PE文件中的COM_DESCRIPTOR

Question

我在查找有關PE文件中COM_DESCRIPTOR目錄的信息。它是什麼，它用於什麼？我讀過PE文件的結構，但仍不明白什麼是COM_DESCRIPTOR。

謝謝！

Answer 1

PE標題中的「COM描述符目錄」也稱爲「CLR標題」。它僅存在於Managed PE Images（使用C＃和其他DotNet編譯器創建）中。您可以使用DumpBin/CLRHRADER選項轉儲此目錄的內容。例如：

DumBin/CLRHEADER someapp.exe

CLR頭：

  48 cb 
     2.05 runtime version 
     30C4 [ 1DEC] RVA [size] of MetaData Directory 
      1 flags 
       IL Only 
    6000004 entry point token 
     4EB0 [ 2560] RVA [size] of Resources Directory 
      0 [  0] RVA [size] of StrongNameSignature Directory 
      0 [  0] RVA [size] of CodeManagerTable Directory 
      0 [  0] RVA [size] of VTableFixups Directory 
      0 [  0] RVA [size] of ExportAddressTableJumps Directory 
      0 [  0] RVA [size] of ManagedNativeHeader Directory 

RVA在此目錄條目指向IMAGE_COR20_HEADER在WINNT.H中定義。它也在CorHdr.h中定義：

typedef struct IMAGE_COR20_HEADER 
{ 
    // Header versioning 
    DWORD     cb;    
    WORD     MajorRuntimeVersion; 
    WORD     MinorRuntimeVersion; 

    // Symbol table and startup information 
    IMAGE_DATA_DIRECTORY MetaData;   
    DWORD     Flags;   

    // The main program if it is an EXE (not used if a DLL?) 
    // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, EntryPointToken represents a managed entrypoint. 
    // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, EntryPointRVA represents an RVA to a native entrypoint 
    // (depricated for DLLs, use modules constructors intead). 
    union { 
     DWORD    EntryPointToken; 
     DWORD    EntryPointRVA; 
    }; 

    // This is the blob of managed resources. Fetched using code:AssemblyNative.GetResource and 
    // code:PEFile.GetResource and accessible from managed code from 
    // System.Assembly.GetManifestResourceStream. The meta data has a table that maps names to offsets into 
    // this blob, so logically the blob is a set of resources. 
    IMAGE_DATA_DIRECTORY Resources; 
    // IL assemblies can be signed with a public-private key to validate who created it. The signature goes 
    // here if this feature is used. 
    IMAGE_DATA_DIRECTORY StrongNameSignature; 

    IMAGE_DATA_DIRECTORY CodeManagerTable;   // Depricated, not used 
    // Used for manged codee that has unmaanaged code inside it (or exports methods as unmanaged entry points) 
    IMAGE_DATA_DIRECTORY VTableFixups; 
    IMAGE_DATA_DIRECTORY ExportAddressTableJumps; 

    // null for ordinary IL images. NGEN images it points at a code:CORCOMPILE_HEADER structure 
    IMAGE_DATA_DIRECTORY ManagedNativeHeader; 

} IMAGE_COR20_HEADER, *PIMAGE_COR20_HEADER;