手动查找DOS头, NT头, FILE头, OPTIONAL头

DOS HEADER:
e_magic: 5A4D **
e_cblp: 0090
e_cp: 0003
e_crlc: 0000
e_caprhdr: 0004
e_minlloc: 0000
e_maxalloc: FFFF
e_ss: 0000
e_sp: 00B8
e_csum: 0000
e_ip: 0000
e_cs: 0000
e_ifarlc: 0040
e_ovnc: 0000
e_res[4]: 0000 0000 0000 0000
e_oemid: 0000
e_oeminfo: 0000
e_res2[10]: 0
e_lfanew: 00E0 **


NT_HEADERS
Signature: 00 00 45 50 **


FILE_HEADER
Machine: 014C ****
NumberOfSections: 0004 ****
TimeDateStamp: 4D74BC7E ****
PointerToSymbolTable; 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00E0 ****
Characteristics: 010F ****



OPTIONAL_HEADER
Magic: 010B ****
MajorLinkerVersion: 06
MinorLinkerVersion: 00
SizeOfCode: 00021000 ****
SizeOflnitializedData: 0001B000 ****
SizeOfUninitializedData: 00000000 ****
AdderssOfEntryPoint: 0001D26F ****
BaseOfCode: 00001000 ****
BaseOfData: 00022000 ****
ImageBase: 00400000 ****
SectionAlignment: 00001000 ****
FileAlignment: 00001000 ****
MajorOperatingSystemVersion: 0004
MinorOperationgSystemVersion: 0000
MajorImageVersion: 0000
MinorImageVersion: 0000
MajorSubsystemVersion: 0004
MinorSubsystemVersion: 0000
Win32VersionValue: 00000000
SizeOfImage: 0003D000 ****
SizeOfHeaders: 00001000 ****
CheckSum: 00000000 ****
Subsystem: 0002
DllCharacteristics: 0000
SizeOfStackReserve: 00100000 ****
SizeOfStackCommit: 00001000 ****
SizeOfHeapReserve: 00100000 ****
SizeOfHeapCommit: 00001000 ****
LoaderFlags: 00000000
NumberOfRvaAndSizes: 00000010

DataDirectory[16] ***

原文链接: 手动查找DOS头, NT头, FILE头, OPTIONAL头 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://gyarmy.com/post-295.html )

发表评论

0则评论给“手动查找DOS头, NT头, FILE头, OPTIONAL头”