5

PE文件(PE/COFF)的要求是什么?应该设置哪些字段,哪个值,使其能够在 Windows 上“运行”(即执行“ret”指令然后关闭,没有错误)。

我首先要构建的库是链接器:现在,我遇到的问题是 PE 文件 (PE/COFF)。我不知道 PE 文件在我的平台上实际执行之前“需要”什么。我的测试平台是Vista。当我通过双击执行它时,我收到一条错误消息,说“这不是一个有效的 Win32 可执行文件。 ”我收到“拒绝访问”。使用 CLI cmd执行它时。我有两个部分,.text 和.data。

我已经实现了几个在线文档(即 MSDN 和其他一些第三方文档)提供的 PE 标头。如果我使用十六进制编辑器,它看起来几乎就像一个普通的 PE 文件。我不使用任何导入、IAT 和 PE 标头中的任何目录。

编辑:我的 Windows 说,我添加了一个导入表,但仍然不是有效的 .exe 文件。我尝试使用最小的 PE 文件指南中也提到的值。没运气。真的,我似乎无法弄清楚的唯一一件事是什么是必需的,什么不是。一些指南告诉我一切都是必需的,而另一些指南则说贬低:它可以为零。

我希望这是足够的信息。先感谢您。

当前 PE 标头的原始数据(按要求):

4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 50 45 00 00 4C 01 02 00 C8 7A 55 4B 00 00 00 00 00 00 00 00 E0 00 82 01 0B 01 0D 25 00 10 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 0B 00 00 00 00 00 03 00 0A 00 00 00 00 00 00 22 00 00 38 01 00 00 00 00 00 00 03 00 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 00 00 00 00 00 10 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 69 64 61 74 61 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 20 00 00 00 00 00 00 00 00 00 00 24 20 00 00 34 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 01 00 00 80 00 00 00 00 01 00 00 80 00 00 00 00
4

5 回答 5

2

将粘贴复制到十六进制编辑器中是一件非常痛苦的事情,所以不幸的是,我不能马上说任何太聪明的话。

在 PE 文件中需要注意的事项:确保您的 DOS 标头有效。确保 IMAGE_OPTIONAL_HEADER 格式正确,因为尽管它的名称,Windows 并不喜欢它不正确地完成。

有关 MS 格式以外的更多信息,请查阅pe.txt,这是我所知道的 PE 格式的最佳自制指南之一。

如果您可以只发布字节,我可以尝试将其放入我自己的 PE 解析器中,看看是否可以提供更多帮助。

于 2010-01-17T19:49:41.060 回答
2

这篇关于创建微型 PE 可执行文件的文章可能很有趣:特别是,它提到 Win2k 加载程序需要导入 KERNEL32.DLL,因此可能值得研究。

于 2010-01-19T00:12:40.443 回答
2

您尝试执行的操作取决于您使用的 Windows 版本。例如,在 Windows 2000 上读取 PE 文件的方式与 Windows 7 读取它们的方式不同。我是 OSX 用户,但在我拥有的 Windows 7 上,我无法以在 Windows 2000 和更早版本上工作的方式操作 PE 文件。我还没有测试过 XP 或 Vista(或 2000 年和 Win7 之间的其他)来查看 Windows 何时开始以不同的方式读取 PE。在 Windows 7 上,MS-DOS 标头和存根中的每一位内存都被忽略。唯一重要的两部分是“幻数”(一个等于“MZ”的字)和 PE 偏移量,它是一个 DWORD,它定义了 PE 标头在内存中的位置开始。我不确定 Windows 是否真的 100% 地忽略 MS-DOS 标头和存根中的所有其他值,

在 Windows 2000 和更早的版本中,我不知道我上面提到的是否属实,但当时允许您修改 MS-DOS 存根的长度(或者可能删除它),前提是 PE 偏移值是仍然指向内存中的正确位置以找到 PE 标头。在 Windows 7 上,如果您完全修改 MS-DOS 存根的长度,即使 PE 偏移指向正确的修改位置,Windows 也不会运行 exe 并声称它不是有效的 Win32 应用程序。

图4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

这是 Windows 7 上 PE 文件的最小 MS-DOS 部分,同时仍具有有效的、正常运行的可执行文件。那一点不能缩短。

希望这可以解决一些问题。

于 2010-03-27T01:35:58.033 回答
1

你可以试试 .NET 2.0 IL Assembler 之类的书。本书有一整章专门介绍 PE 格式的可执行文件是什么样的(以及 .Net PE 是什么样的)。

您还可以尝试使用 PE 文件阅读器加载您的 PE 文件并检查结果。如果 PE 读者对你的 PE 感到困惑,那么你就有了指向失败之处的指针。

这是我编写的一个PE 文件读取 DLL (带有源代码)。还有一个使用它的 GUI(带有源代码)。

源代码是完全开源的(不受 GPL 限制),因此您可以使用它做任何您想做的事情(除了对其施加 GPL,这会阻止它完全开放),包括关闭您的版本。

于 2010-03-12T10:33:12.113 回答
0

Microsoft PE/COFF 规范是我所知道的唯一规范。

于 2010-01-17T19:33:51.620 回答