有没有办法在运行时找到代码段(.data、.text 等)的地址? [英] Is there a way to find addresses of the code sections (.data, .text, etc) at runtime?

问题描述

我想编写一些代码，在运行时将在其自己的进程中打印每个代码段的地址和长度.是否有捷径可寻?我知道使用 void* main_address = main; 之类的代码找到 main 等函数的位置相对容易，但我想找到 .data 和 .text 之类的部分，我不知道当我编译时，我可以对它们做同样的事情.我正在 Windows 系统上编写此实验并针对 x86 架构进行编译.如果解决方案需要，我知道一些 x86 程序集.我真的很感激任何帮助或建议.谢谢！

I want to write some code that will print the addresses and lengths of each of the code sections in its own process when run. Is there an easy way to do this? I know it is relatively easy to find the location of functions like main using code like void* main_address = main;, but I want to find sections like .data and .text and I don't know if I can do the same thing with them when I compile. I am writing this experiment on a Windows system and compiling for the x86 architecture. I know a little x86 assembly if that is necessary for the solution. I would really appreciate any help or advice. Thanks!

推荐答案

只需通过PIMAGE_SECTION_HEADER s

void DumpSections()
{
    //PIMAGE_NT_HEADERS pinth = (PIMAGE_NT_HEADERS)((PBYTE)&__ImageBase + reinterpret_cast<PIMAGE_DOS_HEADER>(&__ImageBase)->e_lfanew);
    if (PIMAGE_NT_HEADERS pinth = RtlImageNtHeader(&__ImageBase))
    {
        if (ULONG NumberOfSections = pinth->FileHeader.NumberOfSections)
        {
            PIMAGE_SECTION_HEADER pish = IMAGE_FIRST_SECTION(pinth);

            do 
            {
                DbgPrint("%p %08x %.8s\n", (PBYTE)&__ImageBase + pish->VirtualAddress, pish->Misc.VirtualSize, pish->Name);
            } while (pish++, --NumberOfSections);
        }
    }
}

这篇关于有没有办法在运行时找到代码段(.data、.text 等)的地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！