程式設計師的自我修養 Chapter 5

1,519 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,519
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
38
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

程式設計師的自我修養 Chapter 5

  1. 1. 程式設計師的自我修養Chapter 5 Windows PE/COFF Shu-Yu Fu
  2. 2. Windows的二進位檔案格式PE/COFF PE PE+ (64-bit) COFF ELF COFF Linker PE (*.exe) (*.obj)#pragma data_seg("FOO")int global = 1;#pragma data_seg(".data")
  3. 3. PE的前身—COFF Image Header IMAGE_FILE_HEADER Section Table IMAGE_SECTION_HEADER[ ] .code / CODE / .text .data / DATA .drectve .debug$S ... other sections Symbol Table
  4. 4. PE的前身—COFFImage Header Image Header IMAGE_FILE_HEADER Section Table IMAGE_SECTION_HEADER[ ]File Type: COFF OBJECT .code / CODE / .textFILE HEADER VALUES 14C machine (x86) DATA .data / 5 number of sections 4F98DB48 time date.drectve stamp Thu Apr 26 13:21:12 2012 1E8 file pointer to symbol table .debug$S 14 number of symbols 0 size of optional header ... 0 characteristics other sections Symbol Table
  5. 5. PE的前身—COFF typedef struct _IMAGE_SECTION_HEADER { Section Header BYTE Name[8]; union { DWORD PhysicalAddress; Image Header // 載入記憶體後的大小 DWORD VirtualSize; IMAGE_FILE_HEADER } Misc; // 載入記憶體後的位置 Section Table DWORD VirtualAddress;IMAGE_SECTION_HEADER[ ] // 該區段在檔案中的大小 DWORD SizeOfRawData; .code / CODE / .text DWORD PointerToRawData; DWORD PointerToRelocations; .data / DATA DWORD PointerToLinenumbers; WORD NumberOfRelocations; .drectve WORD NumberOfLinenumbers; // 該區段的屬性 .debug$S DWORD Characteristics; } IMAGE_SECTION_HEADER; ... other sections Symbol Table
  6. 6. Image Header IMAGE_FILE_HEADER 連結指示資訊 Section Table IMAGE_SECTION_HEADER[ ] Directive .code / CODE / .text編譯器希望傳給連結器的參數 .data / DATASECTION HEADER #1 .drectve.drectve name 0 physical address .debug$S 0 virtual address 18 size of raw data ... DC file pointer to raw data (000000DC to 000000F3) other sections 0 file pointer to relocation table Symbol Table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 100A00 flags Info Remove 1 byte alignRAW DATA #1 00000000: 20 20 20 2F 44 45 46 41 55 4C 54 4C 49 42 3A 22/DEFAULTLIB:" 00000010: 4C 49 42 43 4D 54 22 20 LIBCMT" Linker Directives ----------------- /DEFAULTLIB:"LIBCMT"
  7. 7. Image Header IMAGE_FILE_HEADER Section Table除錯資訊 IMAGE_SECTION_HEADER[ ] .code / CODE / .text .data / DATA● .debug開始的區段都包含著除錯資訊,比如 .drectve● .debug$S包含的是symbol相關的除錯資訊 .debug$S● .debug$P => precompiled header files ... other sections● .debug$T => type Symbol Table● 具體格式定義在PE格式檔案標準
  8. 8. Image Header IMAGE_FILE_HEADER Section Table 大家都有符號表 IMAGE_SECTION_HEADER[ ] .code / CODE / .text .data / DATA .drectve .debug$S索引 空間 位置 類型 範圍 名稱 ...COFF SYMBOL TABLE other sections000 0083521E ABS notype Static | @comp.id001 00000001 ABS notype Static | @feat.00 Symbol Table002 00000000 SECT1 notype Static | .drectve Section length 18, #relocs 0, #linenums 0, checksum 0004 00000000 SECT2 notype Static | .debug$S Section length 68, #relocs 0, #linenums 0, checksum 0006 00000004 UNDEF notype External | _global_uninit_var007 00000000 SECT3 notype Static | .data Section length C, #relocs 0, #linenums 0, checksum 2FC02927009 00000000 SECT3 notype External | _global_init_var00A 00000004 SECT3 notype Static | $SG720 自動產生的符號00B 00000008 SECT3 notype Static | ?static_var@?1??main@@9@9 (`main::`2::static_var)00C 00000000 SECT4 notype Static | .text Section length 4E, #relocs 5, #linenums 0, checksum CC61DB9400E 00000000 SECT4 notype () External | _func100F 00000000 UNDEF notype () External | _printf010 00000020 SECT4 notype () External | _main011 00000000 SECT5 notype Static | .bss Section length 4, #relocs 0, #linenums 0, checksum 0013 00000000 SECT5 notype Static | ?static_var2@?1??main@@9@9 (`main::`2::static_var
  9. 9. Windows下的ELF—PEDOS MZ可執行檔格 e_lfanew式的檔頭的虛設常式 透過巨集_WIN64決 PE真正的檔頭 定使用64或32位元 版
  10. 10. PE資料目錄● 儲存用於很快地找到載入所需要的資料 ○ 匯入表 ○ 匯出表 ○ 資料 ○ 重定表 ○ ...等● 動態載入相關
  11. 11. 本章小結● 用MINGW產生的PE/COFF檔,似乎沒有. drectve section
  12. 12. 作業● 怎麼認出COFF檔?● 算checksum

×