5.1 Windows的二进制文件格式PE/COFF
PE文件格式事实上与ELF同根同源,它们都是由COFF格式发展而来。
5.2 PE前身——COFF
在win下,Command Prompt for vs 2017,cd命令进入源代码所在目录:
运行命令:
“cl”是VISUAL C++的编译器。/c参数表示只编译,不链接,只会生成obj文件,不会生成exe文件。如下:
如果不加这个参数,那么cl会在编译源代码后,再调用link链接器将生产的obj文件与默认的C运行库链接,生成exe文件。
“/Za”参数禁用这些C和C++的专有扩展。
可以使用下面命令查看obj的结构:
/ALL参数将打印输出目标文件的所有相关信息,包括文件头,每个段的属性和段的原始数据及符号表。
下面是打印出来的所有相关信息:
Microsoft (R) COFF/PE Dumper Version 14.10.25019.0 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file SimpleSection.obj File Type: COFF OBJECT FILE HEADER VALUES 14C machine (x86) 5 number of sections 5960849C time date stamp Sat Jul 8 15:07:08 2017 1F4 file pointer to symbol table 14 number of symbols 0 size of optional header 0 characteristics SECTION HEADER #1 .drectve name 0 physical address 0 virtual address 18 size of raw data DC file pointer to raw data (000000DC to 000000F3) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 100A00 flags Info Remove 1 byte align RAW DATA #1 00000000: 20 20 20 2F 44 45 46 41 55 4C 54 4C 49 42 3A 22 /DEFAULTLIB:" 00000010: 4C 49 42 43 4D 54 22 20 LIBCMT" Linker Directives ----------------- /DEFAULTLIB:LIBCMT SECTION HEADER #2 .debug$S name 0 physical address 0 virtual address 74 size of raw data F4 file pointer to raw data (000000F4 to 00000167) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42100040 flags Initialized Data Discardable 1 byte align Read Only RAW DATA #2 00000000: 04 00 00 00 F1 00 00 00 67 00 00 00 29 00 01 11 ....?...g...)... 00000010: 00 00 00 00 44 3A 5C 53 69 6D 70 6C 65 53 65 63 ....D:\SimpleSec 00000020: 74 69 6F 6E 5C 53 69 6D 70 6C 65 53 65 63 74 69 tion\SimpleSecti 00000030: 6F 6E 2E 6F 62 6A 00 3A 00 3C 11 00 22 00 00 07 on.obj.:.<.."... 00000040: 00 13 00 0A 00 BB 61 00 00 13 00 0A 00 BB 61 00 .....?a......?a. 00000050: 00 4D 69 63 72 6F 73 6F 66 74 20 28 52 29 20 4F .Microsoft (R) O 00000060: 70 74 69 6D 69 7A 69 6E 67 20 43 6F 6D 70 69 6C ptimizing Compil 00000070: 65 72 00 00 er.. SECTION HEADER #3 .data name 0 physical address 0 virtual address C size of raw data 168 file pointer to raw data (00000168 to 00000173) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300040 flags Initialized Data 4 byte align Read Write RAW DATA #3 00000000: 54 00 00 00 25 64 0A 00 55 00 00 00 T...%d..U... SECTION HEADER #4 .text$mn name 0 physical address 0 virtual address 4E size of raw data 174 file pointer to raw data (00000174 to 000001C1) 1C2 file pointer to relocation table 0 file pointer to line numbers 5 number of relocations 0 number of line numbers 60500020 flags Code 16 byte align Execute Read RAW DATA #4 00000000: 55 8B EC 8B 45 08 50 68 00 00 00 00 E8 00 00 00 U.ì.E.Ph....è... 00000010: 00 83 C4 08 5D C3 CC CC CC CC CC CC CC CC CC CC ..?.]?ìììììììììì 00000020: 55 8B EC 83 EC 08 C7 45 FC 01 00 00 00 A1 00 00 U.ì.ì.?Eü....?.. 00000030: 00 00 03 05 00 00 00 00 03 45 FC 03 45 F8 50 E8 .........Eü.E?Pè 00000040: 00 00 00 00 83 C4 04 8B 45 FC 8B E5 5D C3 .....?..Eü.?]? RELOCATIONS #4 Symbol Symbol Offset Type Applied To Index Name -------- ---------------- ----------------- -------- ------ 00000008 DIR32 00000000 A $SG1535 0000000D REL32 00000000 F _printf 0000002E DIR32 00000000 B ?static_var@?1??main@@9@9 (`main'::`2'::static_var) 00000034 DIR32 00000000 13 ?static_var2@?1??main@@9@9 (`main'::`2'::static_var2) 00000040 REL32 00000000 E _func1 SECTION HEADER #5 .bss name 0 physical address 0 virtual address 4 size of raw data 0 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300080 flags Uninitialized Data 4 byte align Read Write COFF SYMBOL TABLE 000 010461BB ABS notype Static | @comp.id 001 80000191 ABS notype Static | @feat.00 002 00000000 SECT1 notype Static | .drectve Section length 18, #relocs 0, #linenums 0, checksum 0 004 00000000 SECT2 notype Static | .debug$S Section length 74, #relocs 0, #linenums 0, checksum 0 006 00000000 SECT3 notype Static | .data Section length C, #relocs 0, #linenums 0, checksum AC5AB941 008 00000000 SECT3 notype External | _global_init_var 009 00000004 UNDEF notype External | _global_uninit_var 00A 00000004 SECT3 notype Static | $SG1535 00B 00000008 SECT3 notype Static | ?static_var@?1??main@@9@9 (`main'::`2'::static_var) 00C 00000000 SECT4 notype Static | .text$mn Section length 4E, #relocs 5, #linenums 0, checksum CC61DB94 00E 00000000 SECT4 notype () External | _func1 00F 00000000 UNDEF notype () External | _printf 010 00000020 SECT4 notype () External | _main 011 00000000 SECT5 notype Static | .bss Section length 4, #relocs 0, #linenums 0, checksum 0 013 00000000 SECT5 notype Static | ?static_var2@?1??main@@9@9 (`main'::`2'::static_var2) String Table Size = 0x5D bytes Summary 4 .bss C .data 74 .debug$S 18 .drectve 4E .text$mn