参考网站:
https://learn.microsoft.com/zh-cn/windows/arm/arm64ec-abi
https://github.com/struppigel/PortEx/blob/master/src/main/java/com/github/struppigel/tools/anomalies/SectionTableScanning.scala
https://www.hexacorn.com/blog/category/windows-11/
https://www.csdndoc.com/doc/18488.html
1 vs里各平台的宏定义
| 平台 | 宏 |
| x86 | |
| x64 | |
| ARM64 | |
| ARM64EC | _M_AMD64, _AMD64_ |
2 windows下各平台ABI
https://learn.microsoft.com/zh-cn/cpp/build/arm64-windows-abi-conventions?view=msvc-170
https://learn.microsoft.com/zh-cn/windows/arm/arm64ec-abi#variadic-calling-convention
3 各pe格式区别
| pe架构 | 文件头架构字段值 | 入口点所在段 | section |
| x86 | 014C(INTEL386) | ".text" | 没有".a64xrm", 没有".hexpthk" |
| x64 | 8664(AMD64) | ".text" | 没有".a64xrm", 没有".hexpthk" |
| ARM64 | AA64(ARM64bit) | ".text" | 没有".a64xrm", 没有".hexpthk" |
| ARM64EC | 8664(AMD64) | ".hexpthk" | 有".a64xrm", 有".hexpthk" |
| ARM64X | AA64(ARM64bit) | ".text" | 有".a64xrm", 有".hexpthk" |
".a64xrm"-> "CHPEv2 section in a Compiled Hybrid Portable Executable, related to ARM"
".hexpthk"-> "Hybrid Executable Push Thunk section in a Compiled Hybrid Portable Executable (CHPE), related to ARM"
".00cfg" -> "Control Flow Guard section"
:
