dumpbin展示.Net PE文件格式

我们写一个很简单的.Net的Console的Application.
>>dumpbin -all ConsoleApplication1.exe>c:\b.txt
>>notepad c:\b.txt

去掉二进制代码之后,我们得到下面的结构和结果:
Dump of file ConsoleApplication1.exe
PE signature found
File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
             14C machine (x86)
               3 number of sections
        47216963 time date stamp Fri Oct 26 12:13:23 2007
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
             10E characteristics
                   Executable
                   Line numbers stripped
                   Symbols stripped
                   32 bit word machine

OPTIONAL HEADER VALUES
             10B magic # (PE32)
            8.00 linker version
            1000 size of code
            2000 size of initialized data
               0 size of uninitialized data
            27BE entry point (004027BE)
            2000 base of code
            4000 base of data
          400000 image base (00400000 to 00407FFF)
            2000 section alignment
            1000 file alignment
            4.00 operating system version
            0.00 image version
            4.00 subsystem version
               0 Win32 version
            8000 size of image
            1000 size of headers
               0 checksum
               3 subsystem (Windows CUI)
             400 DLL characteristics
                   No structured exception handler
          100000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
            2770 [      4B] RVA [size] of Import Directory
            4000 [     390] RVA [size] of Resource Directory
               0 [       0] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
            6000 [       C] RVA [size] of Base Relocation Directory
            26EC [      1C] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
               0 [       0] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
            2000 [       8] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
            2008 [      48] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory

SECTION HEADER #1
   .text name
     7C4 virtual size
    2000 virtual address (00402000 to 004027C3)
    1000 size of raw data
    1000 file pointer to raw data (00001000 to 00001FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         Execute Read

 

  Debug Directories

        Time Type       Size      RVA  Pointer
    -------- ------ -------- -------- --------
    47216963 cv           65 00002708     1708    Format: RSDS, {5AD83DC1-5587-401A-ADE6-2DE784E28C8C}, 4,

G:\Projects\TestWinApp\ConsoleApplication1\obj\Debug\ConsoleApplication1.pdb

  clr Header:

              48 cb
            2.05 runtime version
            20A4 [     648] RVA [size] of MetaData Directory
               1 flags
         6000001 entry point token
               0 [       0] RVA [size] of Resources Directory
               0 [       0] RVA [size] of StrongNameSignature Directory
               0 [       0] RVA [size] of CodeManagerTable Directory
               0 [       0] RVA [size] of VTableFixups Directory
               0 [       0] RVA [size] of ExportAddressTableJumps Directory
               0 [       0] RVA [size] of ManagedNativeHeader Directory

  Section contains the following imports:

    mscoree.dll
                402000 Import Address Table
                402798 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                    0 _CorExeMain

SECTION HEADER #2
   .rsrc name
     390 virtual size
    4000 virtual address (00404000 to 0040438F)
    1000 size of raw data
    2000 file pointer to raw data (00002000 to 00002FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

 

SECTION HEADER #3
  .reloc name
       C virtual size
    6000 virtual address (00406000 to 0040600B)
    1000 size of raw data
    3000 file pointer to raw data (00003000 to 00003FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
42000040 flags
         Initialized Data
         Discardable
         Read Only

RAW DATA #3
BASE RELOCATIONS #3
    2000 RVA,        C SizeOfBlock
     7C0  HIGHLOW            00402000
       0  ABS                       

  Summary

        2000 .reloc
        2000 .rsrc
        2000 .text

:) 标住出一些重要的部分,就不做分析了,因为我也不是每行都十分明白含义..
简明的标识了.Net修了了的PE文件格式包含的一些特别的东西,大家特别注意下那个CLR header.