2012-03-14 26 views
0

以下代碼是否表明在exe文件中,部分標題出現在該部分本身後面,還是缺少某些東西? 另外,lpFileBase的值與pimnth-> OptionalHeader.ImageBase中保存的值不同。他們不應該是一樣的嗎?部分標題位置在exe文件中

#include<iostream> 
#include<Windows.h> 
#include<stdio.h> 
#include<WinNT.h> 


int main() 
{ 


HANDLE hFile,hFileMapping; 
LPVOID lpFileBase; 
LPVOID lp; 
long offset; 

if((hFile = CreateFile(TEXT("c:\\linked list.exe"),GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0)) == INVALID_HANDLE_VALUE) 
    std::cout<<"unable to open"; 

if((hFileMapping = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL)) == 0) 
{ 
    CloseHandle(hFile); 
    std::cout<<"unable to open for mapping"; 
} 

if((lpFileBase = MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0))== 0) 
{ 
    CloseHandle(hFile); 
    CloseHandle(hFileMapping); 
    std::cout<<"couldn't map view of file"; 
} 

PIMAGE_DOS_HEADER pimdh; 
pimdh = (PIMAGE_DOS_HEADER)lpFileBase; 

PIMAGE_NT_HEADERS pimnth; 
pimnth = (PIMAGE_NT_HEADERS)(pimdh->e_lfanew + (char *)lpFileBase); 


PIMAGE_SECTION_HEADER pimsh; 
pimsh = (PIMAGE_SECTION_HEADER)(pimnth + 1); 



printf("Address of section header:%x\n",pimsh); 

for(int i = 0; i<pimnth->FileHeader.NumberOfSections; i++) 
{ 
    if(!strcmp((char *)pimsh->Name,".text")) 
    { 
     printf("Virtual Address:%x\n\n\n",pimsh->VirtualAddress); 
    } 
    pimsh++; 
} 

} 
+0

[有關Windows .EXE的基址] [1]回答這個問題 [1]:http://stackoverflow.com/questions/3740976/about-imagebase-of-exe-in-視窗 – mox 2012-03-15 07:30:48

回答

0

OptionalHeader.ImageBase字段中包含的值(地址)由編譯器/鏈接器放置。鏈接器需要此預定義的地址,以便能夠在調用變量和函數時計算跳轉和偏移量。加載器的第一個任務之一是驗證此預定義的地址是否已經在內存中佔用(對於DLL通常是這種情況)。如果地址不被佔用,那麼你的lpFileBase將和OptionalHeader.ImageBase一樣。