PE 文件 - 缺少什么? [英] PE file - what's missing?
问题描述
我正在尝试生成 PE 格式的可执行文件 - Windows 7,64 位,最初是用于测试目的的最小文件,仅用于
I'm trying to generate an executable in PE format - Windows 7, 64 bit, initially a minimal file for testing purposes that does nothing more than
mov eax, 42
ret
我有一个 dumpbin 似乎很满意并且包含所有字段的明显有效值,我可以找到的各种来源说实际使用过,但是当我尝试运行它时,Windows 说不是有效的 Win32 应用程序".dumpbin 输出如下;谁能从中看出我错过了什么?
I've got one that dumpbin seems happy with and contains apparently valid values for all the fields the various sources I can find say are actually used, but when I try to run it, Windows says 'not a valid Win32 application'. dumpbin output follows; can anyone see from this what I'm missing?
Dump of file a.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
8664 machine (x64)
1 number of sections
0 time date stamp Thu Jan 01 00:00:00 1970
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
22 characteristics
Executable
Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES
20B magic # (PE32+)
2.05 linker version
0 size of code
0 size of initialized data
0 size of uninitialized data
1000 entry point (0000000140001000)
0 base of code
140000000 image base (0000000140000000 to 0000000140000FFF)
1000 section alignment
200 file alignment
0.00 operating system version
0.00 image version
4.00 subsystem version
0 Win32 version
1000 size of image
200 size of headers
0 checksum
3 subsystem (Windows CUI)
8100 DLL characteristics
NX compatible
Terminal Server Aware
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
0 [ 0] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
0 [ 0] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
6 virtual size
1000 virtual address (0000000140001000 to 0000000140001005)
200 size of raw data
200 file pointer to raw data (00000200 to 000003FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
RAW DATA #1
0000000140001000: B8 2A 00 00 00 C3 ©*...+
Summary
1000 .text
推荐答案
您的图像大小"仅包含标题区域;.text 部分和入口点位于它之外.将其设置为至少 1006,该文件应该可以工作.
Your "size of image" covers only the header area; the .text section and the entry point lies outside of it. Set it to at least 1006 and the file should work.
我是如何找到它的:
制作了一个最小的 C 程序:
Made a minimal C program:
int entry(){返回 42;}
int entry() { return 42; }
在没有库和自定义条目的情况下编译它:
Compiled it without libraries and with custom entry:
cl test.cpp/link/nodefaultlib/entry:entry/subsystem:console
cl test.cpp /link /nodefaultlib /entry:entry /subsystem:console
开始编辑标题以匹配您的列表,并在每次更改后运行 exe.将 SizeOfImage 更改为 1000 后,我收到不是有效的 Win32 应用程序"消息.
Started editing the header to match your listing, and run the exe after each change. Once I changed the SizeOfImage to 1000, I got the "not a valid Win32 application" message.
这篇关于PE 文件 - 缺少什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
