代码之家  ›  专栏  ›  技术社区  ›  Pindatjuh

PE标题要求

coff portable-executable assembly winapi java
  •  5
  • Pindatjuh  · 技术社区  · 15 年前

    PE文件(PE/COFF)的要求是什么?为使其能够在Windows上“运行”,应至少设置哪些字段、哪个值(即执行“ret”指令,然后关闭,无误)。

    在PE文件能够在我的平台上实际执行之前,我不知道它需要什么。 我的测试平台是Vista。我收到一条错误消息,说“ 这不是有效的Win32可执行文件。 当我通过双击执行它时,我会得到一个“拒绝访问”。当使用CLI执行它时 指令

    我已经实现了一些在线文档(即MSDN和其他一些第三方文档)提供的PE头。如果我使用十六进制编辑器,它看起来几乎像一个普通的PE文件。我不使用任何导入、IAT或PE头中的任何目录。

    我添加了一个导入表 ,仍然不是有效的.exe文件,my Windows说。我尝试使用的值也在最小PE文件指南中提到。不走运。实际上,我似乎唯一搞不清楚的是什么是必需的,什么不是。一些导游告诉我一切都是必需的,而另一些人则说去润滑:可以是零。

    我希望这是足够的信息。

    当前PE标头的原始数据(根据要求): 

    4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 50 45 00 00 4C 01 02 00 C8 7A 55 4B 00 00 00 00 00 00 00 00 E0 00 82 01 0B 01 0D 25 00 10 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 0B 00 00 00 00 00 03 00 0A 00 00 00 00 00 00 22 00 00 38 01 00 00 00 00 00 00 03 00 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 00 00 00 00 00 10 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 69 64 61 74 61 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 20 00 00 00 00 00 00 00 00 00 00 24 20 00 00 34 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 01 00 00 80 00 00 00 00 01 00 00 80 00 00 00 00
    5 回复  |  直到 15 年前
        1
  •  1
  •   Stephen Kellett    15 年前

    你可以试试像.NET2.0ILAssembler这样的书。本书有一整章专门介绍PE格式的可执行文件是什么样子的(以及.Net PE是什么样子的)。

    您还可以尝试使用PE文件读取器加载PE文件并检查结果。 如果PE阅读器与您的PE发生冲突,那么您有一个指向失败原因的指针。

    PE File Reading DLL 我写了(与来源)。还有一个GUI(带有源代码)使用它。

    源代码是完全开放的(不受GPL的限制),因此您可以使用它做任何您想做的事情(除了对它施加GPL,这会阻止它完全开放),包括关闭您的版本。

        2
  •  2
  •   Daniel Goldberg    15 年前

    这是一个完全痛苦的复制粘贴到十六进制编辑器,所以不幸的是,我不能说任何太聪明的一开始。

    PE文件中需要注意的事项: 确保您的DOS标头有效。 确保IMAGE\u OPTIONAL\u头的格式正确,因为不管它的名称如何,Windows都不希望它不能正确执行。

    pe.txt ,这是我所知道的关于PE格式的最好的自制指南之一。

    如果你可以只发布字节,我可以试着把它放在我自己的PE解析器中,看看我是否可以提供更多帮助。

        3
  •  2
  •   Matthew Slattery    15 年前

    article about creating tiny PE executables 可能会引起兴趣:特别是,它提到Win2k加载程序需要导入KERNEL32.DLL,因此可能值得研究。

        4
  •  2
  •   yegg    15 年前

    您尝试执行的操作取决于您使用的Windows版本。例如,在Windows 2000上读取PE文件的方式与Windows 7读取PE文件的方式不同。我是一个OSX用户,但在我拥有的Windows7上,我无法以Windows2000和更早版本的方式操作PE文件。我还没有测试过XP或Vista(或2000和Win7之间的其他版本),以了解Windows何时开始以不同的方式阅读PE。在Windows 7上,MS-DOS标头和存根中的每一位内存都将被忽略。唯一重要的两个部分是“幻数”(一个等于“MZ”的单词)和PE偏移量,这是一个DWORD,用于定义PE头在内存中的位置。我不确定Windows是否100%地忽略MS-DOS头和存根中的所有其他值,但不包括我刚才提到的两个值,如果所有其他值都设置为0,有效的可执行程序将正常运行。

    4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

    这是PE文件的MS-DOS部分在Windows 7上所能拥有的最小值,同时仍然具有有效的可执行文件。这一点不能缩短。

    希望这能澄清一些事情。

        5
  •  0
  •   Cheeso    15 年前

    推荐文章
    vini  ·  安装wfp内核驱动程序后,devcon状态返回39
    3 年前
    cipher_junkie  ·  如何在windows中将图像指针传递到图像_dos_头
    3 年前
    NotI.mportant  ·  虚拟化Windows中第三方应用程序目录的存在(某种加载程序?)
    3 年前
    I101I  ·  如何镜像HBITMAP
    3 年前
    E235  ·  如何查看谁创建了Windows NamedPipe
    3 年前
    Pizza Äcke  ·  创建带有内存映像的Windows托盘图标
    3 年前
    10minutes  ·  stdcall是否使用SSE寄存器?他恢复了吗?
    3 年前
    Jabu  ·  如何获取列表框滚动条“拇指”的高度?
    3 年前
    tree1234  ·  对可执行文件进行代码设计,并允许修改某些字节
    3 年前
    Penachia  ·  PDF FontDescriptor标志
    7 年前
    关于  
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号