S.l.e!ep.¢%

像打了激速一样,以四倍的速度运转,开心的工作
简单、开放、平等的公司文化;尊重个性、自由与个人价值;
posts - 1098, comments - 335, trackbacks - 0, articles - 1
  C++博客 :: 首页 :: 新随笔 :: 联系 :: 聚合  :: 管理

PE File

Posted on 2009-06-10 23:16 S.l.e!ep.¢% 阅读(1621) 评论(1)  编辑 收藏 引用 所属分类: PE

在 winnt.h 里面已经有完整的定义


1. DOS MZ Header (DOS MZ 头) IMAGE_DOS_HEADER 结构

#define IMAGE_DOS_SIGNATURE                 0x4D5A      // MZ

typedef struct _IMAGE_DOS_HEADER
{     
    // DOS .EXE header
    WORD   e_magic;                     // Magic number                        // 永远赋值为 IMAGE_DOS_SIGNATURE,
    WORD   e_cblp;                      // Bytes on last page of file          // 字段赋为 0, 作用不详
    WORD   e_cp;                        // Pages in file                       // 字段赋为 0, 作用不详
    WORD   e_crlc;                      // Relocations                         // 字段赋为 0, 作用不详
    WORD   e_cparhdr;                   // Size of header in paragraphs        // 字段赋为 0, 作用不详
    WORD   e_minalloc;                  // Minimum extra paragraphs needed     // 字段赋为 0, 作用不详
    WORD   e_maxalloc;                  // Maximum extra paragraphs needed     // 字段赋为 0, 作用不详
    WORD   e_ss;                        // Initial (relative) SS value         // 字段赋为 0, 作用不详
    WORD   e_sp;                        // Initial SP value                    // 字段赋为 0, 作用不详
    WORD   e_csum;                      // Checksum                            // 字段赋为 0, 作用不详
    WORD   e_ip;                        // Initial IP value                    // 字段赋为 0, 作用不详
    WORD   e_cs;                        // Initial (relative) CS value         // 字段赋为 0, 作用不详
    WORD   e_lfarlc;                    // File address of relocation table    // 字段赋为 0, 作用不详
    WORD   e_ovno;                      // Overlay number                      // 字段赋为 0, 作用不详
    WORD   e_res[4];                    // Reserved words                      // 字段赋为 0, 作用不详
    WORD   e_oemid;                     // OEM identifier (for e_oeminfo)      // 字段赋为 0, 作用不详
    WORD   e_oeminfo;                   // OEM information; e_oemid specific   // 字段赋为 0, 作用不详
    WORD   e_res2[10];                  // Reserved words                      // 字段赋为 0, 作用不详
    LONG   e_lfanew;                    // File address of new exe header      // 字段赋为 0, 作用不详
  } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

sizeof(IMAGE_DOS_HEADER) = 64

"MZ" means?
MZ
(standard, file format) The file signature of an MS-DOS executable (.EXE) file (0x4d 5a), always the first two bytes of the

file. It was reportedly invented by, and named after, a Microsoft programmer, Mark Zbikowski. In Unix systems, the string MZ

is the magic number that identifies an MS-DOS EXE file. (2003-06-10)

"史前大师Mark Zbikowski(MZ,PE、NTFS 结构之父)
<<From DOS 1.0 to Windows Vista>>

http://channel9.msdn.com/Showpost.aspx?postid=193997

This is Behind the Code’s pilot episode with Core File Services architect, Mark Zbikowski. Mark began his career at

Microsoft in 1981, working on DOS 1.0 as a designer, coder and liaison with IBM. His quarter century long career has included

significant involvement in OS/2, Cairo’s Object File System (OFS), and the NT File System (NTFS). In addition, he has been a

key player in all of Microsoft’s File System work. Former Microsoft software architect Pat Helland interviews Mark about the

early days at Microsoft, his passion for product development and the challenges of producing software.

Show: Behind The Code

Tags: MS+Personalities

Feedback

# re: PE File  回复  更多评论   

2009-06-11 08:28 by guest
微软有本小册子叫:PE规范,简体中文版的。已经描述全面了。

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理