dumpbin 输出实例

dumpbin.exe 是masm32 自带的一个exe,minimum.exe 是masm32的第一个例子:

C:\masm32\bin>dumpbin.exe /ALL C:\masm32\examples\exampl01\minimum\minimum.exe

C:\masm32\bin>Microsoft (R) COFF Binary File Dumper Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.

Dump of file C:\masm32\examples\exampl01\minimum\minimum.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
14C machine (i386)
1 number of sections
4E83C584 time date stamp Thu Sep 29 09:10:28 2011
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
10F characteristics
Relocations stripped
Executable
Line numbers stripped
Symbols stripped
32 bit word machine

OPTIONAL HEADER VALUES
10B magic #
5.12 linker version
200 size of code
0 size of initialized data
0 size of uninitialized data
1010 RVA of entry point
1000 base of code
2000 base of data
400000 image base
1000 section alignment
200 file alignment
4.00 operating system version
0.00 image version
4.00 subsystem version
0 Win32 version
2000 size of image
200 size of headers
0 checksum
2 subsystem (Windows GUI)
0 DLL characteristics
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [       0] RVA [size] of Export Directory
106C [      3C] RVA [size] of Import Directory
0 [       0] RVA [size] of Resource Directory
0 [       0] RVA [size] of Exception Directory
0 [       0] RVA [size] of Certificates Directory
0 [       0] RVA [size] of Base Relocation Directory
0 [       0] RVA [size] of Debug Directory
0 [       0] RVA [size] of Architecture Directory
0 [       0] RVA [size] of Special Directory
0 [       0] RVA [size] of Thread Storage Directory
0 [       0] RVA [size] of Load Configuration Directory
0 [       0] RVA [size] of Bound Import Directory
1000 [      10] RVA [size] of Import Address Table Directory
0 [       0] RVA [size] of Delay Import Directory
0 [       0] RVA [size] of Reserved Directory
0 [       0] RVA [size] of Reserved Directory

SECTION HEADER #1
.text name
EE virtual size
1000 virtual address
200 size of raw data
200 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read

RAW DATA #1
00401000: D2 10 00 00 00 00 00 00 B8 10 00 00 00 00 00 00  …………….
00401010: EB 33 4D 69 6E 69 6D 75 6D 20 4D 41 53 4D 00 20  .3Minimum MASM.
00401020: 20 2D 2D 2D 20 41 73 73 65 6D 62 6C 65 72 20 50   — Assembler P
00401030: 75 72 65 20 61 6E 64 20 53 69 6D 70 6C 65 20 2D  ure and Simple –
00401040: 2D 2D 20 20 00 6A 00 68 12 10 40 00 68 1F 10 40  —  .j.h..@.h..@
00401050: 00 6A 00 E8 08 00 00 00 6A 00 E8 07 00 00 00 CC  .j……j…….
00401060: FF 25 08 10 40 00 FF 25 00 10 40 00 B0 10 00 00  .%..@..%..@…..
00401070: 00 00 00 00 00 00 00 00 C6 10 00 00 08 10 00 00  …………….
00401080: A8 10 00 00 00 00 00 00 00 00 00 00 E0 10 00 00  …………….
00401090: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00  …………….
004010A0: 00 00 00 00 00 00 00 00 D2 10 00 00 00 00 00 00  …………….
004010B0: B8 10 00 00 00 00 00 00 B1 01 4D 65 73 73 61 67  ……….Messag
004010C0: 65 42 6F 78 41 00 75 73 65 72 33 32 2E 64 6C 6C  eBoxA.user32.dll
004010D0: 00 00 9B 00 45 78 69 74 50 72 6F 63 65 73 73 00  ….ExitProcess.
004010E0: 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 00        kernel32.dll..

Section contains the following imports:

user32.dll
401008 Import Address Table
4010B0 Import Name Table
0 time date stamp
0 Index of first forwarder reference

1B1  MessageBoxA

kernel32.dll
401000 Import Address Table
4010A8 Import Name Table
0 time date stamp
0 Index of first forwarder reference

9B  ExitProcess

Summary

1000 .text



本文地址: http://www.bagualu.net/wordpress/archives/3651 转载请注明




发表评论

电子邮件地址不会被公开。 必填项已用*标注