PEDump.txt in pedump192(2).zip
Sponsored links
PE文件格式最近好像炒得沸沸扬扬,由于我正在做一个这样的程序,索性将自己的一点心得写出来与大家同享。
PE文件头分两大部分:
1:DOS ‘MZ’ HEADER
2:IMAGE_NT_HEADERS
其中IMAGE_NT_HEADERS中包含
PE signature
IMAGE_FILE_HEADER
IMAGE_OPTIONAL_HEADER(其中包含Data Direcotry)
文件头后紧跟着为
Section Table (array of IMAGE_SECTION_HEADERs)
在DELPHI的windows.pad中已经有定义的有:
TImageDosHeader;
TImageNtHeaders;
TImageSectionHeader; { size of TIm..der is $28 }
定义变量后按住Ctrl可以察看具体的项目,这里我就不多说了,这方面的东西也很多。
而其他的如TImageResourceDirectory等,在DELPHI中却没有定义,察看其他资料,我在这里给出他们的结构和简单说明:
以下是我写的PEDump.exe的类型说明:
type
PIMAGE_RESOURCE_DIRECTORY = ^TImageResourceDirectory;
_IMAGE_RESOURCE_DIRECTORY = packed record
Characteristics:DWORD;
TimeDateStamp:DWORD;
MajorVersion:WORD;
MinorVersion:WORD;
NumberOfNamedEntries:WORD;
NumberOfIdEntries:WORD;
end;
TImageResourceDirectory = _IMAGE_RESOURCE_DIRECTORY;
{ 资源目录的格式说明 }
PIMAGE_RESOURCE_DIRECTORY_ENTRY = ^TImageResourceDirectoryEntry;
_IMAGE_RESOURCE_DIRECTORY_ENTRY = packed record
Name:DWORD; { NameOffset:31,NameIsString:1 }
// Id:WORD;
OffsetToData:DWORD; { OffsetToDirectory:31,DataIsDirectory:1 }
end;
TImageResourceDirectoryEntry = _IMAGE_RESOURCE_DIRECTORY_ENTRY;
{ 资源目录进入点的格式说明 }
PIMAGE_RESOURCE_DIRECTORY_STRING = ^TImageResourceDirectoryString;
_IMAGE_RESOURCE_DIRECTORY_STRING = packed record
Length:WORD;
NameString:CHAR;
end;
TImageResourceDirectoryString = _IMAGE_RESOURCE_DIRECTORY_STRING;
{ 资源目录名的格式说明 }
PIMAGE_RESOURCE_DIR_STRING_U = ^TImageResourceDirStringU;
_IMAGE_RESOURCE_DIR_STRING_U = packed record
Length:WORD;
Nam
...
...
... to be continued.
This is a preview. To get the complete source file,
please click here to download the whole source code package.
pedump.exe
readme.txt
0
FUNC.PAS
Project1.dpr
FILTER.BMP
HOMEPAGE.JPG
TITLE.ICO