用Dumpbin命令的Headers查看一下.dll文件的各节信息列表

最新推荐文章于 2021-02-06 17:47:21 发布

CoderAndClimber

最新推荐文章于 2021-02-06 17:47:21 发布

阅读量2.2k

点赞数

本文链接：https://blog.youkuaiyun.com/u014023993/article/details/21228345

版权

用Dumpbin命令的Headers查看一下.dll文件的各节信息列表：若.dll文件名为Hook，假设Hook.dll文件所在目录为C:\Users\Hook\Debug则在cmd命令中输入C:\Users\Hook\Debug>dumpbin -headers Hook.dll，则会显示：

Dump of file Hook.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
             14C machine (i386)
               6 number of sections
        53203BB9 time date stamp Wed Mar 12 18:49:29 2014
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
            210E characteristics
                   Executable
                   Line numbers stripped
                   Symbols stripped
                   32 bit word machine
                   DLL

OPTIONAL HEADER VALUES
             10B magic #
            6.00 linker version
           2B000 size of code
            E000 size of initialized data
               0 size of uninitialized data
            1360 RVA of entry point
            1000 base of code
            1000 base of data
        10000000 image base
            1000 section alignment
            1000 file alignment
            4.00 operating system version
            0.00 image version
            4.00 subsystem version
               0 Win32 version
           3A000 size of image
            1000 size of headers
               0 checksum
               2 subsystem (Windows GUI)
               0 DLL characteristics
          100000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
           2E030 [     150] RVA [size] of Export Directory
           36000 [      3C] RVA [size] of Import Directory
               0 [       0] RVA [size] of Resource Directory
               0 [       0] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
           38000 [    13EC] RVA [size] of Base Relocation Directory
           2C000 [      1C] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Special Directory
               0 [       0] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
           36200 [     1C4] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of Reserved Directory
               0 [       0] RVA [size] of Reserved Directory

SECTION HEADER #1
   .text name
   2A140 virtual size
    1000 virtual address
   2B000 size of raw data
    1000 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         Execute Read

SECTION HEADER #2
.rdata name
    2180 virtual size
   2C000 virtual address
    3000 size of raw data
   2C000 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

Debug Directories

    Type       Size      RVA Pointer
    ------ -------- -------- --------
    cv           2D 00000000    38000    Format: NB10, 532014b4, 5, C:\Users\Hoo
k\Debug\Hook.pdb

SECTION HEADER #3
   .data name
    65E0 virtual size
   2F000 virtual address
    5000 size of raw data
   2F000 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         Read Write

SECTION HEADER #4
.idata name
     AE2 virtual size
   36000 virtual address
    1000 size of raw data
   34000 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         Read Write

SECTION HEADER #5
   MySec name
     104 virtual size
   37000 virtual address
    1000 size of raw data
   35000 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
D0000040 flags
         Initialized Data
         Shared
         Read Write

SECTION HEADER #6
.reloc name
    183F virtual size
   38000 virtual address
    2000 size of raw data
   36000 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
42000040 flags
         Initialized Data
         Discardable
         Read Only

Summary

        7000 .data
        1000 .idata
        3000 .rdata
        2000 .reloc
       2B000 .text
        1000 MySec
其中可以看到Hook.dl文件中会有一个名称为".text"的节，编译时编译器会把所有代码放在这个节中，对于每个标准的节，其名称都是以圆点开头的，并且每个节最后的信息都列出了读写节的权限说明。