请问下这个16进制的码是什么意思
// PE// All tree nodes below use the hex editor to modify the PE file
//
// 00000000 - 0000003F DOS 头
//
// IMAGE_DOS_HEADER:
// 00000000 - 00000001 5A4D = e_magic
// 00000002 - 00000003 0090 = e_cblp
// 00000004 - 00000005 0003 = e_cp
// 00000006 - 00000007 0000 = e_crlc
// 00000008 - 00000009 0004 = e_cparhdr
// 0000000A - 0000000B 0000 = e_minalloc
// 0000000C - 0000000D FFFF = e_maxalloc
// 0000000E - 0000000F 0000 = e_ss
// 00000010 - 00000011 00B8 = e_sp
// 00000012 - 00000013 0000 = e_csum
// 00000014 - 00000015 0000 = e_ip
// 00000016 - 00000017 0000 = e_cs
// 00000018 - 00000019 0040 = e_lfarlc
// 0000001A - 0000001B 0000 = e_ovno
// 0000001C - 0000001D 0000 = e_res
// 0000001E - 0000001F 0000 = e_res
// 00000020 - 00000021 0000 = e_res
// 00000022 - 00000023 0000 = e_res
// 00000024 - 00000025 0000 = e_oemid
// 00000026 - 00000027 0000 = e_oeminfo
// 00000028 - 00000029 0000 = e_res2
// 0000002A - 0000002B 0000 = e_res2
// 0000002C - 0000002D 0000 = e_res2
// 0000002E - 0000002F 0000 = e_res2
// 00000030 - 00000031 0000 = e_res2
// 00000032 - 00000033 0000 = e_res2
// 00000034 - 00000035 0000 = e_res2
// 00000036 - 00000037 0000 = e_res2
// 00000038 - 00000039 0000 = e_res2
// 0000003A - 0000003B 0000 = e_res2
// 0000003C - 0000003F 000000C0 = e_lfanew
//
// 000000C4 - 000000D7 文件头
//
// IMAGE_FILE_HEADER:
// 000000C4 - 000000C5 014C = Machine
// 000000C6 - 000000C7 0004 = NumberOfSections
// 000000C8 - 000000CB 59FBD452 = TimeDateStamp
// 000000CC - 000000CF 00000000 = PointerToSymbolTable
// 000000D0 - 000000D3 00000000 = NumberOfSymbols
// 000000D4 - 000000D5 00E0 = SizeOfOptionalHeader
// 000000D6 - 000000D7 210E = Characteristics
//
// 000000D8 - 000001B7 可选头(32 -位)
//
// IMAGE_OPTIONAL_HEADER32:
// 000000D8 - 000000D9 010B = Magic
// 000000DA - 000000DA 06 = MajorLinkerVersion
// 000000DB - 000000DB 00 = MinorLinkerVersion
// 000000DC - 000000DF 00046000 = SizeOfCode
// 000000E0 - 000000E3 00086000 = SizeOfInitializedData
// 000000E4 - 000000E7 00000000 = SizeOfUninitializedData
// 000000E8 - 000000EB 0000296C = AddressOfEntryPoint
// 000000EC - 000000EF 00001000 = BaseOfCode
// 000000F0 - 000000F3 00047000 = BaseOfData
// 000000F4 - 000000F7 11000000 = ImageBase
// 000000F8 - 000000FB 00001000 = SectionAlignment
// 000000FC - 000000FF 00001000 = FileAlignment
// 00000100 - 00000101 0004 = MajorOperatingSystemVersion
// 00000102 - 00000103 0000 = MinorOperatingSystemVersion
// 00000104 - 00000105 0004 = MajorImageVersion
// 00000106 - 00000107 0001 = MinorImageVersion
// 00000108 - 00000109 0004 = MajorSubsystemVersion
// 0000010A - 0000010B 0000 = MinorSubsystemVersion
// 0000010C - 0000010F 00000000 = Win32VersionValue
// 00000110 - 00000113 000CD000 = SizeOfImage
// 00000114 - 00000117 00001000 = SizeOfHeaders
// 00000118 - 0000011B 000D58DD = CheckSum
// 0000011C - 0000011D 0002 = Subsystem
// 0000011E - 0000011F 0000 = DllCharacteristics
// 00000120 - 00000123 00100000 = SizeOfStackReserve
// 00000124 - 00000127 00001000 = SizeOfStackCommit
// 00000128 - 0000012B 00100000 = SizeOfHeapReserve
// 0000012C - 0000012F 00001000 = SizeOfHeapCommit
// 00000130 - 00000133 00000000 = LoaderFlags
// 00000134 - 00000137 00000010 = NumberOfRvaAndSizes
// 00000138 - 0000013B 000465F0 = Export RVA
// 0000013C - 0000013F 000000A4 = Export Size
// 00000140 - 00000143 00045814 = Import RVA
// 00000144 - 00000147 00000028 = Import Size
// 00000148 - 0000014B 0004C000 = Resource RVA
// 0000014C - 0000014F 00079018 = Resource Size
// 00000150 - 00000153 00000000 = Exception RVA
// 00000154 - 00000157 00000000 = Exception Size
// 00000158 - 0000015B 000C9000 = Security RVA
