📄 chap8-1-3.htm.primary

📁 加密与解密,软件加密保护技术与解决方案,看雪文档!
💻 PRIMARY
📖 第 1 页 / 共 2 页
字号:
上一页 12
<p><font size="2" color="#000000">最有趣的东东在<b> </b></font><font color="#000000" size="2" face="MS Sans Serif"><b>OptionalHeader</b></font><font size="2" color="#000000"> 
  里。不过，</font><font color="#000000" size="2" face="MS Sans Serif"><b>FileHeader</b> 
  </font><font size="2" color="#000000">里的一些域也很重要。本课我们将学习</font><font color="#000000" size="2" face="MS Sans Serif"><b>FileHeader</b></font><font color="#000000" size="2"><b>，</b>下一课研究</font><font color="#000000" size="2" face="MS Sans Serif"><b>OptionalHeader</b></font><font size="2" color="#000000">。</font></p>
<p><font color="#000000" size="2" face="MS Sans Serif"><b>IMAGE_FILE_HEADER STRUCT 
  <br>
  &nbsp;&nbsp;&nbsp; Machine WORD ? <br>
  &nbsp;&nbsp;&nbsp; NumberOfSections WORD ? <br>
  &nbsp;&nbsp;&nbsp; TimeDateStamp dd ? <br>
  &nbsp;&nbsp;&nbsp; PointerToSymbolTable dd ? <br>
  &nbsp;&nbsp;&nbsp; NumberOfSymbols dd ? <br>
  &nbsp;&nbsp;&nbsp; SizeOfOptionalHeader WORD ? <br>
  &nbsp;&nbsp;&nbsp; Characteristics WORD ? <br>
  IMAGE_FILE_HEADER ENDS </b></font></p>
<table border="1" cellpadding="2">
  <tr> 
    <th bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>Field 
      name</b></font></th>
    <th bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF">Meanings</font></th>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>Machine</b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">该文件运行所要求的</font><font size="2" face="MS Sans Serif" color="#FFFFFF">CPU</font><font size="2" color="#FFFFFF">。对于</font><font size="2" face="MS Sans Serif" color="#FFFFFF">Intel</font><font size="2" color="#FFFFFF">平台，该值是</font><font color="#FFFFFF" size="2" face="MS Sans Serif"><b>IMAGE_FILE_MACHINE_I386</b> 
      (14Ch)</font><font size="2" color="#FFFFFF">。我们尝试了</font><font size="2" face="MS Sans Serif" color="#FFFFFF">LUEVELSMEYER</font><font size="2" color="#FFFFFF">的</font><font size="2" face="MS Sans Serif" color="#FFFFFF">pe.txt</font><font size="2" color="#FFFFFF">声明的</font><font size="2" face="MS Sans Serif" color="#FFFFFF">14Dh</font><font size="2" color="#FFFFFF">和</font><font size="2" face="MS Sans Serif" color="#FFFFFF">14Eh</font><font size="2" color="#FFFFFF">，但</font><font size="2" face="MS Sans Serif" color="#FFFFFF">Windows</font><font size="2" color="#FFFFFF">不能正确执行。看起来，除了禁止程序执行之外，本域对我们来说用处不大。</font></td>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>NumberOfSections 
      </b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">文件的节数目。如果我们要在文件中增加或删除一个节，就需要修改这个值。</font></td>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>TimeDateStamp</b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">文件创建日期和时间。我们不感兴趣。</font></td>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>PointerToSymbolTable</b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">用于调试。</font></td>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>NumberOfSymbols</b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">用于调试。</font></td>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>SizeOfOptionalHeader</b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">指示紧随本结构之后的 
      </font><font color="#FFFFFF" size="2" face="MS Sans Serif"><b>OptionalHeader</b> 
      </font><font size="2" color="#FFFFFF">结构大小，必须为有效值。</font></td>
  </tr>
  <tr> 
    <td align="center" bgcolor="#006666"><font size="2" face="MS Sans Serif" color="#FFFFFF"><b>Characteristics</b></font></td>
    <td align="center" bgcolor="#006666"><font size="2" color="#FFFFFF">关于文件信息的标记，比如文件是</font><font size="2" face="MS Sans Serif" color="#FFFFFF">exe</font><font size="2" color="#FFFFFF">还是</font><font size="2" face="MS Sans Serif" color="#FFFFFF">dll</font><font size="2" color="#FFFFFF">。</font></td>
  </tr>
</table>
<p><font size="2" color="#000000">简言之，只有三个域对我们有一些用</font><font size="2" face="MS Sans Serif" color="#000000">:<b> 
  Machine</b>, <b>NumberOfSections</b> </font><font size="2" color="#000000">和</font><font size="2" face="MS Sans Serif" color="#000000"> 
  <b>Characteristics</b></font><font size="2" color="#000000">。通常不会改变</font><font size="2" face="MS Sans Serif" color="#000000"> 
  <b>Machine</b> </font><font size="2" color="#000000">和</font><font color="#000000" size="2" face="MS Sans Serif"><b>Characteristics</b> 
