums 0, checksum CC61DB9400E 00000000 SECT4 notype () External | _func100F 00000000 UNDEF notype () External | _printf010 00000020 SECT4 notype () External | _main011 00000000 SECT5 notype Static | .bss Section length 4, #relocs 0, #linenums 0, checksum 0013 00000000 SECT5 notype Static | ?static_var2@?1??main@@9@9 (`main::`2::static_var
    • Windows下的ELF—PEDOS MZ可執行檔格 e_lfanew式的檔頭的虛設常式 透過巨集_WIN64決 PE真正的檔頭 定使用64或32位元 版
    • PE資料目錄● 儲存用於很快地找到載入所需要的資料 ○ 匯入表 ○ 匯出表 ○ 資料 ○ 重定表 ○ ...等● 動態載入相關
    • 本章小結● 用MINGW產生的PE/COFF檔,似乎沒有. drectve section
    • 作業● 怎麼認出COFF檔?● 算checksum