没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
Microsoft Portable Executable and Common Object File Format SpecificationMicrosoft Corporation Revision 6.0 - February 1999Note This document is provided to aid in the development of tools and applications for Microsoft Windows NT:registered: butis not guaranteed to be a complete specification in all respects. Microsoft reserves the right to alter this documentwithout notice.Microsoft, MS, MS-DOS, and CodeView are registered trademarks, and Windows, Windows NT, Win32, Win32s,and Visual C++
资源推荐
资源详情
资源评论
Microsoft Portable Executable and
Common Object File Format Specification
Microsoft Corporation
Revision 6.0 - February 1999
Note This document is provided to aid in the development of tools and applications for Microsoft Windows NT® but
is not guaranteed to be a complete specification in all respects. Microsoft reserves the right to alter this document
without notice.
Microsoft, MS, MS-DOS, and CodeView are registered trademarks, and Windows, Windows NT, Win32, Win32s,
and Visual C++ are trademarks of Microsoft Corporation in the USA and other countries.
Alpha AXP is a trademark of Digital Equipment Corporation. Intel is a registered trademark, and Intel386 is a
trademark of Intel Corporation. MIPS is a registered trademark of MIPS Computer Systems, Inc. Unicode is a
trademark of Unicode, Incorporated. UNIX is a registered trademark of UNIX Systems Laboratories. Other product
and company names mentioned herein may be the trademarks of their respective owners.
© 1999 Microsoft Corporation. All rights reserved.
Contents
1. General Concepts 4
2. Overview 5
3. File Headers 7
3.1. MS-DOS Stub (Image Only) 7
3.2. Signature (Image Only) 7
3.3. COFF File Header (Object & Image) 7
3.4. Optional Header (Usually Image Only) 10
4. Section Table (Section Headers) 16
4.1. Section Flags 17
4.2. Grouped Sections (Object Only) 19
5. Other Contents of the File 20
5.1. Section Data 20
5.2. COFF Relocations (Object Only) 20
5.3. COFF Line Numbers 28
5.4. COFF Symbol Table 29
5.5. Auxiliary Symbol Records 34
5.6. COFF String Table 38
5.7. The Attribute Certificate Table (Image Only) 38
5.8 Delay-Load Import Tables (Image Only) 39
6. Special Sections 41
6.1. The .debug Section 42
6.2. The .drectve Section (Object Only) 45
6.3. The .edata Section (Image Only) 45
6.4. The .idata Section 49
6.5. The .pdata Section 51
6.6. The .reloc Section (Image Only) 52
6.7. The .tls Section 54
6.8. The .rsrc Section 57
7. Archive (Library) File Format 61
7.1. Archive File Signature 62
7.2. Archive Member Headers 62
7.3. First Linker Member 63
7.4. Second Linker Member 64
7.5. Longnames Member 65
8. Import Library Format 65
8.1. Import Header 65
8.2. Import Type 66
8.3. Import Name Type 66
Appendix: Example Object File 67
Appendix: Calculating Image Message Digests 72
Fields Not To Include In Digests 72
1. General Concepts
This document specifies the structure of executable (image) files and object files under the
Microsoft Windows NT® operating system. These files are referred to as Portable Executable
(PE) and Common Object File Format (COFF) files respectively. The name “Portable Executable”
refers to the fact that the format is not architecture-specific.
Certain concepts appear repeatedly throughout the specification and are described in the
following table:
Name
Description
Image file
Executable file: either a .EXE file or a DLL. An image file can be
thought of as a “memory image.” The term “image file” is usually
used instead of “executable file,” because the latter sometimes is
taken to mean only a .EXE file.
Object file
A file given as input to the linker. The linker produces an image file,
which in turn is used as input by the loader. The term “object file”
does not necessarily imply any connection to object-oriented
programming.
RVA
Relative Virtual Address. In an image file, an RVA is always the
address of an item once loaded into memory, with the base address
of the image file subtracted from it. The RVA of an item will almost
always differ from its position within the file on disk (File Pointer).
In an object file, an RVA is less meaningful because memory
locations are not assigned. In this case, an RVA would be an
address within a section (see below), to which a relocation is later
applied during linking. For simplicity, compilers should just set the
first RVA in each section to zero.
Virtual Address (VA)
Same as RVA (see above), except that the base address of the
image file is not subtracted. The address is called a “Virtual
Address” because Windows NT creates a distinct virtual address
space for each process, independent of physical memory. For
almost all purposes, a virtual address should be considered just an
address. A virtual address is not as predictable as an RVA,
because the loader might not load the image at its preferred
location.
File pointer
Location of an item within the file itself, before being processed by
the linker (in the case of object files) or the loader (in the case of
image files). In other words, this is a position within the file as
stored on disk.
Date/Time Stamp
Date/time stamps are used in a number of places in a PE/COFF
file, and for different purposes. The format of each such stamp,
however, is always the same: that used by the time functions in the
C run-time library.
Section
A section is the basic unit of code or data within a PE/COFF file. In
an object file, for example, all code can be combined within a single
section, or (depending on compiler behavior) each function can
occupy its own section. With more sections, there is more file
overhead, but the linker is able to link in code more selectively. A
section is vaguely similar to a segment in Intel® 8086 architecture.
All the raw data in a section must be loaded contiguously. In
addition, an image file can contain a number of sections, such as
.tls or .reloc, that have special purposes.
Attribute certificates are used to associate verifiable statements
with an image. There are a number of different verifiable
statements that can be associated with a file, but one of the most
useful ones, and one that is easy to describe, is a statement by a
software manufacturer indicating what the message digest of the
image is expected to be. A message digest is similar to a
checksum except that it is extremely difficult to forge, and, therefore
it is very difficult to modify a file in such a way as to have the same
message digest as the original file. The statement may be verified
as being made by the manufacturer by use of public/private key
cryptography schemes. This document does not go into details of
attribute certificates other than to allow for their insertion into image
files.
2. Overview
Figures 1 and 2 illustrate the Microsoft PE executable format and the Microsoft COFF object-
module format.
剩余72页未读,继续阅读
资源评论
weixin_38718413
- 粉丝: 9
- 资源: 945
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 动手学深度学习,沐神版配套代码,所有代码均可在jupyter中运行,内附有极为详尽的代码注释
- qaxbrowser-1.1.32574.52.exe (奇安信浏览器windows安装包)
- C#编写modbus tcp客户端读取modbus tcp服务器数据
- 某房地产瑞六补环境部分代码
- 基于Matlab实现无刷直流电机仿真(模型+说明文档).rar
- AllSort(直接插入排序,希尔排序,选择排序,堆排序,冒泡排序,快速排序,归并排序)
- 模拟qsort,改造冒泡排序使其能排序任意数据类型,即日常练习
- carsim+simulink联合仿真实现变道 包含路径规划算法+mpc轨迹跟踪算法 可选simulink版本和c++版本算法 可以适用于弯道道路,弯道车道保持,弯道变道 carsim内规划轨迹可视化
- 数组经典习题之顺序排序和二分查找和冒泡排序
- 永磁同步电机神经网络自抗扰控制,附带编程涉及到的公式文档,方便理解,模型顺利运行,效果好,位置电流双闭环采用二阶自抗扰控制,永磁同步电机三闭环控制,神经网络控制,自抗扰中状态扩张观测器与神经网络结合
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功