PE结构

2017-04-10 18:41:57   0  举报





仅支持查看

PE结构，即程序执行保护结构，是一种计算机安全技术。其主要功能是通过加密、解密和校验等手段，保护程序代码的完整性和安全性，防止被恶意篡改或破解。PE结构通常包括代码段、数据段、堆栈段等多个部分，每个部分都有特定的功能和用途。此外，PE结构还支持动态链接库、资源文件等外部模块的引用和管理，使得程序更加灵活和可扩展。在Windows操作系统中，几乎所有的应用程序都采用了PE结构作为程序的基本架构。因此，了解和掌握PE结构的基本原理和使用方法，对于开发人员和系统管理员来说都是非常重要的技能。

作者其他创作

大纲/内容

0x10 DWORD AddressOfEntryPoint;

0x00 BYTE Name[IMAGE_SIZEOF_SHORT_NAME];

0x18 DWORD PointerToRelocations;0x1c DWORD PointerToLinenumbers;0x20 WORD NumberOfRelocations;0x22 WORD NumberOfLinenumbers;

0x02 CHAR Stub[58]

0x14 DWORD BaseOfCode;0x18 DWORD BaseOfData;//// NT additional fields.//

0x0c DWORD VirtualAddress;0x10 DWORD SizeOfRawData;0x14 DWORD PointerToRawData;

IMAGE_SECTION_HEADER

struct _IMAGE_DATA_DIRECTORY { 0x00 DWORD VirtualAddress; 0x04 DWORD Size;};

0x3c DWORD e_lfanew

IMAGE_DOS_HEADER

0x3c DWORD SizeOfHeaders;

0x5c DWORD NumberOfRvaAndSizes;

union { 0x08 DWORD PhysicalAddress; //no use 0x08 DWORD VirtualSize;} Misc;

0x10 WORD SizeOfOptionalHeader0x12 WORD Characteristics

SECTION_DATA

//// Standard fields.//

0x02 WORD NumberOfSections

0x60 _IMAGE_DATA_DIRECTORY DataDirectory[16];

0x04 IMAGE_FILE_HEADER FileHeader

IMAGE_NT_HEADERS

0x00 WORD Machine

0x00 WORD Magic;

0x00 DWORD Signature

0x1c DWORD ImageBase;0x20 DWORD SectionAlignment;0x24 DWORD FileAlignment;

0x02 BYTE MajorLinkerVersion;0x03 BYTE MinorLinkerVersion;0x04 DWORD SizeOfCode;0x08 DWORD SizeOfInitializedData;0x0c DWORD SizeOfUninitializedData;

0x38 DWORD SizeOfImage;

0x24 DWORD Characteristics;

0x04 DWORD TimeDateStamp0x08 DWORD PointerToSymbolTable0x0c DWORD NumberOfSymbols

0x40 DWORD CheckSum;0x44 WORD Subsystem;0x46 WORD DllCharacteristics;0x48 DWORD SizeOfStackReserve;0x4c DWORD SizeOfStackCommit;0x50 DWORD SizeOfHeapReserve;0x54 DWORD SizeOfHeapCommit;0x58 DWORD LoaderFlags;

0x18 IMAGE_OPTIONAL_HEADER OptionalHeader

0x00 WORD e_magic

0x28 WORD MajorOperatingSystemVersion;0x2a WORD MinorOperatingSystemVersion;0x2c WORD MajorImageVersion;0x2e WORD MinorImageVersion;0x30 WORD MajorSubsystemVersion;0x32 WORD MinorSubsystemVersion;0x34 DWORD Win32VersionValue;