// 0000015C - 0000015F 00000D38 = Security Size
// 00000160 - 00000163 000C6000 = Base Reloc RVA
// 00000164 - 00000167 00005B24 = Base Reloc Size
// 00000168 - 0000016B 00000000 = Debug RVA
// 0000016C - 0000016F 00000000 = Debug Size
// 00000170 - 00000173 00000000 = Architecture RVA
// 00000174 - 00000177 00000000 = Architecture Size
// 00000178 - 0000017B 00000000 = Global Ptr RVA
// 0000017C - 0000017F 00000000 = Global Ptr Size
// 00000180 - 00000183 00000000 = TLS RVA
// 00000184 - 00000187 00000000 = TLS Size
// 00000188 - 0000018B 00000000 = Load Config RVA
// 0000018C - 0000018F 00000000 = Load Config Size
// 00000190 - 00000193 00000258 = Bound Import RVA
// 00000194 - 00000197 00000020 = Bound Import Size
// 00000198 - 0000019B 00001000 = IAT RVA
// 0000019C - 0000019F 0000034C = IAT Size
// 000001A0 - 000001A3 00000000 = Delay Import RVA
// 000001A4 - 000001A7 00000000 = Delay Import Size
// 000001A8 - 000001AB 00000000 = .NET RVA
// 000001AC - 000001AF 00000000 = .NET Size
// 000001B0 - 000001B3 00000000 = Reserved15 RVA
// 000001B4 - 000001B7 00000000 = Reserved15 Size
//
// 000001B8 - 000001DF Section #0: .text
//
// IMAGE_SECTION_HEADER:
// 000001B8 - 000001BF .text = Name
// 000001C0 - 000001C3 00045694 = VirtualSize
// 000001C4 - 000001C7 00001000 = VirtualAddress
// 000001C8 - 000001CB 00046000 = SizeOfRawData
// 000001CC - 000001CF 00001000 = PointerToRawData
// 000001D0 - 000001D3 00000000 = PointerToRelocations
// 000001D4 - 000001D7 00000000 = PointerToLinenumbers
// 000001D8 - 000001D9 0000 = NumberOfRelocations
// 000001DA - 000001DB 0000 = NumberOfLinenumbers
// 000001DC - 000001DF 60000020 = Characteristics
//
// 000001E0 - 00000207 Section #1: .data
//
// IMAGE_SECTION_HEADER:
// 000001E0 - 000001E7 .data = Name
// 000001E8 - 000001EB 00004258 = VirtualSize
// 000001EC - 000001EF 00047000 = VirtualAddress
// 000001F0 - 000001F3 00001000 = SizeOfRawData
// 000001F4 - 000001F7 00047000 = PointerToRawData
// 000001F8 - 000001FB 00000000 = PointerToRelocations
// 000001FC - 000001FF 00000000 = PointerToLinenumbers
// 00000200 - 00000201 0000 = NumberOfRelocations
// 00000202 - 00000203 0000 = NumberOfLinenumbers
// 00000204 - 00000207 C0000040 = Characteristics
//
// 00000208 - 0000022F Section #2: .rsrc
//
// IMAGE_SECTION_HEADER:
// 00000208 - 0000020F .rsrc = Name
// 00000210 - 00000213 00079018 = VirtualSize
// 00000214 - 00000217 0004C000 = VirtualAddress
// 00000218 - 0000021B 0007A000 = SizeOfRawData
// 0000021C - 0000021F 00048000 = PointerToRawData
// 00000220 - 00000223 00000000 = PointerToRelocations
// 00000224 - 00000227 00000000 = PointerToLinenumbers
// 00000228 - 00000229 0000 = NumberOfRelocations
// 0000022A - 0000022B 0000 = NumberOfLinenumbers
// 0000022C - 0000022F 40000040 = Characteristics
//
// 00000230 - 00000257 Section #3: .reloc
//
// IMAGE_SECTION_HEADER:
// 00000230 - 00000237 .reloc = Name
// 00000238 - 0000023B 00006484 = VirtualSize
// 0000023C - 0000023F 000C6000 = VirtualAddress
// 00000240 - 00000243 00007000 = SizeOfRawData
// 00000244 - 00000247 000C2000 = PointerToRawData
// 00000248 - 0000024B 00000000 = PointerToRelocations
// 0000024C - 0000024F 00000000 = PointerToLinenumbers
// 00000250 - 00000251 0000 = NumberOfRelocations
// 00000252 - 00000253 0000 = NumberOfLinenumbers
// 00000254 - 00000257 42000040 = Characteristics
举个dos头的例子 本帖最后由 jackz007 于 2022-11-17 16:59 编辑
这是 DOS 文件头,就是 DOS exe 文件的说明信息,有了这些信息,你在键入命令要执行这个 exe 程序的时候,DOS 会首先读入 DOS 文件头,解析里面的各个数据项,然后,按照文件头的说明加载 exe 文件映像,初始化各个寄存器,再把控制转交给被加载的 exe 文件的 CS : IP 入口指令,程序就开始运行起来了。 jackz007 发表于 2022-11-17 16:56
这是 DOS 文件头,就是 DOS exe 文件的说明信息,有了这些信息,你在键入命令要执行这个 exe 程序 ...
哦,感谢
页:
[1]