https://stackoverflow.com/questions/2082264
-
21-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
什么是PE文件(PE / COFF)的要求?哪些字段应该设置为使得它能够“运行”在Windows(即执行“RET”指令,然后关闭,没有错误),该值,在最低限度。
我建立第一库是接头:现在,我有问题是PE文件(PE / COFF)。 我不知道之前它实际上我的平台上执行什么是“必需”的PE文件。我的测试平台是Vista系统。我得到一个错误信息,称“这是不是有效的Win32可执行程序。”当我通过双击执行它,我得到一个“访问被拒绝”。与CLI执行时,它 CMD 。我有两个部分,和的.text。数据。
我已经实现了PE头如由几个在线文档,即MSDN和一些其他第三方提供的文件。如果我使用一个十六进制编辑器,它看起来几乎像一个普通的PE文件。我不使用任何进口,也不IAT,也没有任何目录中PE头部。
编辑:我添加了一个导入表后,仍然没有一个有效的.exe文件我的Windows说。我试图使用的也是在最小的PE文件指南中提到的值。没运气。真的,我似乎无法找出的唯一的事情是什么是需要的,哪些不是。一些导游告诉我需要的一切,而别人说deprications:它可以是零
。我希望这是足够的信息。 谢谢提前。的
当前PE头的原始数据(如请求):
4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 50 45 00 00 4C 01 02 00 C8 7A 55 4B 00 00 00 00 00 00 00 00 E0 00 82 01 0B 01 0D 25 00 10 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 0B 00 00 00 00 00 03 00 0A 00 00 00 00 00 00 22 00 00 38 01 00 00 00 00 00 00 03 00 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 00 00 00 00 00 10 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 69 64 61 74 61 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 20 00 00 00 00 00 00 00 00 00 00 24 20 00 00 34 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 01 00 00 80 00 00 00 00 01 00 00 80 00 00 00 00
解决方案
您可以尝试一本书像.NET 2.0 IL汇编。这本书有专门介绍一下一个PE格式的可执行看起来像一整章(那叫一个净PE的样子)。
您也可以尝试用PE文件阅读器加载你的PE文件,并检查结果。 如果PE读者您的PE斗争,那么你有一个指针什么是失败的。
下面是一个 PE文件读出DLL 我写(带有源) 。还存在使用它的GUI(与源)。
在源是完全开源的(不是由GPL担保),这样你可以做你想做的与它(除处以GPL,这将防止它被完全打开),包括把你的版本关闭。
其他提示
这是一个完整的疼痛复制粘贴到一个十六进制编辑器,所以很遗憾,我不能说什么太聪明了蝙蝠的权利。
观光PE文件通知: 确保您的DOS头是有效的。 确保IMAGE_OPTIONAL_HEADER格式正确,因为尽管它的名字,Windows并不真正喜欢它无法正确完成。
有关的进一步信息,超出该MS的格式,查找 pe.txt ,最好自制导板与PE格式我知道之一。
如果你可以发布只是个字节,我可以尝试把它在我自己的PE解析器,看看我是否能帮助更多。
你所试图做的是依赖于Windows版本所使用。例如,方式PE文件中读取在Windows 2000上是不一样的方式,Windows 7的读取它们。我是OSX用户,但在Windows 7中有我,我无法操纵,将在Windows 2000和更早的工作方式PE文件。我没有测试XP或Vista(或2000和Win7之间等)的时候看到的Windows开始阅读PE不同。在Windows 7,在MS-DOS头存储器和存根每单位被忽略。唯一的2个说事是“幻数”(字等于“MZ”)和偏移量的PE,这是定义在存储器中的地方PE头部开始一个DWORD。我不知道Windows是否真正忽略了MS-DOS头所有其他值和存根的100%的时间,但不包括我刚才提到的两个,如果所有其他值都设置为0,一个有效的可执行程序将正常运行
在Windows 2000和更早的版本,我不知道如果我上面提到的是真实的,但你在允许修改MS-DOS存根的长度时间(或者删除),前提是PE偏移值仍指向正确的位置在内存中找到的PE头。在Windows 7中,如果修改了MS-DOS存根的长度可言,即使PE偏移指向正确的,修改过的位置,Windows将无法运行exe文件,并声称它是不是有效的Win32应用程序。
<强> 4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00的 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
这是至少一个PE文件的MS-DOS部分可具有在Windows 7上,同时仍具有有效,功能的可执行文件。该位不能被缩短。
希望这会清除一些东西。
在微软PE / COFF规范是我知道的唯一的规范。