  </font><font size="2" color="#000000">的值，但如果要遍历节表就得使用</font><font size="2" face="MS Sans Serif" color="#000000"> 
  <b>NumberOfSections</b></font><font color="#000000" size="2"><b>。</b></font><font size="2" face="MS Sans Serif" color="#000000"><br>
  </font><font size="2" color="#000000">为了更好阐述 </font><font color="#000000" size="2" face="MS Sans Serif"><b>NumberOfSections 
  </b></font><font size="2" color="#000000">的用处，这里简要介绍一下节表。</font></p>
<p><font size="2" color="#000000">节表是一个结构数组，每个结构包含一个节的信息。因此若有</font><font size="2" face="MS Sans Serif" color="#000000">3</font><font size="2" color="#000000">个节，数组就有</font><font size="2" face="MS Sans Serif" color="#000000">3</font><font size="2" color="#000000">个成员。 
  我们需要</font><font color="#000000" size="2" face="MS Sans Serif"><b>NumberOfSections</b></font><font size="2" color="#000000">值来了解该数组中到底有几个成员。</font><font size="2" face="MS Sans Serif" color="#000000"> 
  </font><font size="2" color="#000000">也许您会想检测结构中的全</font><font size="2" face="MS Sans Serif" color="#000000">0</font><font size="2" color="#000000">成员起到同样效果。</font><font size="2" face="MS Sans Serif" color="#000000">Windows</font><font size="2" color="#000000">确实采用了这种方法。为了证明这一点，可以增加</font><font size="2" face="MS Sans Serif" color="#000000">NumberOfSections</font><font size="2" color="#000000">的值，</font><font size="2" face="MS Sans Serif" color="#000000">Windows</font><font size="2" color="#000000">仍然可以正常执行文件。据我们的观察，</font><font size="2" face="MS Sans Serif" color="#000000">Windows</font><font size="2" color="#000000">读取</font><font color="#000000" size="2" face="MS Sans Serif"><b>NumberOfSections</b></font><font size="2" color="#000000">的值然后检查节表里的每个结构，如果找到一个全</font><font size="2" face="MS Sans Serif" color="#000000">0</font><font size="2" color="#000000">结构就结束搜索，否则一直处理完</font><font color="#000000" size="2" face="MS Sans Serif"><b>NumberOfSections</b></font><font size="2" color="#000000">指定数目的结构。</font><font size="2" face="MS Sans Serif" color="#000000"> 
  </font><font size="2" color="#000000">为什么我们不能忽略</font><font size="2" face="MS Sans Serif" color="#000000">NumberOfSections</font><font size="2" color="#000000">的值</font><font size="2" face="MS Sans Serif" color="#000000">? 
  </font><font size="2" color="#000000">有几个原因。</font><font size="2" face="MS Sans Serif" color="#000000">PE</font><font size="2" color="#000000">说明中没有指定节表必须以全</font><font size="2" face="MS Sans Serif" color="#000000">0</font><font size="2" color="#000000">结构结束。</font><font size="2" face="MS Sans Serif" color="#000000">Thus 
  there may be a situation where the last array member is contiguous to the first 
  section, without empty space at all. Another reason has to do with bound imports. 
  The new-style binding puts the information immediately following the section 
  table's last structure array member. </font><font size="2" color="#000000">因此您仍然需要</font><font size="2" face="MS Sans Serif" color="#000000">NumberOfSections</font><font size="2" color="#000000">。</font></p>
<p align="center"><font size="2" color="#000000"><b>翻译：</b></font><font size="2" face="MS Sans Serif" color="#000000"><b>iamgufeng 
  [</b></font><font color="#000000"><a
href="http://win32asm.cjb.net/" target="_blank"><font size="2"
face="MS Sans Serif"><b>Iczelion's Win32 Assembly Homepage</b></font></a><font
size="2" face="MS Sans Serif"><b>]</b><strong>[</strong></font><a
href="http://asm.yeah.net" target="_blank"><font size="2" face="MS Sans Serif"><strong>LuoYunBin's 
  Win32 ASM Page</strong></font></a><font size="2"
face="MS Sans Serif"><strong>]</strong></font></font></p>
<p align="center"><a href="../Catalog.htm"><img src="../image/navtoc.gif" width="84" height="23" border="0"></a><a href="Chap8-1-2.htm"><img src="../image/Navprev.gif" width="80" height="23" border="0"></a><a href="Chap8-1-4.htm"><img src="../image/navnext.gif" width="83" height="23" border="0"></a></p>
<hr width=735>
<div align="center"><span class="p9"><font size="2"><span class="p9"><font size="2"><span class="p9">Copyright 
  &copy; 2000-2001 <a href="http://www.pediy.com/">KanXue Studio</a> All Rights 
  Reserved.</span></font></span></font></span></div>
</body>
</html>
上一页 12
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -